Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!

Digging in Trash Computer Style

May 7, 2003
"Catch Me If You Can" isn't just a hit movie. It's also the modus operandi for a growing band of street criminals and their hacker allies who trade in consumer credit card information, Social Security numbers and other personal and internal company data that wash across millions of Web sites every day with increasing velocity.

It's ironic that while some other types of crime are declining or have stabilized, identity theft is booming - doubling to roughly 162,000 cases last year. Identity theft is the leading consumer fraud, according to the Federal Trade Commission (FTC). The FTC reports as many as 700,000 consumers may be victims of identity theft this year, costing each person an average of $1,000.

While the search for causes and cures is endless, several key elements stand out.

First, more consumer and business data are online. For good reasons, organizations are automating the way they do business to cut costs, speed service and reach customers, suppliers and partners more easily.

Second, despite the costs of identity theft, the Web is still the best friend businesses and consumers ever had. People and organizations are not going to scrap the Internet because of identity theft; but everyone needs to get more serious about managing identity theft.

The sad realization: many organizations are still in the dark ages compared to the identity thieves they are up against. Today's identity thieves, often with inside experience, can outsmart businesses at nearly every turn.

It's not hard to figure out why.

Ask yourself. Who is more likely to be successful: a full-time hacker searching for a security hole into a company's systems, applications and data or a developer with a thousand other things to do besides plugging every conceivable security hole?

Stretched Resources

It's not that we don't have the security tools and smarts to manage the problem.

The real issue is that most information technology (IT) departments are too stretched to devote the resources to keeping up with the thieves, let alone get ahead of them by designing systems that are so sophisticated the thieves can't get in. Still, the most effective deterrent to identity theft is making an organization's IT architecture so airtight that thieves decide it's not worth it.

After all, there is fundamentally nothing new about identity theft, which amounts to exploiting holes in existing technology. Instead of rifling trash bins for credit card receipts and wiretapping phones, today's thieves steal data using a mouse and keyboard, and sell their booty to the highest bidder on the street.

So it follows that organizations need to get more serious about fighting this growing menace. Most important, they need to replace the patchwork of security systems currently in place with an overall security architecture that plugs the holes inside and outside the enterprise, makes sure the right people have access to the systems, applications and data they need and keeps everybody else out.

Here is a plan of attack to get ahead of the identity thieves.

First, shut the door on former employees and temporary employees who maintain valid company IDs and passwords. With employee turnover running at 100 percent in industries like retail, it's not unusual for 20 percent of company accounts to belong to employees who haven't worked for the organization for five years or longer. These accounts never expire and allow former employees to roam freely inside the enterprise.

Clean Up Permissions

An even bigger inside problem is current employees who have unrestricted access to company systems and data unrelated to their job responsibility. Security policy should restrict employee access to pertinent areas of the business. Why should a customer service rep be allowed to access company inventory data?

Moreover, if somebody is trying to gain access to areas unrelated to their job, the enterprise should be able to monitor this activity closely and take appropriate action.

Second, recognize that today's homegrown security code is highly vulnerable to hacker attack. A hacker can access a public Web site linked to an internal distributed file system and gain access to company and customer files. For example, many organizations now put customer best practices online so that other customers can gain insights. As this happens, hackers are finding ways to access applications that provide information on other users, which they can use to steal their identities.

The fix is to replace patchwork security code with a sophisticated security architecture that closes the holes between different parts of the business and outsmarts the thieves at their own game.

Third, organizations need to randomize data to protect individual customer identity and privacy. While customization of individual data is clearly here to stay, this raw data must be kept under strict lock and key so that others cannot use it to invade individual privacy. For example, does the marketing department need access to everyone's name and address, or just access to macro trend data? Companies can extract macro data from individual customer information, which will protect privacy rights and yield nearly the same business benefit.

The point: enhanced security doesn't have to be a business inhibitor. In fact, if implemented wisely, security is a business enabler. It's up to organizations to take preventive steps that will strengthen the business as well as defeat the bad guys.

SIDEBAR: Biometrics ID Solution

Better access controls into computers and networks are a strong strategy to fight identity theft. Biometrics is one way to provide higher-level access control. A measure of how much biometrics has grown comes from Secure-It Inc., the East Longmeadow, Mass., firm, best known for its computer lock-down gear. It now boasts national distribution of the U-Match MatchBook biometrics fingerprint device from BioLink Technologies International Inc.

The U-Match MatchBook is a stand-alone digital fingerprint reader that functions as a lock on a computer or a network that can only be accessed by authorized persons. It authenticates the end user in a local network or Internet environment. Most importantly, the user's fingerprint is never captured. Instead, the MatchBook creates a 500 byte secure template and scrambles the algorithm at the point of scan. The device connects via a USB connection and can use any finger for authorization.

Included with the Matchbook is authorization software called Authenteon Center 4.5. This software allows for user identification using a one-touch local or network login with multiple user support. AC 4.5 supports all Windows and Novell servers including XP Pro client and server applications. To eliminate password logins, there is an option to allow only the biometrics login.

Healthcare organizations also see biometrics as a way to protect privacy and minimize any potential of ID theft. One indication of growth in this area: Sentillion, Inc., a provider of authentication, single sign-on solutions for healthcare organizations, just received a major order from San Diego-based Sharp HealthCare to provide the largest network of biometrics authentication solutions ever installed in a healthcare environment. Sentillion will provide more than 7,000 Identix, Minnetonka, Minn., fingerprint readers for Sharp's network of hospitals, medical centers and care facilities.

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Top Cybersecurity Leaders
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Logical Security
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Logical Security
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Internal computer parts

Critical Software Vulnerabilities Rose 37% in 2024

Coding

AI Emerges as the Top Concern for Security Leaders

Half open laptop

“Luigi Was Right”: A Look at the Website Sharing Data on More Than 1,000 Executives

Person working on laptop

Governance in the Age of Citizen Developers and AI

Shopping mall

Victoria’s Secret Security Incident Shuts Down Website

2025 Security Benchmark banner

Events

June 24, 2025

Inside a Modern GSOC: How Anthropic Benchmarks Risk Detection Tools for Speed and Accuracy

For today's security teams, making informed decisions in the first moments of a crisis is critical.

August 27, 2025

Risk Mitigation as a Competitive Edge

In today’s volatile environment, a robust risk management strategy isn’t just a requirement—it’s a foundation for organizational resilience. From cyber threats to climate disruptions, the ability to anticipate, withstand, and adapt to disruption is becoming a hallmark of industry leaders.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • Eight New Year’s Resolutions – Computer Security WiseEight New Year’s Resolutions – Computer Security Wise

    See More
  • Beyond the Gamers: Thousands of PlayStations Create Air Force Super Computer

    See More
  • Adobe Next Big Target of Computer Security-related Attacks

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing