The cybercrime underground represents a vast marketplace for stolen data, hacking tools and nefarious knowledge. The steady stream of breached data that is pumped in usually gets recycled into fraud. That stream is more accurately described today as a flood. New data reveals that US companies were forced to issue over 1.7 billion data breach notifications to their customers in 2024, due primarily to cyber-attacks.
This is a challenge that affects all businesses. And the fightback must start by better protecting the data itself.
Those figures, from the non-profit Identity Theft Resource Center (ITRC), are shockingly high—up from 353 million US breach victims in 2023. The reason for the spike is six “mega-breaches” of over 100 million records each last year. Financial services was by far the worst offender, accounting for nearly a quarter (23%) of the publicly reported breaches assessed in this report. That’s roughly in line with the share reported in 2023.
It seems perverse that financial services organizations are still getting breached in such large numbers. They have relatively more to spend on cybersecurity measures than, say, healthcare organizations. And they should be more attuned to the high cost of breaches in the sector: $6.1m on average versus $4.9m across all sectors. Moreover, financial services firms are on the front line when it comes to the fraud that stems from breached customer data.
This includes:
According to the FTC, identity fraud now occurs once every 22 seconds as a result. And thanks to the power of AI and malicious bots, it’s likely to get worse, as fraudsters find it easier to leverage stolen data to hijack accounts en masse, create synthetic identities for new accounts and make illicit payments.
Taking on a sophisticated cybercrime economy said to be worth trillions of dollars won’t be easy. But it can be done, if we take it step by step. The first stage is to turn that torrent of stolen data back into a trickle, with better enterprise-grade cybersecurity. It’s getting tougher each year to keep the bad guys out of corporate networks and data stores; particularly as many now use compromised credentials to impersonate legitimate users. So we must go back to basics. That means protecting the data itself.
With an effective data-centric security strategy, financial services and other organizations can rest assured that even if threat actors reach customer data, they will not be able to use it for follow-on fraud. That means no useable passwords with which to hijack accounts, no personal information with which to create new accounts, and no card details with which to make fraudulent purchases.
The comforte SecurDPS offering is particularly effective because it incorporates:
The beauty of tokenization is that financial institutions and others can use the data itself in cloud-based analytics deployments, including for fraud prevention, without worrying that it may be compromised. That’s a win-win for industry.
A strong data-centric security strategy like this can be the foundation of an effective Zero Trust approach that also features network monitoring, strict access controls, network segmentation and other controls. But in a world where financial crime is booming, it pays to focus first on what matters most.
It’s your customer data that threat actors and fraudsters want. So put it out of their reach.