Identity Management Day 2021 and The Increasing Threat of Credential Theft

• Identity Management Day 2021 is about informing people of the dangers of improperly managing and securing digital identities. It is also designated to share best practices. 
• The biggest threat to individual identities is the significant shift away from traditional identity theft fueled by personal information acquired in mass attacks and towards credential theft used to commit identity fraud, according to the Identity Theft Resource Center.  
• Targeted attacks against businesses are easier for threat actors to execute and result in a larger payout. The average ransomware payment from companies has grown from less than $10,000 in Q3 2018 to more than $312,000 per event today.  
• To protect themselves, businesses and consumers should follow cyber-hygiene best practices, especially good password management. To learn more or participate in Identity Management Day 2021, visit https://www.idsalliance.org/identity-management-day-overview/. 

Save the date for the first-ever Identity Management Day! Identity Management Day 2021, hosted by the Identity Defined Security Alliance (IDSA) and the National Cybersecurity Alliance (NCSA), is a day to inform people about the dangers of improperly managing and securing digital identities. It raises awareness, shares best practices and leverages the support of vendors in the identity security space.  

Identity Management Day 2021 is important for both businesses and individuals. According to IDSA, 79 percent of organizations have experienced an identity-related breach in the last two years, and 99 percent believe their identity-related breaches were preventable. A report from the Federal Trade Commission (FTC) shows that identity theft reports have tripled since 2018.  

Technology grows in importance every day as the world moves towards a digital-first model. With the emphasis on technology, it is more vital that people’s digital identities and the systems that protect them work properly. 

The Biggest Identity Management Challenge Facing Businesses & Consumers  

The biggest threat the Identity Theft Resource Center (ITRC) sees to identities is the dramatic shift to credential theft and away from traditional attacks fueled by personally identifiable information (PII) acquired in mass attacks. Today, threat actors are more interested in collecting personal and business logins and passwords that can be used in credential stuffing, phishing (including business email compromises or BECs) and supply chain attacks.  

• Statistics show that cybercriminals are spending more time and effort on attacks that rely on personal credentials to commit cybercrimes like identity-related fraud. According to the ITRC’s Q1 2021 Data Breach Report, the number of individuals impacted by a data compromise was up 564 percent in Q1 2021 compared to Q4 2020. The rise is in large part to an increase in supply chain attacks. There have been supply chain attacks at 27 third-party vendors and 19 supply chain attack-related data compromises in Q4 2020.  
• According to the FBI, BEC scams cost businesses more than $1.8 billion in 2020. The ITRC’s 2020 Data Breach Report shows 382 phishing/smishing/BEC attacks, making up 44 percent of all publicly-reported U.S. data breaches in 2020.  
• The trend toward supply chain attacks shows that cybercriminals are concentrating their efforts by attacking single organizations that give them access to the data of multiple businesses. Instead of attacking 1,000 consumers to gain $300,000, threat actors attack one company and walk away with the same amount or more money with less effort and risk. 

What You Can Do 

The ITRC’s advice is simple and revolves around good password and cyber-hygiene practices.  

• A long and memorable password (12+ characters) is a great way to keep people out of your account. They are easier to remember and harder for a criminal to use an automated tool to crack. 
• It is essential to have a unique password for each account. If your credentials for one account are stolen, threat actors will not be able to access any of your other accounts.  
• Do not use a password from one of your personal accounts on a work account. It puts consumers and businesses at an increased risk. 
• Multifactor authentication (MFA) is always a good idea because it creates an added layer of security for the account. It is better to use MFA with an app than SMS because hackers can create scams with fake SMS MFA messages.  
• Never click on a link in an unsolicited email, text or social media direct message. You should directly contact the sender to see if the message is legitimate if there is any doubt.  

The ITRC is honored to participate in Identity Management Day 2021 and hopes to educate business leaders, IT decision-makers and the general public about the importance of managing and securing digital identities. To learn more or participate in Identity Management Day 2021, visit https://www.idsalliance.org/identity-management-day-overview/.