ThreatMetrix™, the fastest-growing provider of context-based authentication and advanced Web fraud solutions, commemorates Data Privacy Day by announcing strategies for businesses to protect consumer identities without compromising privacy.
In the age of big data, enterprises are collecting and sharing unprecedented amounts of customer information, many times unintentionally. When a single employee can steal up to 40 percent of a country’s credit data on a USB stick, and identity thieves can illegally purchase credit data, better practices are urgently needed for protecting access to online information and identities. The flip side, however, is that in order to protect against data breaches and malware, big data approaches to cybersecurity are essential for total situational awareness.
“Often, bad things happen to good people and sometimes good people – even a company’s own employees – go bad and compromise online security and privacy,” said
At the heart of the problem is the way trust is evaluated online. In the offline world, trust is situational, continually evaluated over time based on observed behavior and informed by reputation. In the online world, however, the vast majority of data and commerce is protected by static checks such as passwords, payment information or supposedly private “out-of-wallet” information. The problem is exacerbated by the lack of privacy-protecting intelligence sharing, meaning companies either operate in a silo, or customers must trust their identity information will not be abused by marketing organizations or breached by hackers.
“There is a fine line between offering customers comprehensive security and invading their privacy,” said Faulkner. “Finding the balance is essential to effectively protecting sensitive data while maintaining trust and preventing customer identities from falling into the hands of cybercriminals. With the advent of controversies surrounding government spying programs, the tightrope between privacy and security has become even narrower.”
Added complexity lies in differentiating between cybercriminals, who are looking for anonymity to hide their fraudulent activity, and consumers who simply want privacy. For example a person using an anonymized IP Address to read political news is one thing and it’s a completely different matter if the user is accessing a Tor network while applying for a credit card. The expectations for privacy by a legitimate consumer and what is viewed by a business as acceptable behavior are very different based on the context of the action taken.
• CEO-Sponsored Trust Protection Taskforce – It’s essential that the CEO takes a leadership stand in framing the privacy and security tightrope as a competitive opportunity to build brand trust and remove obstacles to increasing revenue. The often-competing requirements of security, privacy and marketing need to come together under a coherent strategy that moves the internal conversation beyond compliance to protection.
• Anonymized Shared Intelligence – A collective problem requires a collaborative solution. Leverage trusted identity networks that use strict anonymization practices to share risk intelligence and improve security without compromising privacy. Anonymized networks used in this way enable trust to be federated across applications and companies using big data techniques without falling afoul to privacy laws and consumer trust.
• Behavior-Based Identity Proofing – Simple reputation systems cause authentic customers and employees to be treated unfairly when their identities or accounts are abused. Analyze anonymized global patterns of identity usage including locations, devices, accounts, transactions and associations over time to provide ‘spoof-proof’ identity screening without false positives – incorrectly labeling legitimate users as fraudulent.
• Context-Based Authentication – ‘Context is King’ when it comes to differentiating between trusted users and cybercriminals. Businesses must dynamically establish the credibility of each and every access attempt and transaction, regardless of whether initiated by a customer or employee, based on business risk of the action and the full context of identity and device threats. These threats include Man-in-the-Middle and Man-in-the-Browser attacks, account compromise, bots, proxies, and location and transaction anomaly screening to determine the level of authentication and authorization required to process the request.
“At a minimum, industries operating online should self-enforce standards for controlling access to customer data from both insider and outsider theft,” said Faulkner. “Otherwise, government agencies will be forced to step in. It’s crucial that privacy and security professionals move to frictionless solutions that can tell whether a user is who they say they are without needing to know their name. These standards can be used as a balancing pole for chief security officers and chief privacy officers walking the tightrope between privacy and security.”
Through sharing strategies to balance between privacy and security,
Join the cybersecurity conversation by visiting the
Read the full story at http://www.prweb.com/releases/2014/01/prweb11530162.htm
Most Popular Stories
- Chobani Counters Competition With Expanded Lineup
- Reid: Bundy Backers Are 'Domestic Terrorists'
- Ex-BP Employee Settles Insider Trading Charges
- Venture Investments in U.S. Highest Since 2001
- Colo. Cleantech Program Calls for Entrepreneurs
- Unemployment Rates Down, Job Gains Up in March
- Hiring Fair for Veterans, Job Seekers
- VW Beetle Marks 65th Year in U.S.
- 8 Million Signups Put Obamacare Ahead of Predictions
- The Biebs Crashes Drake's Release Party