Home Tell a Friend! Contact ICFE Link Exchange Search ICFE Subscribe ICFE About the ICFE
ICFE News Releases ICFE in the News Children and Money Financial Education Personal Financial Counseling with Paul S. Richard, RFC Credit Card Tips Credit File Correction Mending Spending Links and Resources Order Options

ICFE eNEWS #17-22 - June 12th 2017

Identity Theft Risk Management and Cyber-Security: Connecting the Dots

By Yan Ross, Director of Special Projects, ICFE

In recent years, emphasis on identity theft risk management has begun to give way to cyber-security initiatives. Large-scale data breaches have grown as identity thieves and other abusers of sensitive information have become more sophisticated and used high-tech techniques to exploit weaknesses in hardware and software applications. Beyond data breaches, schemes to utilize access through non-technical individuals have proliferated, resulting in growth in both the number and costliness of cyber attacks.

To some extent, it is tempting to "fight fire with fire," and respond to cyber threats exclusively with cyber defenses. In a perfect world, this would seem to make sense. In some cases, that works even in the real world, and an information technology (IT) fix or patch can often overcome a specific cyber security exploit or technical vulnerability.

However, in many other situations, it is the human factor that allows the cyber criminals to implement their exploits. Schemes such as social engineering, phishing, and other manipulations designed to inveigle individuals into launching malware or executable files, and accessing bogus web sites, are often the means used by cyber criminals. Think of a seemingly innocuous e-mail request to update account information for an active account, but with a link to a similar-sounding web site controlled by the cyber criminals, in actuality the means to capture the username and password of the victim.

In practice, the most successful cyber defense is a thoughtful combination of IT methods and education of employees and others who may have access to sensitive systems and data. One example is the human factor in failing to keep all software programs up to date with important patches to combat perceived and discovered vulnerabilities. Another is the importance of keeping all users up to date on the latest methods used by cyber criminals and identity thieves.

Drilling down another layer, a vital aspect of understanding and avoiding cyber intrusions is learning about the motivations and methods used by identity thieves, since they often overlap with the motives and modalities of cyber criminals. An illustrative list would include access to personal data, medical history and insurance coverage, and financial account information. Exploits that enable the criminals to access and take control of servers and systems are also on the rise. Getting unwary users to facilitate the launch of malware and ransomware also appears to be a technique common to identity thieves and cyber criminals.

It's worth noting that the effectiveness of many of these exploits depends upon the ability of the perpetrator to get the intended victim to open a file or launch a program. Regardless of the illicit objectives, the necessary defenses must include both IT responses and education of broader organizational population. Without getting all non-IT users to practice good "cyber hygiene," it is unlikely that the cyber defense system will be successful.

As recently reported in InformedMag, one of the most common cyber threats is based on "social engineering," a human-based technique to gather information, commit fraud, or obtain system access. For example, spear phishing, or sending emails from a trusted sender in order to obtain confidential information (bank account information, credit card numbers, passwords, etc.), is the most common type of social engineering, accounting for a major portion of such attacks. Another technique is invading the stream of communications via social media, where reports indicate cyber-attacks occur against a significant and growing number of users.

Remember, the internet as a system was not originally intended to serve as a platform for commercial transactions and a system to carry all types of private and personal communications. Essentially, today it's a leaky ship with a fast-growing number of holes, and the patches amount to a crazy-quilt of Band-Aid fixes. Until the entire platform can be separated or replaced with one more suited to the kind of integrated security systems that can assure that human failure is not possible, there will be no end to cyber exploits.

For the time being, both IT solutions and user education must be employed together in order to craft an effective defense against cyber criminals. Coordination of these two approaches can best be accomplished by educating general users to recognize and avoid the methods used by cyber criminals and identity thieves, as well as providing the technical professionals with a solid understanding of the non-technical vulnerabilities involved. In this way, the desired result of fighting cyber-attacks to a standstill is most likely to be successful.

Yan Ross Bio PhotoYan Ross is ICFE's Director of Special Projects, and the author of the Certified Identity Theft Risk Management Specialist ® XV CITRMS® course. As an accredited educator for over 20 years, he has addressed Identity Theft Risk Assessment and management for consumers, organizations holding personally identifiable information, and professionals who work with individuals and organizations who are at risk of falling victim to identity thieves.

The ICFE's Certified Identity Theft Risk Management Specialist ® XV CITRMS® course is now available both in printed format and online.

The Textbook and Desk Reference edition of the course book is also available online. Bulk pricing and discounts for veterans and students available. Inquire at yan.ross@icfe.info

Paul S Richard PhotoICFE eNEWS is available FREE upon request by visiting our Web site and filling out the contact form, and selecting "Yes" for "Add to Mailing List. Please pass this eNEWS on to your peers and interested others and invite them to subscribe for free. Also, visit the ICFE's new Web site: StudentDebtHelp.org

Sent by:

Paul S. Richard
President - Executive Director
Institute of Consumer Financial Education (ICFE)

About the ICFE:

The Institute of Consumer Financial Education (ICFE) was founded in 1982 by the late Loren Dunton (creator of the Certified Financial Planner (CFP) designation).  The ICFE is dedicated to helping consumers of all ages to improve their spending, increase savings and use credit more wisely. 
The ICFE is an award winning, nonprofit, consumer education organization that has helped millions of people through its education programs and Resources. It publishes the Do-It-Yourself Credit File correction Guide, which is updated annually. The ICFE has distributed over one million Credit/Debit Card Warning Labels and Credit/Debit Card Sleeves world wide.

The ICFE became an official partner with the Department of Defense/Financial Readiness Campaign in June of 2004.The ICFE was an active partner in the California Student Debt Resource Awareness Project (CASDRAP) which resulted in a new web site: (studentdebthelp.org).  CASDRAP disbanded in 2010, shortly after the web site project was completed.  In 2011 the ICFE assumed the single sponsorship of the (studentdebthelp.org) web site and is now responsible for its content and operation.

The ICFE is also an on-line help for consumers who spend too much.  ICFE's spending help was featured in PARADE Magazine in the Intelligence Report section. The money helps and tips are from the ICFE's Money Instruction Book, our course in personal finance.

Visit the ICFE's other web sites at: www.financial-education-icfe.org and studentdebthelp.org.  Both sites helps consumers and students with mending spending, learning about the proper use of credit, budget and expense guidelines, how to set up and implement a spending-plan and also how to access financial education courses and how to teach children about money. Other ICFE services include: Ask Mr. G,  a free eNews, and an online resource center for students, parents and educators, plus financial education learning tools and a book store.

Home ] ICFE News Releases ] ICFE in the News ] Children and Money ] Financial Education ] Resource Center ] Credit Card Tips ][ Credit File Correction ] Mending Spending ] Links and Resources ]  [ Online Store ]


Copyright ©  1997 - by Paul S. Richard
and the Institute of Consumer Financial Education, All Rights Reserved.
View our
Privacy Policy Our Terms and Conditions

Institute of Consumer Financial Education
PO Box 34070
San Diego, Ca 92163
Paul S. Richard, Executive Director
Phone 619-239-1401

FAX 619-923-3284

Questions for www.financial-education-icfe.org Click to go to Website Contact Us or 
Website Design Donated by Desgn School Programs

Please Tell An Associate, Friend or Family Member About the ICFE