The internet has evolved to become a vast social and interactive space, and with this evolution, new threats have emerged which are designed to target business and users' identity and trust in online services.
The majority of consumers use a wide range of services online, from keeping up-to-date with the news, to shopping and banking, all of which often require us to log in or share personal information. All of these services are under attack from the constantly changing and progressive threat landscape.
Building trust in these services requires brand identity and obtaining this trust and brand awareness is fragile. Fragile particularly as hackers focus their attention on acquiring a user's personal identity or corrupting a business brand as identity becomes the new currency for hackers.
A lack of trust
Recent research shows that the average consumer has little faith in online organisations, when it comes to looking after their data. A survey of 1,000 consumers by Integralis in April revealed that only one in three trusted online retailers to hold their personal data securely, and in the case of supermarkets, the figure was one in four.
Whilst over a quarter of consumers do not trust any organisation with their personal information, over 50 per cent confirmed they trust banks the most. These figures decline with online payments systems (22 per cent) and credit card providers (eight per cent).
This trust in banks has been developed over time and is founded in the bricks and mortar of their old business model. Online payments and credit card providers, however, do not have this heritage and trust in these businesses is lower as a result.
The majority of consumers are most concerned about identity theft, and businesses need to understand and acknowledge this low level of confidence in online services and promote their ability to protect customers' personal details.
Brand awareness and trust are built over time, and to undermine this is the ultimate goal of the hacktivist. Obtaining your personal identity is the definitive objective of the cyber criminal, allowing them to take on your persona for fraudulent gain.
‘Identity is the new currency' for hackers and organisations must understand the risks and prioritise the use of technology, education and awareness to protect this currency. They need to think differently about how to gain users' trust in online services and ensure they keep that trust.
Convenience and security are uncomfortable bed fellows, but by understanding and putting risk in context, organisations can make informed decisions about how to ensure that identity is protected and brand trust is maintained.
Loss of personal identity takes months, if not years, to re-establish and can result in financial and often personal loss. We must do everything we can to protect personal identity and stop attacks on individuals for monetary gain and enable businesses to use technology in a more efficient and effective way to protect online identities.
The risk to organisations is equally damaging, with the prospect of facing huge fines for losing personal or financial data, and destroying a reputation that may have taken years to build. While consumers may claim to trust no-one, they can easily switch their business from a company that shows reckless disregard for their personal privacy.
Businesses must take steps to align their enterprise security architecture with the overall governance model and understand where the real risks are. Equally, as individuals we need to take care online to protect our personal information. We all now shred our documents and we need to take this approach online with our identity.
The hard truth is that organisations have no alternative but to take data security very seriously, not only to protect their customers from themselves, but also to safeguard their own confidential data, and ultimately, their own reputation.
Organisations can build trust with consumers by ensuring they are protecting them from their own carelessness and bad habits, and by educating them about best practice. Some banks and online retailers already do a good job of reminding users how to maintain the right levels of security on the web, but other online businesses could do more.
Encompassing technology as well as education and awareness programmes, will help online users to stay safe, while also protecting the organisation from costly breaches and embarrassing incidents.
Garry Sidaway is global director of security strategy at Integralis