ICFE eNEWS #17-01 - January 9th 2017
Identity Theft Risk Management - A Perspective for 2017
By Yan Ross, Director of Special Projects, ICFE
During the period from 2016 to 2017, both domestic and
international areas have experienced some subtle, and
not-so-subtle, shifts in the attacks by high-tech identity
thieves. Both press and social media have given a great deal of
attention to cyber events, featuring both data breaches and
other incursions perpetrated by hackers.
To some extent,
identity thieves are like terrorists - they only have to win
once, while their intended targets have to be 100% prepared to
defend against attacks. They play by a different set of rules -
the military and strategic term is "asymmetrical warfare."
It's undeniable that the gross numbers of individuals whose
sensitive personal information is involved in third-party data
breaches has grown disproportionately. However, the basic
measures both individuals and organizations must take to avoid
the depredations of identity thieves cannot be abandoned. It's
not a question of either high-tech solutions or instituting
broad-based defensive practices; the only effective response to
the present array of challenges is a both-and approach.
both organizational and individual levels, the most important
point is to make the decisions in an informed, thoughtful
manner. That means education for planning and implementation of
appropriate measures to identify threats and institute defenses
The risk evaluation and management exercise is
central to this process. Deciding which risks to retain versus
which risks to lay off on service providers and insurers is an
important exercise. In addition to identifying the risks, they
should be categorized and separated into those where the
sensitive information is under the control of the individual or
organization, and those where such information is under the
control of a third party.
Similarly, education and training
of executives and all staff to be aware of and prepared for
attempted identity theft incursions represent a fundamental and
continuing requirement for the successful avoidance of identity
It's all too easy to overlook the basics of
identity theft risk management, but periodic updates and
training sessions can have a double positive effect. First, the
line of defense against low-tech "traditional" identity theft is
strengthened. Second, and just as important, more resources are
made available to assure higher-tech defenses are in place.
Outside resources include professional services to evaluate the
risks to your family and business, monitoring and restoration
plans, and insurance coverage. It's up to each individual and
each business entity to determine which of these is most
Recent developments and increased occurrences of
such current challenges as ransomware, malware, and
cyber-intrusions will no doubt be met with new and improved
protections to combat these attacks.
It's just as likely that
even as such protections are placed into service, new and
hitherto unexpected methods of intrusion will come to light in
the coming year.
Accordingly, the best advice is three-fold:
Maintain the basics of education and training, keep vigilant for
indications of the unforeseen, and lay off those risks you are
not prepared to face yourself.
Ross is ICFE's Director of Special Projects, and the author of the
Certified Identity Theft Risk Management Specialist ® XV CITRMS®
course. As an accredited educator for over 20 years, he has addressed
Identity Theft Risk Assessment and management for consumers, organizations
holding personally identifiable information, and professionals who
work with individuals and organizations who are at risk of falling
victim to identity thieves.
The ICFE's Certified
Identity Theft Risk Management Specialist® XV CITRMS® course is
now available both in printed format and online.
and Desk Reference edition of the course book is also available
online. Bulk pricing and discounts for veterans and students
available. Inquire at firstname.lastname@example.org