At the beginning of the year, several bloggers and I shared our ID-theft and data breach predictions for 2009. Last week, Aladdin Knowledge Systems released its Annual Threat Report summarizing data security threats from 2008 and predictions for 2009. Part of Aladdin's predictions: the global financial crisis, real-estate market cratering, and credit crunch will:
"... combine to give the business of eCrime a boost... We see eCrime in 2009 thriving, bringing in more than the "classic" technical employees. eCrime will expand its business model and hiring reach to include the unemployed management level and financial industry professionals."
This means companies should expect, plan, and implement data security systems that address identity theft and data breaches caused by insiders: employees, contractors, and vendors. Aladdin also noted that because more professionals and businesses now use social networking sites, the value of web identities has soared and:
"Reconnaissance and business intelligence with tools such as Paterva's Maltego has become all too easy, and the sheer amount of public data on sites like Facebook, LinkedIn, Bebo and even MySpace make it easier to impersonate, damage or misrepresent a personal or business identity on the Web. We predict that we will see an increase in the amount of Web identity hijacking, and in response, a serious change in the requirements for validating our identities on the Web."
This means that consumers and users of social networking sites will have to be smart about who you connect with, who you give access to your detailed profile, and the profile links you click on. It is wise to contact a "friend" via an alternate method (e.g., phone, e-mail -- or walk down the hall and talk with your coworker or classmate) to verify that the online identity matches the real person, and to verify that the real person did send to you a Friend/connection request, before granting them access to the sensitive personal data in your online profile. Or only use social networking sites that offer effective online identity confirmation features.