Let’s think about all the amazing moments we have lived through the last year digitally. Confined to the comfort and security of our homes, our digital lives blossomed. Photos, blogs, comments on websites, and much more were shared online. Just think about how much all of this information tells about you as a person. Does it give away your habits? Where you stay? Or What you buy?
Needless to say, the internet is flooded with personally identifiable information and it is a major liability for both organizations and end-users alike.
Some information that qualifies as personally identifiable information can be utilized to infiltrate the victim’s accounts and networks directly. This kind of information can include account numbers and passwords. At times the most innocuous information can also put employees and organizations at risk. It becomes easier for cybercriminals to manipulate and defraud their victims with more and more information they can acquire about their victims.
For example – If threat actors have gained access to the victim’s email, a password spraying attack can be launched by which they can test single passwords across all available accounts until they finally break into one.
The security of personally identifiable information should be a priority for every individual all the time since it’s not enough to follow cyber hygiene like using alphanumeric passwords and avoiding malicious links only during office hours or on devices issued by the organizations. Employees also have to be mindful of their behavior on other domains – like what personal information are they disclosing on social sites, if they work on their personal devices or office-issued ones or which cloud service provider they are using.
The most important resource for cybercriminals
The use and theft of information is the major motive for cybercriminals behind planning and executing most of their attacks. According to a report by the tech giant IBM – 80% of breaches include “records containing customer Personally Identifiable Information. This finding is backed by another report on data breach investigations that states – email addresses are qualified as Personally Identifiable Information (PII) and it is the most common variety of data to be breached.
The amount of personally identifiable information available for the threat actors to plunder is increasing by the day. Billions of users are engaging with each other on social media while there are even more users over the internet. With the surge in e-commerce and other digital services, users are indulging in their digital lives even more, which means there is a vast amount of data constantly available. This is all that is required for cybercriminals to either break into a company’s networks or convince employees to disclose sensitive information.
While users are never going to stop sharing information online it’s imperative for them to learn how to do it in a secure manner.
Threat Actors are always making an attempt to exploit the Personally Identifiable Information
According to various reports, an average adult spends almost 13 hours indulging in various forms of content on their screens over the span of a single day. This number has steadily been increasing since 2018 and is expected to show exponential growth due to the global pandemic situation.
Cybercriminals have used to dramatically increase their attacks in recent years since there has been an explosion of personally identifiable information online.
There is a risk of their own information being used against them even when the employees think otherwise. Needless to say, this risk shall be ever-present.
For example – The publication of email addresses issued by organizations doesn’t just give cybercriminals a collection of targets for password spraying attacks, also provides targets for other forms of malware, which can be sent to those addresses in the form of attachments or malicious links. Employees don’t just have to be aware of what information that they are sharing by they also have to closely scrutinize their own account security. Employees can’t afford to be careless with their passwords since it is the most sensitive form of personally identifiable information.
How to keep sensitive information secure from threats
There are many ways for employees to keep their passwords secure ranging from the use of password managers to other forms of cybersecurity hygiene, like the refusal to click on suspicious links and attachments. Although, a fundamental shift is also required in how employees use digital platforms for the security of their personally identifiable information.
Many among us exhibit the tendency to overshare on social media which provides a target-rich environment for threat actors. While the majority of internet users know the importance of not publishing any information linked to their bank accounts or government-issued identification details it is also imperative to understand that evidently innocuous can be leveraged for nefarious purposes.
While the existence of online PII will always be a necessary byproduct of our increasingly digitized lives, there’s no reason it has to be this massive source of fraud and cyber-insecurity. By being more cognizant of how and where employees share their personally identifiable information, cybercriminals will be deprived of their most important tool by employees.
To read more, please check eScan Blog
