I recently read the 4th Annual 2017 Data Breach Industry Forecast conducted by the Experian Data Breach Resolution team. Since it’s the beginning of the year, I thought it may be appropriate to share their data breach predictions for 2017. As we plunge face first into the new year, we need to consider the direction in which the cyber threat landscape is headed so we can be prepared when faced with any challenges. A co-worker turned to me and said, “It’s not if someone will be hacked, it’s when…” This is a chilling reality that I am tasked with pointing out to people every day through working with Jungle Disk customers. Here’s what Experian predicts for the year:
Aftershock password breaches will expedite the death of the password - I feel like 2016 was the year of old password hauntings. Yahoo had 500 million accounts breached and it wasn’t until 2016 that those stolen credentials showed up on the dark web. The same kind of thing happened with old MySpace passwords](http://www.digitaltrends.com/social-media/myspace-hack-password-dump/). Since people are notorious for reusing passwords for several accounts, a criminal could gain access to one of your accounts using your old credentials or variations thereof. As this data continues to get bought and sold, Experian anticipates more companies pushing to use two-factor authentication to verify users (i.e tokens, SMS alerts, etc.).
Nation-state cyber attacks will move from espionage to war - Last year was a doozy with the year beginning with targeted hacks against business giants like LinkedIn and Verizon and ended in one of the most controversial elections of all time stemming from accusations centered on hacking. Regardless of how you view the election, what we have learned is that cyber criminal activity is not limited to stealing or snooping. It can have serious consequences and responsibility in being placed in the hands of anyone who has access to a computer connected to the web. As countries figure out how to deal with targeted cyberattacks, businesses should also prepare for full-on disruption. Organizations will need to stay mindful about their potentially exposed intellectual property and take proactive steps to protect themselves.
Healthcare organizations will be the most targeted sector with new, sophisticated attacks emerging - Speaking of personal property, unfortunately healthcare breaches seem to be continuing to trend upward, as medical identity theft is easy enough for hackers to exploit. Whereas in 2015, healthcare insurance agencies seemed to be the main target, research is pointing to a shift of focus to hospital networks in 2017. Electronic health records (EHR) seem to be the focal point of concern, as it may only take one outdated system to lead to serious exposure. As mobile applications for these systems develop, that may further lead to new vulnerabilities making it a ripe environment for increased cyberattacks.
Criminals will focus on payment-based attacks despite the EMV shift taking place over a year ago - We are still in transition to the EMV Chip and PIN liability, which the financial industry thought may end payment breaches, but unfortunately, we expect payment breaches to continue, as they did last year due to adoption-rate. This prediction makes total sense to me. I think of how many times throughout the day I take out my credit card to pay for something at a grocery store or other retail store, and I’m met with either a small sign on the credit card reader that says, “Please swipe” or “no chip”. There has been mixed adoption of the chip, due to the cost of implementing the systems, so we can expect for payment based attacks to continue to be a pretty steady bulls-eye for cyber criminals.
International data breaches will cause big headaches for multinational companies - In May 2015, the European Parliament and European Council created the General Data Protection Regulation (GDPR) with the intention of strengthening and unifying data protection for individuals within the European Union. Canada and Australia have developed similar regulations, which will likely increase consumer awareness around notifications of breaches. So, US-based companies will be forced to begin working to comply with these new rules in 2017 as their practices will be more closely monitored abroad. Now would be the time for companies who regularly do business internationally to reevaluate and perhaps audit the way they are conducting business in other countries to ensure they are abiding by the new regulations.
If you haven’t already done so, I recommend reading the full article here. As we take on the year, it will be beneficial to see how these predictions will change or be confirmed by the ever-changing climate of cyberattacks. As a data security provider, please let us know if we can help protect your critical business data.