Account takeovers are where fraudsters use stolen credentials to break-in to a genuine user account and take control. New-age fraudsters use innovative techniques to break-in to user accounts, which makes it challenging to detect and block account takeover attempts. Manipulated digital identities, automated bots and scripts, and advanced evasion techniques make it difficult to spot account takeover attacks early in their tracks.
What is the impact of account takeovers?
By and large, these attacks hurt businesses’ and peoples’ reputation, scare customers, and can even end up with companies having to pay a heavy penalty. From an individual perspective a successful account takeover can allow a fraudster to remotely control a genuine user account enabling them to siphon off funds, redeem reward points, and even access the saved passwords and payment details.
According to a recent study from Javelin Study & Research, the number of account takeover incidents that took place in 2017 was 3x that of 2016. Victims paid an average of $290 out-of-pocket, and spent an average of 16 hours to resolve each instance. In total, this accumulated in a cost of $5.1 billion to consumers (a 120% increase from 2016), and more than 62.2 million hours of lost productivity in 2017.
Who is at risk of account takeovers?
In short, everyone. Historically, financial organisations have been the most common targets for fraudsters looking to steal banking and credit card information. However, as increased security measures like credit card chips and dynamic CVV have been put in place to protect financial organisations, attacks have expanded to adjacent industries like retail and ecommerce. The reality is that every company that has a user account or membership system is at risk. All it takes for bad actors to wreak havoc is for them to tie personally identifiable information like names, addresses, and Tax File Numbers to break into someone’s account and exploit them.
So what can be done about it?
Here are 3 levels of security you can employ to protect your organisation and your customers.
1 Enable 2FA
Two-Factor Authentication (2FA) is sometimes called multiple factor authentication. In simple terms, it adds an extra layer of security to every online platform you access. The first layer is generally a combination of a username and password. Adding one more step of authenticating your identity makes it harder for an attacker to access your data. This drastically reduces the chances of fraud, data loss, or identity theft.
Passwords have been the mainstream form of authentication since the start of the digital revolution. However, this security measure is far from perfect. Here are some worrying facts about this traditional security measure:
- 90% of passwords can be cracked in less than six hours.
- Two-thirds of people use the same password everywhere.
- Sophisticated cyber attackers have the power to test billions of passwords every second.
The vulnerability of passwords is the main reason for requiring and using 2FA.
2 Implement Security Awareness Training Program
Almost every worker, especially in tech, has access to the Internet. For this reason, the secure usage of the Internet is of paramount importance for companies. Security training programs should incorporate safe Internet habits that prevent attackers from penetrating your corporate network. There are a bunch of Security Awareness Training Programs out there which also include Phishing simulations that you can choose from that can help your staff get up to speed with all the best practices. For now, here’s a list of some safe Internet habits for your employees:
- Employees must be conversant with phishing attacks and learn not to open malicious attachments or click on suspicious links. This is achieved by a deeper understanding of the warning signs of a phishing attack.
- It’s better to disable pop-up windows, as they invite risks.
- Users should refrain from installing software programs from unknown sources, especially links infected with malware. Nowadays, an overwhelming number of websites offer free Internet security programs that infect your system rather than protecting it.
3 Implement Endpoint Security
Endpoint security system is developed to protect the endpoints connected to the corporate network from vulnerable malicious threats. It provides a centralised method to secure the IT network by examining the company’s endpoints like smartphones, PC’s, servers and IoT devices.
With current trends in BYOD (Bring Your Own Device) practices and with increased mobile threats, the need for an effective endpoint security system is vital.
Deploying an endpoint security system allows enterprises to take control over all the entry points to block malware entry attempts while it also works well to remove cyber threats. Endpoint security helps secure your IT infrastructure to customer data and identity.
Learn more
As the impact of threats like account takeovers expand, striking the right balance between security and usability is critical. For further details around how you can keep your customers’ data secure from these types of threats without bogging down their user experience, contact our team to book in a consultation.
