With so much of an attack riding on a cybercriminals ability to gain access to systems, applications and data, experts predict the trend of rising impersonation is only going to get worse.
The Identity Theft Resource Center’s 2024 Predictions includes one that organizations should be paying close attention to:
An unprecedented number of data breaches in 2023 by financially motivated and Nation/State threat actors will drive new levels of identity crimes in 2024, especially impersonation and synthetic identity fraud.
Data breaches are considered the number one business risk to organizations, giving credence to the beginning part of ITRC’s prediction. And we already have seen the use of impersonation grow as credentials have become the primary target of initial access brokers, with over 10,000 credentials a month being sold on the dark web!
But these credentials aren’t the endgame, according to the ITRC; they are simply a means to gather as much personal information about an individual (sort of a modern-day doxing) so that they can commit much more lucrative crimes that yield more money per victim. Another of the ITRC’s predictions gives some context of how this data may be misused:
The availability of compromised consumer data and the use of large language models (LLMs) may result in AI-created, highly convincing “medical records” that could be submitted to insurance carriers.
But to get access to enough data, cybercriminals need to first gain access to corporate data that may contain personal details for customers, patients, etc. Which brings me back to where I started — cybercriminals need credentials to gain initial access, move laterally, and access sensitive data. So, stopping a string of attack actions with that very first credential – which likely is compromised as part of a credential harvesting attack — is imperative.
And, with the owner of the credential — one of your users — giving up the credential as part of a socially engineered phishing scam, this critical juncture requires its own type of security control — found in new-school security awareness training. No credentials means no access, which means no data breach, which means no misuse of personal data.
KnowBe4 enables your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn't a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4's security awareness training and simulated phishing platform and see how easy it can be!
