BankInfoSecurity’s webinar last week titled “State of the Hack” had telling insights into the world of cybersecurity and how the industry is forecasted to change in the coming year.
Protected Identifiable Information
Over the last year, hackers have shifted their focus away from credit card data and toward obtaining personal identifiable information (PII). While major retail hacks dropped over the course of 2015, PII became more vulnerable in large organizations such as the FBI, Trump Hotels, and T-Mobile. Which brings about the biggest concern for 2016 – protecting PII.
But what is Personal Identifiable Information? PII is classified as any information that is personal in nature, social security number, date of birth, previous employers and addresses, or drivers license numbers. This information generally does not change or is extremely difficult to change and as a result, is valuable in the hands of those with malicious intent. With the large numbers of credit and debit cards stolen every year, banks have responded with EMV technology that makes them more difficult to copy. The same cannot be said for PII.
As a result, “connected business partner” attacks are expected to rise throughout 2016. Target and the Office of Personnel Management (OPM) that handles security information for several military and government organizations were compromised through connections through or information from hacking a service provider. Monitoring these business partners and service providers is more important than ever if PII is to remain safe in the hands of such organizations.
Ransomware & Extortion Breaches
Likewise, ransomware will continue to evolve and it is expected that the ransoms will rise significantly in the next year. So far, attackers have primarily targeted individuals for relatively small amounts of money. However, hackers have now discovered how easy it is to control servers and corporate systems and will likely target larger entities for larger sums of money. Along the same lines, extortion breaches are expected to rise. Ashley Madison is a prime example of such a breach where attackers gave them an ultimatum to either shut down or have their users exposed. Unlike ransomware, extortion breaches do not necessarily include a loss of functionality and hackers may not be looking for money.
Traditional Protection Won’t Cut It
Less tech savvy companies may feel protected by traditional anti-virus models, but their effectiveness will continue to decline as attackers become more sophisticated. As we discussed in a previous blog, the number of zero day vulnerabilities doubled in 2015 (125% increase over 2014). 2016 will drive more businesses to look for more sophisticated methods of monitoring and securing their networks and devices.
Overall, the cyber threat landscape is expected to continue to grow. This creates an immediate need for all businesses, small and large, to assess the information they process and what their level of exposure is in the event of an attack. Once a business understands what an attacker wants and the methods they will utilize to try to obtain that information, they can start building effective information security and cybersecurity plans to help deter attackers and protect their data and ultimately their business.