California DMV Breach and the Costs of Remote Working
People may be driving less these days, but the personal data accumulated in this area can still be a cyber attack vector. Now, California drivers have been put at risk by a data breach. The state’s Department of Motor Vehicles has suffered a breach, and as is often the case, third party issues underlie the problem. The DMV uses a contractor called Automatic Funds Transfer Services, Inc., which got hit by a ransomware attack in early February. According to reports, around 38 million records were siphoned, including names, addresses and license plate numbers.
Security expert Robert Prigge views this as evidence for government agencies needing stronger authentication measures for data protection. “Fraudsters can leverage the breached information to impersonate victims, access accounts set up with this information, submit fraudulent insurance claims or combine it with other exposed data to gain access to even more user accounts,” he adds.
Ransomware was behind this particular incident, and indeed, a recent survey from Arlington Research for Egress Software demonstrates that 95% of organizations have endured data loss over the past year, while 83% had their own email-based breaches. In 2021, the risk only looks to surge, as 85% of employees are sending more emails. But communications aren’t the only remote working factor here.
Prolonged pandemic working conditions have unsurprisingly taken their toll in other ways, such as distractions and stresses in the new home workplace that organizations have to account for. Tony Pepper, CEO of Egress, posits that data loss is a significant hidden cost of a remote workforce. Around 73% of respondents reported feeling worse levels of stress due to the pandemic, which can impact their mindfulness of safe data security practices and result in more mistakes (and that’s remembering how people have always been a weaker link in the security chain).
Recommended solutions to these issues look to me like new variations on an old theme. Specifically, Pepper suggests utilizing advances in machine learning to detect ‘abnormal behaviors’ that could indicate an employee may be in error. Again, the concept here is nothing new, but now more than ever it’s important for companies to leverage different methods to protect sensitive data.