The data breaches of 2014 have yet to fade into memory, and the breaches of 2015 just keep right on coming.
Earlier this year, the credit reporting company Experian Information Solutions released its 2015 Data Breach Industry Forecast. We thought it might be instructive to see whether their predictions were on the money.
Here are the top five data breach trends, according to that report:
1. Prediction: Credit card breaches will rise over the next few months as hackers try to beat the October deadline of October, 2015 for retailers to upgrade to point-of-sale systems capable of processing chip-and-PIN credit cards.
Reality: According to the Identify Theft Center (IFTC), there were 20 major credit card breaches in 2005. In 2014, there was more than double that at a total of 43. That upward trend appears to be continuing in 2015. The most notable victims have been Chik-fil-A (9,000 customers affected), Costco (as many as 60,000 customers exposed), and Harbortouch, a company that provides point-of-sale systems to roughly 150,000 businesses (at least 4,200 of their customers appear to have been breached).
2. Prediction: Hackers increasingly will target data stored in the cloud. “Hackers are eager to capitalize on the value of consumer online credentials,” according to the report.
Reality: Recent disasters such as the Sony Email data breach, Ashley Madison’s leaked information, and the IRS internal database breach are clear indicators that protecting information stored on the cloud needs to be a bigger priority. The markets that are suffering the most from these data breaches are the healthcare industry and financial services industry, because hackers and the black market have dictated that this is the most valuable information to obtain.
3. Prediction: Expect more breaches of health care data. One reason: the growing number of access points to protected health info. Another: the growing popularity of wearable technology, which can transmit data to doctors but provide an entry point to hackers.
Reality: Over 100 healthcare data breaches were recorded in the first five months of 2015. These included Blue Cross Blue Shield, AFLAC, Virginia Department of Medical Assistance, and the Georgia Department of Community Health. Each of these breaches affected millions of patients and exposed highly sensitive information. And since HIPAA released its May 2015 report (seen below), other high-profile healthcare breaches have occurred including UCLA, CVS Health and Beacon Health System.
4. Prediction: Despite all the headlines involving breaches by hackers and foreign countries, disgruntled or negligent employees will be companies’ biggest security threats.
Reality: The suspicion that the AshleyMadison.com breach was performed by a single disgruntled employee of the website’s parent company, Avid Life Media, reminds us of internal threats to data security. Employees may be looking for financial gain by selling confidential data or it can be an act of revenge by angry ex-employees who still have network privileges. Morgan Stanley also suffered a data breach that compromised hundreds of thousands of client accounts whereby partial account information of up to ten percent of all Wealth Management clients was stolen.
5. Prediction: The Internet of Things will become a buzzword in insurance circles. The term refers to the growing cloud-based connectivity of people and their devices, which may provide an easy entry point to all your devices and data.
Reality: New vulnerabilities are emerging regularly such as the risk of having your garage door opener hacked and entry gained to your home. As we connect more and more of the things in our lives to the web—from our cars to our to thermostats to our refrigerators—the cloud servers with vast databases of personal information gathered from all those connected devices become bigger targets. The data these servers house could include anything from financial information to insights to our minute-to-minute actions in our own homes, like when we’re there and when we aren’t.
Data breach incidents have clearly once again dominated the news in 2015, and they are only becoming more frequent and damaging. The prevalent opinion among security industry experts is that data breaches are inevitable and unavoidable. That it is not a question of if companies will become victims, but when, and how prepared they will be to react when it happens.
How prepared is your business? Contact SLPowers today to schedule an network evaluation and take the first step toward implementing an effective, multi-layered security solution.