I’ve noticed a troublesome trend in some of the surveys I’ve read. Leadership or IT staff or those in charge of security recognize a specific problem but they aren’t taking the steps necessary to eradicate said problem.
Last week, it was concerns about (and lack of action on) endpoint security. The week before that, it was the disconnect between security realities and security behaviors.
Today it is all about fraud. A newly released study from Ponemon Institute and TeleSign looked at the impact of fake users that infiltrate websites and business networks. The study found that 82 percent of companies struggle with fake users. At the same time, 43 percent allow these fake users into the ecosystem in order to avoid friction in the user registration process. The result of this desire to make the registration process easy is an increased risk of vulnerability and cybercrime. In addition, the report found that most companies have no system in place to detect a fake user from a real user, but the consensus is that approximately 10 percent of the user base is fake. As Steve Jillings, CEO of TeleSign, said in a prepared statement:
Fake accounts are notorious vehicles for cyber criminals to commit abuses, from basic activities such as spam to devastating events like identity theft and account takeover. Battling these types of problems has brought a number of well-known brands to their knees and is continuing to cost businesses significant time, money and reputational capital.
These fake accounts hurt the business, resulting in hundreds of thousands (or more) of dollars lost or stolen or paid in fines and/or lost business. But they also hurt the real users logging into the site, as 21 percent of real users were victimized by fraud in the last year. That businesses know this is happening and that they do little is irresponsible. The study found that 64 percent of companies would rather have a registration that is easy to use rather than one that has security hoops to jump through.
However, this is one security story where I think consumers are as much to blame as businesses. Consumers like things made easy, like the ability to use social media sites as a way to register on other websites. Like I read on the website FRWD, users come to a site to complete a task. That’s their goal, and they want to achieve that goal as simply and quickly as possible. If they can’t do that, they’ll leave and find another website. Too much security can make registration more complicated. We know that the security functions are there for the consumer’s own protection, but consumers don’t think that far. Of course, getting them to understand that is easier said than done.
So it is up to the companies themselves to come up with a registration approach that works for everyone. The reason is clear, Larry Ponemon said in a statement:
Fake users are one of the first steps in the chain of crime, impacting consumers and businesses both directly and indirectly through acts of fraud, theft of information and control of data.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba