Preventing and managing data breaches have become two of the highest priorities facing businesses today. Credit bureau Experian Data Breach Resolution provided details about several key issues that could affect businesses worldwide in its second annual "Data Breach Industry Forecast."
The credit bureau's 2015 data breach industry predictions include:
- Rise-and-fall of payment breaches.
- More hackers to target cloud data.
- The "Internet of Things" could create more vulnerability points for organizations.
- Employees will remain the biggest security threats for organizations.
Although many retailers have already begun the process of phasing out magstripe payment card readers in favor of chip and PIN point-of-sale devices in anticipation of the October 2015 “liability shift” deadline, Michael Bruemmer, VP with the Experian Data Breach Resolution group, believes that the closing of that window may precipitate additional attacks by cyber thieves. Additionally, because the deadline has been announced for some time, Bruemmer said hackers have had a head start on researching chip and PIN terminals to try and figure out their vulnerabilities.
“There’s going to be more focus on passwords, particularly users that have privileged accounts or administrative rights to get into the system,” Bruemmer told Security Info Watch. “If you just look at the last 12 months that have been reported and the forensics have been done, it generally comes back to an employee mistake and it is an administrative credential that was compromised, either inadvertently by a phishing scheme, a brute force attack or forgetting to change passwords on a regular basis with companies changing employees and old credentials not being shut down. That, to me, has been the tip of spear in the more high-profile breaches that have been completely reported out in the media and I don’t think that’s going to change going into 2015."
The concept of the “Internet of Things” in which an ever increasing number of appliances and devices are being connected to the web has taken businesses across a variety of industries by storm. Cisco predicts that by 2020, there will be somewhere between 20 to 50 billion connected devices in use around the world. With this increasing level of connectedness, however, also comes the threat that malicious actors who could exploit it.
“While the Internet of Things has huge potential, it also brings more points of vulnerability for organizations,” said Ozzie Fonseca, senior director, Experian Data Breach Resolution. “As companies adopt more interconnected products and systems, the Internet of Things could usher in the next wave of large third-party breaches. Businesses taking advantage of these technologies must address risk management and security with all of the platforms that collect or house personal information.”