Cybercrime is no longer the only concern when it comes to data breaches, and as the landscape continues to evolve, companies must try to stay ahead of the curve and be prepared to respond to any type of security incident.
Experian Data Breach Resolution has released its third annual Data Breach Industry Forecast white paper, showing that while some current issues remain relevant, there are a few emerging areas that warrant attention.
“We saw different types of breaches this year, and one of the major mistakes companies often make is taking a one-size-fits-all approach,” said Michael Bruemmer, vice president at Experian Data Breach Resolution. “Unfortunately, the reality is that no data breach is the same, and a wide variety of unique circumstances need to be considered in a data breach response plan. It is challenging to keep up so we are releasing this white paper to provide organizations with insight that will help them better strategize their incident response.”
For one, Experian predicts that consumers and businesses will be collateral damage in cyber-conflicts among countries. As nation-states continue to move their conflicts and espionage efforts to the digital world, we likely will see more incidents aimed at stealing corporate and government secrets or disrupting military operations. Such attacks can cause collateral damage in the form of exposed information for millions of individuals or stolen business IP addresses. There could also be an increase in large public-sector data breaches that expose millions of personal records.
“This is new-age warfare and, as individuals, we need to pick up the pieces if we have been affected and our personal information has been exposed,” said Bruemmer. “The public should not be complacent about identity protection. It’s important to practice good security habits on an ongoing basis and monitor accounts frequently to catch fraud early.”
Also in the coming year, the firm predicts a resurgence in hacktivist activities, motivated by the desire to effect reputational damage on a company or a cause. No longer motivated merely by financial gain, criminals steal data to glean information that can be used for blackmail or extortion. This changes the response plan, and companies must consider all possible scenarios.
“This was the new twist to the data breach landscape in 2015, with thieves leveraging stolen data to embarrass or harm companies,” said Bruemmer. “Unfortunately, consumers are the pawns in the game, and they are victimized in the process. By association with the attacked organization, they also can suffer personal harm or embarrassment if their information is exposed. If an organization has a polarizing or controversial mission, it should consider this scenario and how it will take care of its constituency should a breach occur.”
Experian also expects that: EMV chip and PIN liability shift will not stop payment breaches; big healthcare hacks will make the headlines, but small breaches will cause the most damage; and, the 2016 US presidential candidates and campaigns will be attractive hacking targets. That could be one of the presidential candidates, their campaigns and/or major donor bases. As campaigns today are won and lost online and driven by Big Data analytics, the potential for a politically motivated attack is significant.
“We would be remiss if we did not mention this national occurrence as a possible target,” said Bruemmer. “For a fame-hungry criminal or motivated detractor, this is an attractive platform. It could happen with any activity on a national or global stage so leaders involved must ensure they are securing their systems and have incident response plans in place.”
Photo © frank_peters