2017 was a challenging year for cybersecurity. News of bombshell data breaches at companies like Equifax, Yahoo, Wannacry and more made enterprise security flaws more prominent than ever, and an increase in data output from “internet of things” devices has opened both businesses and consumers to even greater risk of cyberattack. Between 2016 and 2017, the number of known data breaches grew by more than 500, according to Eva Velasquez (pictured), president and chief executive officer of the Identity Theft Resource Center.

“The more data that we create, the more that it’s vulnerable — and the more that it’s used to comprise our identity. … We’re still having a lot of first exposures to these issues,” Velasquez said. The Identity Theft Resource Center is a non-profit group that helps victims of identity theft resolve their cases. She and her team are working to broaden public education and awareness in the understanding of identity theft, data breaches, cybersecurity, scams/fraud and privacy issues.

Velasquez sat down with Jeff Frick (@JeffFrick), host of theCUBE, SiliconANGLE Media’s mobile livestreaming studio, during Data Privacy Day in San Francisco, California. They discussed the effects of increased cyber risk on businesses and consumers alike, as well as how Velasquez and her team are working to mitigate those risks by taking a new approach to multi-layered security.

Building security past an SSN

A data breach is a crime with many victims, making security both more crucial and more complex. “A breached entity, when they’re hacked, they are a victim. … The person whose identity credentials those are, they are the victim. … If … a financial services institution has to replace that data, they’re a victim too,” Velasquez said.

With so many entry points for cyberattackers, the Identity Theft Resource Center is focused on developing protective methods for all levels of data use. This explosion of data and new cloud business heralded by IoT has created even more opportunities for hackers to use myriad data points to impersonate users and gain access to sensitive information. Child and synthetic identity theft, a method of cyber breach that involves stealing or manufacturing a false Social Security Number and building a credit profile around it, are steadily increasing as hackers gain more access to information through the trough of data provided by the technology we use every day, Velasquez pointed out.

“When we start talking about these toys and other internet connected … devices that we’re putting in our children’s bedrooms, it actually … makes the hair on the back of my neck stand up,” she said.

At Identity Theft Resource Center, Velasquez is working on initiatives that actually leverage those available data points toward ultimate security. Where not-so-private identifiers like a social security numbers have long been used as a gateway to privacy, Velasquez wants to build more intricate, comprehensive measures around user data. “It’s the angle at which you look at your phone, it’s the tension with which you enter your passcode. … They’re not private, they don’t feel secret, but we can use them to authenticate ourselves, and that’s the big discussion we need to be having,” she said.

Though these methods might present a more complicated experience to consumers, Velasquez hopes they’ll accept the challenges with the knowledge that the extra work is positively impacting their cyber safety. “This is one of our challenges for 2018; we want flip that security versus convenience conundrum,” she said.

While her team works to develop new methods of protection, Velasquez encourages individuals to take time to consider how they use and protect their data at home. “Have a thoughtful conversation with yourself and with your family about what types of data you want to share and what you want to keep private,” she said.

Despite these challenges, she’s confident that safety is within reach. “It’s complicated, but we’ll get there. More of this kind of dialogue gets us just that much closer,” she concluded.

Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s coverage of Data Privacy Day.

Photo: SiliconANGLE