Traditionally, the conversation surrounding identity theft has been focused solely on individuals. In the past, identity theft typically referred to a third party gaining access to an individual’s personal data such as credit card and social security information.
Over the past few years, the identity landscape has expanded dramatically. Due to the rise in cloud usage, applications, objects and devices, the number and variety of identities that an individual has to keep track of has skyrocketed. A person, in other words, no longer has a single identity. A typical person might have upwards of 15 identities distributed across social media accounts, applications, cloud services, mobile and physical devices.
Naturally, as a result of the identity explosion, there are now more cyber threats than ever before. With so many profiles scattered throughout cyberspace, and each holding sensitive personal information, consumers are at a greater risk now for identity fraud than in the past.
Here is a list of some of the common threats that exist in the identity landscape today:
- MITB/ MITM
- Session Riding/ Token Stealing
- ZITMO/ MITMO
- Key Logging
These types of threats all target identities but with different goals and attack vectors. For instance, a man-in-the-browser (MITB) or man-in-the-middle (MITM) attack will compromise a person’s online identity. On the other hand, a Zeus-in-the-mobile (ZITMO) or man-in-the-mobile (MITMO) attack will compromise the person’s mobile device identity.
Yet as varied as each attack is, there is one common goal amongst all threats, regardless of how they are deployed: to compromise or steal a person’s digital identity. These identities are then used to access items such as intellectual property, trade secrets and funds.
Identities can be used to gain access to entities that, if compromised, could cause a great deal of harm. Think of the damage that could ensue, for instance, if unauthorized individuals were to gain access to identities that would allow them to make changes to critical infrastructure. Aside from critical infrastructure protection, there are also threats related to private information.
For consumers and security decision makers, it is important to recognize the growing number of threats that exist today and understand that traditional identity security solutions, such as passwords, are no longer effective.