eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.
1What Key Data Breach Trends Portend for Enterprise Security in 2016
2Impact of EMV Chip-and-PIN Regulations
Although Oct. 1, 2015, marked the official liability-shift date for U.S. vendors to adopt EMV chip-and-PIN compatible payment terminals, many organizations still have not adopted the technology. In fact, a survey released last fall by The Hartford found that 86 percent of small businesses had not yet invested in equipment to accept chip-and-PIN cards. This marks businesses as an easy target for cyber-thieves, particularly small vendors such as gas stations and other more distributed networks that are now more susceptible to an attack. For others that are still rushing to adopt the chip-and-pin technology, new opportunities may surface for attackers to exploit the fact that inevitably errors will exist in making the transition.
3Health Care Companies Hit the Hardest
Health care companies will remain a top victim of data breaches in 2016, with incidents likely to increase in frequency and severity. In the coming year, sophisticated attackers may focus on insurers and large hospital networks with an opportunity for the biggest payoff. However, the other area that will remain largely under-reported is the growing number of incidents involving paper records and lost laptops. These incidents are often due to employees mishandling paper records or losing physical back-up of information.
4Nation-State Attacks Leave Collateral Damage
In 2016, the covers are going to be blown off international cyber-warfare that’s existed in the background and hasn’t yet come to the forefront. According to research from The Wall Street Journal, more than 60 countries have or are developing tools for computer espionage and attacks, and 29 countries now have formal military or intelligence units dedicated to cyber efforts. As nation-states continue to move their conflicts and espionage efforts to the digital world, we are likely to see more incidents aimed at stealing corporate and government secrets that may expose personal records in the process. As with the U.S. Office of Personnel Management breach in 2015, while the goal of an attack may be to find specific background information, in the process everyday citizens’ personal data will be left as collateral damage.
5U.S. Presidential Campaigns Will Be Attractive Hacking Targets
With the 2016 elections, it is likely that one of the presidential candidates, their campaign and/or major donor base is going to be targeted. As with any major activity or event, leaders involved must prepare for a data breach. In this case, political organizations and campaigns should ensure that they are securing their systems and have incident-response plans in place.
6Hacktivism Will Make a Comeback
In 2016, we’ll see a resurgence in hacktivist activities, which are motivated by causing reputational damage to a company or cause, rather than financial gain. Any organization or group with a polarizing or controversial standing should be prepared for the possibility of an attack for the purpose of harm to the organization. These types of incidents can often cause significantly more damage to individuals and are harder to resolve for businesses. It is important that organizations prepare to respond to this type of incident and rethink their data breach response plans to ensure all scenarios are accounted for—including extortion.
7More Corporate Extortion Will Happen
As the value of payment records decreases on the black market, more hackers will likely look to access data for extortion purposes or other scams in 2016. Examples of cyber-extortion—including the attacks on Sony and Ashley Madison over the past two years—may be a preview of what’s to come. Moving forward, businesses are apt to take into account the potential of extortion in their data breach preparedness planning, including having cyber-insurance policies in place that incorporate protocols for how to negotiate with cyber-criminals.
8Expect More Enforcement Action From Regulators
While the last several months saw increased scrutiny from regulators on what steps are being taken by companies to protect customer and employee data, in 2016 companies can expect more direct enforcement actions from agencies. The recent FTC vs. Wyndham Worldwide case is a clear indicator of movement in this area, as federal courts granted the FTC authority to require companies to securely store customer data and then punish them if they failed to do so.
9Millennials Will Present an IT Security Threat for Employers
Millennials arguably are known for their frequent use of social networking sites and mobile devices as a key part of their daily lives—including electronic sharing of information from the workplace. This presents an IT security risk in the workplace that companies need to take into account in the coming years. Organizations should address this risk by ensuring that employees receive regular security training and are familiar with what information should not be shared outside company walls.
10More Companies Will Hone Data Breach Response Plans
Although research shows more companies (81 percent) have a data breach response plan in place, executives still lack confidence in their ability to respond to an incident. According to a recent report from the Ponemon Institute, only 34 percent of executives say their organizations’ data breach response plan is effective overall. With this in mind, more companies are likely to take the time to audit and practice their data breach response plans in the coming year.
11A Look Back at 2015 Predictions
No company is immune from hacks, whether from the inside or the outside. Even Experian itself was hit in 2015. As part of its annual forecast, Experian Data Breach Resolution also took the time to grade last year’s predictions. A few of the predictions made top marks, including a continued increase in health care breaches and more business leaders being scrutinized for data breach preparedness. However, Experian was surprised to find that cloud computing avoided the spotlight in terms of major security incidents. Go here to see last year’s 2015 predictions.