J2 Software cautions about cyber breaches of rewards programmes
The growth in cyber attacks is all too familiar these days. Hackers use their devious skills to acquire financial and personal information with the unwitting victim's data either being sold or used to commit fraud; make purchases etc.
John Mc Loughlin, MD, J2 Software, notes that the growth in rewards programmes' fraud has provided a new method for criminals to take advantage of data breaches.
"Free and all too easy access to victims' data is a growing trend. Rewards programmes are a ripe picking ground for cyber crooks because they are often less secure, with users having a more blas'e attitude to security matters on these sites as they think they are only safeguarding 'points'.
"These sites normally do not have credit card transactions meaning that compliance codes do not apply. Many of these systems do not even have an option for two-factor authentication," says Mc Loughlin.
He expands that compromised, stolen or breached credentials are used to book holidays, free flights or exchange loyalty points for goods.
"The attack vectors are vast and the truth is that our only way to prevent damage is to be both proactive and defensive. We have no choice but to be both attackers and defenders."
Mc Loughlin says J2 Software's strategy to address this problem is to make their teams both part of the build-up and the clean-up crew.
"Cyber resilience and the ability to respond are no longer nice-to-have assets: they are crucial in a world where cyber threats are growing and those with ill-intent are using everything at their disposal to take advantage."
He emphasises that it is important to provide a multi-tiered, multi-layered, deep defence approach and take advantage of everything at ones disposal to fend off the unrelenting attacks.
"This must include our systems and importantly, our people. This is then augmented by adding continuous monitoring of activity, access and compromise.
"Corporate enterprises need to remember that almost every computer literate person uses the same password for everything or with a very small change of a character or number: between systems.
"A relative's birthdate, child's name or similar is used as a login criteria on so many online and network systems. Even with the greatest intent in the world, a single compromise or breach in a third party system makes sure this is now accessible to the rest of the world."
Mc Loughlin says it is not sufficient to simply monitor access into and out of corporate networks or user activity.
"There is a vast hyper-connected world that stretches beyond all borders. For example a compromise on something as simple as a user's fitness app can open up a company's corporate environment to data loss and intellectual property theft.
"Essentially the only thing 'free' is the access cyber criminals have to data resulting in high costs; reputational damage and ultimately ruined businesses," Mc Loughlin concludes.