Identity theft speaker John Sileo on why identity theft is moving into the workplace.
It feels as if there has been a directional shift in the past year regarding the source of data theft. From the stories I hear after every identity theft speech I deliver, the crime of data theft, identity theft and intellectual property theft are becoming more organized and moving much more into the realm of workplace identity theft and corporate data theft (i.e., it’s happening at work even more than out of our homes). The information being stolen is still often times consumer-based, but it is being compromised more often at the business level.
I think one factor contributing to this shift into the working environment has been the decline in the value of identity information. The average social security number or bank account number is worth far less on the black data market than it was even a year ago. This means that in order to make large sums of money, the thieves need to increase volume.
Instead of stealing identities one at a time, they are going for mass-data thefts, like the one that hit Heartland Payment Systems a few weeks ago. Naturally, these large thefts tend to involve more technology breach (stolen laptops, sniffed networks, botnets, malware, hacked servers, etc.) because that is where high concentrations of data live. Just like the rest of business, it’s all about economies of scale!
The interesting part to me is the role that insiders play in these schemes. Almost every breach I come across has an “insider” component to it. So the answers aren’t just technological, they are rooted in leadership, teamwork, hiring and vetting processes and the like.