The Cybersecurity Trifecta: The Secret to Immunizing PII

How much personal information would you give up for a 99-cent taco? Unfortunately, consumers have become far too willing to hand over personal details in exchange for promotions, new apps or memberships, which then opens the door to cybercriminals on the hunt to steal their personal data. The Department of Homeland Security defines this data as personally identifiable information (PII)–anything that permits the identity of an individual to be directly or indirectly gathered, especially for the purpose of identity fraud.

Identity Fraud

In 2020, identity fraud cost Americans nearly $56 billion, with about 49 million consumers falling victim. Many don’t understand how data apps, websites and services collect their information to develop insights on their habits and behaviors. Nor are they aware how cybercriminals can use two pieces of that casual information to steal more sensitive data.

Security breaches continue to evolve and are becoming more frequent through a combination of tech innovations, consumer behaviors and global events like the COVID-19 pandemic during which hackers took advantage of people seeking information online for testing and vaccinations.

Monitor Personal Data

In addition to businesses, government agencies are also increasingly affected by fraud, such as the Texas Department of Insurance where the personal data of 1.8 million Texans was exposed. In this case, nearly three years’ worth of PII was laid bare including social security numbers and other sensitive information.

While forensic experts believe that the data was not used by malicious groups, nearly two million Texas citizens will now need to monitor PII that they thought was safe. In this situation, a final layer of encryption could have kept the PII secure. By utilizing encryption-in-use technology, the agency would have full access to confidential customer information whenever necessary while not compromising its security against breaches.

Organizations that collect and retain PII often use this data to improve and tailor services. Others just hold that information in a data pool until it becomes necessary for upcoming marketing efforts like targeted email advertisements.

But when they fail to adequately protect that data against fraud, they put their customers and themselves at risk, damaging their brands and exposing their organizations to litigation and fines. It’s common for these organizations to increase their security budgets but skip developing a comprehensive plan to protect their customers and their data.

Cybersecurity: Focus on a Trifecta

Their security measures should focus on three key components—a trifecta—to security strategy: Prevention and detection, backup and recovery and data defense.

● Prevention and detection ensure endpoints, such as mobile phones and laptops, are protected with built-in security monitoring. Also called extended detection and response, this is a commonly used tactic.

● Backup and recovery create a snapshot or point-in-time within the data to allow for a quick recovery in case infected data or errors corrupt the system. With this component, organizations can shut down and terminate corrupted systems while having a readily available backup to pick up where they left off.

● Data defense could be considered a last-resort failsafe. However, encryption-at-rest is something many companies struggle with since they need to decrypt data to use it, which is cumbersome, and potentially exposes that data. With encryption-in-use, once encrypted, data is never decrypted; therefore, when all other controls fail and systems have been breached, companies can feel safe knowing they have one final layer of encryption ready to render the data immune.

Cybersecurity Components

Organizations should build all three of these components into their security systems. Without one or the other, they could increase their risk of serious breach and lose the public’s faith. With these three key cybersecurity components, companies and consumers can be more confident their PII is immune to threat actors and fraud.

While companies can implement these tactics, consumers are also on the hook to protect their information with good data hygiene practices; exercising caution when signing up for services and requesting their own privacy when making purchases. Through the use of these strategies, both companies and consumers can defend themselves against increasing cybersecurity threats.

Every day people throw their PII at companies. However, keeping this information safe once it’s in their hands has proven to be a continuous challenge.

By following and implementing the three components of cybersecurity, companies can begin formulating their own defense against threat actors and even human error. And in the end, consumers can be their own advocates by demanding privacy and rejecting this status quo of inadequate security measures.

Avatar photo

Fadil Mesic

With almost 30 years of software engineering experience, Fadil Mesic is the Chief Technology Officer at Titaniam. Prior to Titaniam, he spent five years at Abbott as a Staff Software Engineer, and prior to that, almost 9 as a Senior Software Engineer at St. Jude Medical. He earned his MSc in computer engineering from San Jose State.

fadil-mesic has 1 posts and counting.See all posts by fadil-mesic