Thor Olavsrud with CIO.com recently wrote an article examining the five data breach trends Experian predicts will dominate 2017. With scenarios such as cyber warfare, “domino effect” breaches, and ransomware being used to fund hackers’ research into more sophisticated attacks, the predictions paint a rather dire picture.
The data breach outlook for 2017 is not all bad news, however. Technology has evolved to enable organizations to address many of the vulnerabilities raised in the CIO piece. Read on to see how Bomgar can alleviate the security concerns in each of Experian’s predictions:
Prediction: Aftershock password breaches will expedite the death of the password.
Experian defines aftershock breaches as situations in which stolen credentials are sold and used by another criminal group, with the potential for significant damages across a wide variety of services in which the same username/password combination was used.
Bomgar’s Response: If you’re still using “password” as your password, stop reading right now and change it. (How many coozies do we have to give away?!) But realistically, passwords are still the most widely used form of authentication today – we don’t expect them to “die” anytime soon. However, there are ways to make passwords more secure, such as password managers These products enable companies to securely store passwords and share them among authorized users, without ever exposing the plain text. Adding two factor authentication is another way to make passwords more secure.
Prediction: Nation-state cyber-attacks will move from espionage to war.
Experian predicts an escalation in cyber-attack conflict this year, with consumers and businesses suffering the collateral damage.
Bomgar’s Response: Don’t get caught in the crossfire – a layered security approach is imperative when it comes to protecting your organization from a cyberattack. You’re only as strong as your weakest link, and quite often the origin of your weakest link may surprise you. Companies must ensure that they implement strong password management practices across the board, and hold vendors and other third-parties accessing the network to this same standard – all while taking a hard look at the levels of access given to insiders within the company and how they are managed
Prediction: Healthcare organizations will be the most targeted sector with new, sophisticated attacks emerging.
Bomgar’s Response: Healthcare has become a particularly attractive industry for hackers—a recent report found there was an average of one health data breach per day last year. In this heightened environment, healthcare organizations must take a close look at the solutions they are utilizing for remote access and remote support. Any lack of security features in those solutions could put the company—and its patients, insurers, vendors and other entities—at risk.
Prediction: Criminals will focus on payment-based attacks despite the EMV shift taking place over a year ago.
All payment cards began incorporating EMV chips last year, but a large percentage of merchants can’t yet accept chip-based transactions. Experian predicts that this lack of uniform adoption, coupled with hackers targeting new industries with ever-evolving tactics, will result in an uptick in payment attacks this year.
Bomgar’s Response: Both the Target and Home Depot breaches started with infiltration of POS systems using compromised vendor accounts. Vendors need to be held to the same security standards as employees. Privileged Access Management solutions provide a much more granular level of access than a VPN and can significantly reduce vendor risk related to compromised credentials.
Prediction: International data breaches will cause big headaches for multinational companies.
Bomgar’s Response: To mitigate against this threat, companies need to know who is accessing the network, when and for how long. Hackers frequently infiltrate large organizations by first targeting external vendors, and leveraging these breached privileged credentials to access the larger organization’s network. As mentioned above, this was the case in the 2013 Target data breach, as well as the more recent attack involving Potomac Healthcare. It’s critical that organizations implement a secure remote access solution that governs not only what systems and applications external groups can access, but also when this access can and cannot be used. In addition, companies should have the ability to monitor sessions in real-time and terminate access at any point.
No single solution can completely protect against the threat of a data beach, but recent technology innovations have come a long way in addressing some of the most significant vulnerabilities. As Thor put it in his CIO piece: Staying ahead of emerging threats and the increasing sophistication of cybercriminals requires “constant vigilance."
As 2017 gets underway, companies should exercise this vigilance by ensuring their IT environment includes the security best practices outlined above. It might not be possible to entirely disprove Experian’s predictions, but we as a collective industry can do our part to ensure their impact is minimized.