Risk
10/28/2010
11:15 PM
50%
50%

Identity Theft Council Aims To Bring 'Neighborhood Watch' Concept To Cybersecurity

Regional initiatives designed to attack security awareness problem at the grass roots

Despite millions of dollars in spending and millions of hours in training, identity theft has become more widespread in 2010 than at any point in history. Maybe, a new industry group suggests, it's time to take a different approach.

The Identity Theft Council, a new consortium of business and law enforcement entities that launched earlier this week in San Francisco, proposes to attack the ID theft problem in reverse: Instead of going global, it's going local -- and personal.

"I've worked on many security awareness programs in corporations over the years, and what I've found is that they typically don't work," says Neal O’Farrell, founder and executive director of the ITC. "It's like checking the tire pressure on your car once a year -- it doesn't happen often enough. And it's hard to get people to be passionate about password management."

The ITC is taking a different tack -- building a sort of "neighborhood watch" program that brings together local businesses, law enforcement agencies, and individuals to help the victims of identity theft, share information about new threats, and build awareness at a personal level.

"In the end, people can't see the need for security unless they see that it has a direct impact on them, their families, and communities," O'Farrell says. "What we want to do is to find a different way to effect this change in people, to deal with it on a personal level."

The ITC has already tested the community-oriented security concept through a pilot program implemented in more than two dozen cities and police departments across the San Francisco Bay area. Unlike previous security awareness initiatives, the program is deployed at the community level and supported by trained counselors in those communities, as well as banks, credit unions, and law enforcement.

In addition, the ITC is attempting to take identity theft awareness a step further by implementing peer-to-peer education at the school level, along with seniors and other groups. By the end of 2010, more than 100 cities and communities across northern California are expected to be participating in the ITC, creating a model and launch pad for other councils to form across the country.

"We've had inquiries from at least 12 states that want to set up programs," O'Farrell says. "I think we've struck a nerve. We're addressing a problem that is widespread with an essentially volunteer program that doesn't require a lot of investment. We think we'll be able to take this national as soon as possible."

In the past, identity theft victims have felt powerless because local law enforcement agencies generally don't have the time or resources needed to respond to everyday thefts, O'Farrell observes. But by bringing victims together with security professionals, local law enforcement agencies, banks, and other interested parties, the ITC hopes to create communities of interest that can actually do something to help the victims -- and help other users from being ripped off.

"With Identity Theft Councils, victims now have somebody to talk to, a real voice," says Inspector Anne Madrid of California's Hayward Police Department. "They'll talk to a real person who cares about what they're going through and can talk them through the pile of paperwork that they're going to have to fill out. It's a great victim advocacy tool."

"Much like the Better Business Bureau, the Identity Theft Council is dedicated to increasing consumer trust and raising awareness," says Steve Cox, CEO of the Council of Better Business Bureaus. "The threat of identity theft can severely damage a consumer's trust in the businesses and organizations they work with on a daily basis. We are thrilled to see the Identity Theft Council stepping up, tackling the threat of identity theft, and bringing that trust back to the marketplace."

Some of the early beneficiaries of the ITC program could be small businesses, which typically don't have the resources to train and defend themselves against cyberattacks and may not get the credit protection that consumers do against fraud, O'Farrell says.

"SMBs are the next battlefront," he says. "Most of them are unprotected, and many of them don't even know when they've been ripped off. Malware is out there that is targeting SMBs specifically."

The ITC hopes to set up programs that will help small businesses -- and even larger ones -- build security awareness programs that are much more effective than those they are implementing (or not implementing) now, without adding to the expense."

"We'll help train your users, or help you train them yourself," O'Farrell says. The key is to do it in a way that's meaningful not only to the business, but to the individual employee."

The ITC is currently seeking out corporate sponsors and security professionals who want to help build identity theft awareness organizations within their own communities. For more information, contact the Identity Theft Council.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
5 Security Technologies to Watch in 2017
Emerging tools and services promise to make a difference this year. Are they on your company's list?
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.