Mike Fleck, VP of Identity Protection at 4iQ, did us the honor of chatting with Aviva Zacks of Safety Detective. She got a chance to ask him how cybersecurity will change over the next few years.
Safety Detective: What drew you to cybersecurity and what do you love about it?
Mike Fleck: I was drawn to cybersecurity because it simultaneously requires both generalist and specialist skillsets. For example, you need to be able to communicate business risk to help stakeholders understand why a particular investment in security is necessary. Then you must be able to evaluate the specifics of how to reduce that risk to an acceptable level, whether it’s the global deployment of a technical control or a subtle administrative change to a business process.
I love that cybersecurity is an ever-evolving and highly intellectual discipline. Security professionals must constantly learn and adapt their skills to devise new defensive and offensive approaches to protect enterprises and consumers. For example, 4iQ uses breach data (that comes from compromised defenses) in an offensive capacity to help investigators unveil the digital identities of attackers.
SD: What do your company’s products do to keep its customers safe?
MF: 4iQ has been hunting for exposed identity information on the deep and dark webs for almost a decade. Through this process, we’ve developed our own proprietary data cleansing and normalization process. This includes de-duplicating and validating that the data is real. We use this information to notify consumers of their risks of identity theft, account takeover, and other forms of fraud. Our platform is also used in novel ways by enterprises and governments to unveil suspicious and malicious digital identities to disrupt or breakup e-crimes and the groups that perpetuate them.
SD: What industries use your technology and why?
MF: 4iQ products are used by some of the largest consumer Identity Theft Protection service providers, security vendors, cyber insurance providers, and enterprises to alert millions of consumers on exposed personal information. Other organizations, such as financial services, banking, enterprises, and government agencies use 4iQ for fraud, financial crime, and anti-money laundering investigations.
SD: What is the biggest cybersecurity threat today?
MF: The biggest cybersecurity threat today is a compromised or fraudulent identity. Criminals know that an authentic identity opens doors that hacking and other attacks cannot. Criminals can steal or create synthetic versions of identities to steal money, exfiltrate intellectual property, or damage personal and company reputations. The identity compromise doesn’t need to be persistent for this to happen. Access to an email inbox as a result of an exposed password only needs to last a few minutes to have a massive impact on an enterprise or a household. This threat gets more severe as we spend more of our working moments outside the corporate firewall, we share our personal data more often, more of our data is collected with or without our consent, and, as a result, more of our data will be exposed in breaches.
SD: How will the cyberthreat landscape change over the next few years?
MF: Attackers are doing really well with existing attacks like credential stuffing, synthetic identities, phishing, malware, and published exploits for unpatched systems. As we embrace IoT and remote workforces and push legacy systems to the Cloud, the cyberthreat landscape will evolve to take advantage of a larger and more fruitful attack surface. Attackers will achieve new levels of automation and scale. They will find novel ways to use and tamper with machine learning. Criminals will find new use cases for misinformation campaigns. The “attacker for hire” economy will blossom as a result. Enterprises will struggle to understand the risks to their digital assets. Consumers will struggle to understand the risks to their privacy.
Of course, we can’t ignore the COVID-19 pandemic and the unimaginable changes, good and bad, it will bring to our lives. Any transformation of personal or professional lives creates new opportunities and new risks. We hope that your audience is staying safe, staying healthy, and is able to find some way to move forward during these highly unusual and stressful times.