Wondering what the new year’s data breach landscape will look like? Experian’s Data Breach Industry Forecast report outlines the top five data breach trends predicted for 2017. The industry predictions in the report are rooted in the global services group’s history helping companies navigate more than 17,000 breaches over the last decade and almost 4,000 breaches in 2016 alone.
According to Michael Bruemmer, vice president at Experian Data Breach Resolution, preparing for a data breach has become increasingly complex. “Organizations must keep an eye on the many new and constantly evolving threats and address these threats in their incident response plans. Our report sheds a light on a few areas that could be troublesome in 2017 and beyond,” he said.
Here are Experian’s top five predictions:
1. The Prediction: “Aftershock” password breaches will expedite the death of the password. A new industry trend emerging this year, Experian predicts “aftershock” breaches as companies are facing the impacts of previous data breaches. As more personal credentials are compromised, the risk for users may extend far beyond the initial breach as attackers continue to sell old username and password information on the dark web. As we saw in 2016, a breach of 500 million Yahoo accounts in 2014 continued to echo consequences.
The Takeaway: More companies should push toward using two-factor authentication to verify users, which helps solve the password reuse problem. Companies should also account for aftershock breaches in their incident response plans and ensure they treat them just as seriously as a traditional breach.
2. The Prediction: Nation-State cyber-attacks will move from espionage to war. Building upon its 2016 prediction that cyber conflicts between countries are leaving consumers and businesses as collateral damage, Experian believes we may see an evolution of these types of threats moving from espionage to active conflict – and potentially war between countries.
The Takeaway: Organizations will need to stay vigilant about their potentially exposed information and take proactive steps to protect themselves, including purchasing proper insurance protection and shoring up their security measures to protect against large-scale disruptions.
3. The Prediction: Healthcare organizations will be the most targeted sector with new, sophisticated attacks emerging. This sector will continue to be a focal point for hackers as medical identity theft remains lucrative and easy for cybercriminals to exploit. Experian also anticipates mega breaches will move on from focusing on healthcare insurers to focus on other aspects of healthcare, including hospital networks.
The Takeaway: Healthcare organizations of all sizes and types need to ensure they have proper, up-to-date security measures in place, including contingency planning for how to respond to a ransomware attack and adequate employee training about the importance of security.
4. The Prediction: Criminals will focus on payment-based attacks despite the EMV Chip and PIN liability shift taking place over a year ago. Driven by uneven adoption of the new technology, combined with attackers targeting new industries and adapting their tactics, Experian predict that payment attacks will continue to vex companies in the year to come.
The Takeaway: It’s essential that companies behind the curve speed up their plans for EMV Chip and PIN adoption. Both retail companies and consumers need to maintain security best practices during this time of ongoing transition and recognize that cyber criminals may shift their focus but won’t be completely deterred.
5. The Prediction: International data breaches will cause big headaches for multinational companies. Experian predicts the breaches that will cause the most significant damage will involve the loss of international consumers’ data. In particular, the General Data Protection Regulation (GDPR) in the EU will create more pressure for businesses and greater consumer awareness around breach notification.
The Takeaway: Companies need to start working to comply with the new rules over the next year as scrutiny of their practices and consumer awareness is raised in more markets. Now is the time for these companies to do “dry runs” prior to the new regulations going into place to ensure they are properly prepared.
Whatever the new year holds, BioIQ is committed to following HIPAA best practices, staying up to date on the latest regulatory guidelines and providing information security training and awareness for its employees.
“As a healthcare organization, BiolQ will continue to be proactive in our processes to ensure data privacy and security,” said Wes Rhea, Chief Compliance Officer and Privacy and Security Officer, BioIQ. “We will continue to monitor and evaluate our technical and administrative security controls and follow best practices when it comes to data protection.”