Last December, information services provider Experian published a data breach forecast with several projections about what businesses and consumers could expect from hackers in the coming year. The firm recently released scorecards on how its done with its predictions.
The health care industry was identified as the sector most likely to be targeted by hackers in 2017. The explanation is simple: personal medical data are among the most valuable kinds of information to target because once the data are made inaccessible, health care officials will pay handsomely to get it back. As of July 6, the Identity Theft Resource Center had counted 178 data breaches for the year that compromised more than 3 million records.
After noting the impact of the WannaCry ransomware attack earlier this year and other cyberattacks against medical facilities, Experian said that not only did this prediction come true, but “the number, scope and impact of healthcare cyberattacks will only grow.”
The Experian experts also predicted escalation in nation-state cyberattacks to include espionage and acts of war. They note in their progress report:
Although cyberattacks haven’t yet escalated to the level of outright war between nations, the appointment of a special investigator to look into possible Russian influence in the presidential election is evidence cyber espionage is moving to a new level. Reports of Russian involvement in the election process illustrate the potential cyberattacks have to become powerful political and offensive weapons.
They made a prediction that international data breaches would complicate the operations of multinational companies due to the wide variety of laws and regulations related to computer data. The number of international incidents was predicted to double from about 10% of incidents resolved last year by Experian. Recent events, like the TalkTalk scam in Britain, “show our estimate could be on track.”
In its December report, Experian also warned of potential hacker exploitation of emerging threats like virtual and augmented reality to steal personal information and insufficient security related to tax return filing would allow hackers to continue to file fraudulent tax returns. The jury is still out on both predictions.
But in its progress report on emerging threats, Experian noted additional risks that have surfaced so far this year:
- Smaller data breaches that don’t require consumer notification are tempting some companies to forgo communicating with potentially affected consumers. While the number of attacks and breached records remains high, businesses should not adopt the mentality of notifying consumers only when legally required to do so. Notifying affected consumers is the responsible thing to do, and can help sustain customers’ confidence and trust.
- Phishing scams are becoming increasingly sophisticated, targeting bigger fish such as CEOs and high-ranking employees who have access to financial accounts and valuable data. The FBI reports that such scams have caused actual and attempted business losses of more than $3 billion.
- Small businesses have always been a favorite target of cyber-criminals, even though many small businesses continue to underestimate their exposure. Targeting of small businesses continues, and these smaller companies need to take defensive measures, such as moving data to the cloud and investing in cyber insurance.
- High-profile attacks on big-name organizations and celebrities are growing in number and scope. From a hacker leaking the new season of “Orange Is the New Black” in April when Netflix refused to meet the hacker’s ransom demands, to the high-profile attack on the Ashley Madison social website, the potential for fame is drawing hackers as surely as monetary gain might. Those in the limelight must make security a priority, take steps to prevent an attack and prepare to respond when one occurs.
- The WannaCry ransomware attack affected countries, businesses and consumers around the world; it’s a frightening example of the near future of ransomware, in which companies must prepare for large-scale attacks.