Identity theft isn't only a consumer threat. Looking for bigger gains, attackers are targeting the enterprise with similar tactics to hijack corporate online and financial accounts. Here how security pros can fight back. Identity theft, historically considered a consumer threat, is expanding its horizons. Looking for bigger game, attackers are targeting the enterprise with similar tactics used to hijack online and financial accounts belonging to individuals.At their core, the theft of consumer and enterprise identities are similar in that they both involve the inappropriate acquisition and potential misuse of users’ digital credentials. What’s different is how these two types of identities are captured and exploited.How corporate identity theft worksConsumer identities are typically acquired in large quantities via corporate database breaches. Recent examples include Target, Home Depot, Neiman Marcus and Anthem Blue Cross. These identities are usually then sold or farmed out to criminal groups that attempt to use them for illicit financial gain.Enterprise identities, on the other hand, are not usually stolen in mass quantities. Instead, they are harvested using more stealthy methods such as email phishing/spear phishing attacks. With a few enterprise identities in hand, attackers can gain access to a company’s secure inner network and steal sensitive data, such as intellectual property or sensitive financial information Mobile makes hijacking of enterprise accounts easierWith the advent of “open computing” trends introduced with cloud apps and BYOD, enterprise IT organizations have been forced to allow workers to connect to company networks from anywhere at any time. These developments are not only disintegrating the traditional network perimeter, they are also making the hijacking of enterprise accounts easier to accomplish and more difficult to prevent.To complicate matters, enterprise IT departments are under continuous budget pressures to deliver services more quickly and at reduced costs. As a result, many businesses have jumped into the deep end of the cloud computing pool to capitalize on its promises of faster deployment and predictable costs. Is your cloud infrastructure putting PII at risk?While there are tremendous benefits to cloud computing, it also places confidential company data at risk of exfiltration in the event of account hijacking. In most cases, it is more difficult to protect enterprise access credentials in a cloud computing environment than a contained enterprise network. This creates an environment where credential theft is both hard to defend and very difficult to detect (until it’s too late).In response to these changes, enterprises need to rethink security to address the new “attack surface” that’s been put in place.Instead of relying on traditional siloed security tools, dated processes and manual operations to address this expanded attack surface, a more holistic approach is required.This new model should be based on a centralized threat monitoring, policy definition and enforcement infrastructure that enables end-to-end visibility across on-premise systems and cloud applications — by rolling-up intelligence from multiple security tools, enterprise systems and business applications.To detect corporate identity theft incidents, and other threats that on the surface appear “benign,” new techniques such as real-time analytics, machine learning, peer group modeling, and others, must be layered on top of this centralized infrastructure. This multi-dimensional approach is needed to protect against attacks that are themselves multi-dimensional. Related content opinion Embracing risk management elevates security pros to business leaders. Why do they still find it so difficult? The transition from an “it’s all about security and protecting the crown jewels” to “we need to mitigate risk and embrace risk management” is a crucial step next step for the information security profession. By Leslie Lambert Dec 17, 2018 4 mins Risk Management Security opinion Securing connected medical devices: Will categorizing them as ICS help? Now that they’re no longer protected by an “air gap,” let’s consider what’s needed to protect connected medical devices from security threats. By Leslie Lambert Oct 04, 2018 4 mins Internet of Things Critical Infrastructure Security opinion Staying secure as the IoT tsunami hits The ubiquitous adoption of devices in virtually every industry is creating a massive, global security gap. Data science can help reign in the risks. By Leslie Lambert Jul 12, 2018 4 mins Internet of Things Data and Information Security Security opinion The time for network behavior analytics has come Once considered the eminent domain of networking teams, network telemetry data is becoming a requirement to provide security analytics with a more complete view of enterprise threats. By Leslie Lambert Jun 07, 2018 5 mins Network Security Analytics Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe