August 22 — According to a new survey from the National Telecommunications and Information Administration conducted by the U.S. Census Bureau and based on data gathered during 2017, Americans are less concerned about cybercrime than they were a year ago. Granted, nearly three-quarters of those surveyed still have significant concerns about online privacy and security risks, but the same survey, conducted in 2015, found that 84 percent of Americans had concerns, compared to 73 percent in the latest analysis. Additionally, the number of respondents who reported that security concerns prevented them from certain online activities fell from 45 to 33 percent.
However, industry experts caution against interpreting this decline as an increase in cyber-safety.
“This survey shows that Americans are less concerned about security online than two years ago,” said Robert Capps, vice president of business development at NuData Security, a Mastercard company. “Does this mean there is less online risk? No. On the contrary, the cyber crime industry is growing stronger, fed by the billions of dollars they steal from companies and customers. The fact that end users are less worried about online security can be a reaction of the helplessness they feel against cyber crime. Due to the bad actors’ sophistication, it seems to be ‘bound to happen’ and so some users decide to stop worrying and ‘hope for the best.'”
Michael Magrath, director, global regulations and standards for OneSpan Inc. concurs, saying, “Given the widespread and large-scale breaches, and misuse of data, Americans have become accustomed to breach notification letters arriving in the mail with offers of free credit reporting. The risk of identity theft and being affected by breaches is the cost of doing business online in the minds of many.”
In fact, RiskIQ, a San Francisco-based firm that manages digital threats, recently released data showing that $1,138,888 is lost every minute to cyber crime, and 1,861 people fall victim within this same time-frame. Even though the firm estimates that business are spending up to $171,233 per minute to combat online criminals, “attackers continue to proliferate and launch successful campaigns online,” RiskIQ’s release states.
“Organized cybercrime is growing stronger each day, creating ever more advanced waves of malware as well as phishing and other online fraud techniques,” said Ryan Wilk, vice president of delivery – customer success for NuData.
Per the RiskIQ findings, A one-minute snapshot of malicious internet activity includes:
- 1.5 organizations fall victim to ransomware attacks every minute with an average cost to business of $15,221
- .17 blacklisted mobile apps
- .21 new phishing domains
- .07 incidents of the Magecart credit card skimmer
- .1 new sites running the CoinHive cryptocurrency mining script
- 4 potentially vulnerable web components discovered
Sadly, most experts conclude that while businesses are moving the right direction, most are not doing enough to combat the speed with which cyber criminals are innovating.
“Many security experts agree that multi-factor authentication can help protect our digital identities, but in 2018 many websites still do not support MFA, electing to authenticate users via usernames and static passwords,” said Magrath.
“Times are changing as costs and usability should no longer be an obstacle to secure, risk-based technologies like behavioral biometrics works in the background while eliminating the reliance upon insecure passwords,” he continued.
Capps places responsibility back on the companies offering online services. “The onus of security has to be on the service providers, companies and corporations that understand the risks better than end users, and can develop strategies to protect them,” he said.
“It is for this reason that we increasingly see major brands implementing multi-layered security solutions that include passive biometrics and behavioral analytics. These technologies can better serve and protect legitimate customers while thwarting would-be thieves — by using behaviors that fraudsters can’t replicate for verification and continuous online authentication.”
Wilk, too, believes that new cyber crime is leading more companies to invest in multi-factor authentication.
“Companies’ fraud losses are proportional to the fraudster’s success in using the victim’s data to steal money, services and goods,” he said. “It is for this reason that businesses are starting to implement solutions that can devalue this stolen and better protect user accounts. These technologies let organizations immediately verify users based on their previous behaviors and interactions and can also spot and thwart fraud attempts in real time before losses occur.”
The government is beginning to consider mandated security for data protection as well, said Magrath, so companies may do well to begin implementing better strategies in advance.
“Reported in June, the White House is considering European Union’s GDPR-like data protection, which would benefit all online users’ privacy and security,” he said. Still, he added, “Right now, they are just discussions, and the U.S. is still years away, should such data protection become a reality.”