2015 has been a big year for cybersecurity. We’ve seen some of the biggest data breaches on record, fallout from crippling hacktivism attacks (see Ashley Madison and the spill over from 2014’s Sony Pictures hack), and new highs in security spending. We’ve also seen data breaches, cyberattacks, and other security issues receiving more attention globally, both in the newsroom and at government level. Looking back, here are four of the top trends in cyber security for 2015.
1. Attackers continue to increase in reach and creativity
Never mind the “sophisticated attacks” you keep seeing in headlines. While attacks are without a doubt growing in sophistication, 2015 has seen many attackers using the same old tactics but in more creative ways. Social engineering attacks like spear phishing have become more targeted and resourceful, relying on crafty cyber sleuthing and other tricks to make their efforts even more effective. For instance, many victims of the recent TalkTalk data breach, claim to have been targeted by very sophisticated phishing attacks, some occurring even before the breach was reported in the media. In one case, the perpetrators were able to slow down the victim’s Internet connection before contacting them under the guise of TalkTalk’s technical support team. They then used the personal details stolen in the breach to try and extract payment details from the target.
2. The healthcare industry emerges as the top target for cybercriminals
The healthcare sector solidified its place as the favourite target for cybercriminals in 2015, particularly in the US. Recent research from Raytheon/Websense found that the healthcare industry sees 340 per cent more security incidents than other industries. The study also found that healthcare firms are 200 per cent more likely to lose data in security incidents and 400 per cent more likely to fall victim to advanced malware. These figures are reflective of the state of cybersecurity in the healthcare industry; given healthcare firms’ lack of IT funding and other security resources, it makes sense that healthcare data continues to be low hanging fruit for attackers. The year’s mega breaches in healthcare tell the tale here, with the top five globally – Anthem, Premera, Community Health Systems, Carefirst, and Systema – totalling just shy of 100 million records lost.
3. A major increase in state-sponsored and nationalist cyberattacks
2015 saw more than its fair share of highly targeted, state sponsored cyberattacks with China and Russia two of the major perpetrators, amongst others. It’s widely believed that many of the US healthcare attacks mentioned above were the work of Chinese espionage, particularly the attacks on Anthem and Premera. In fact, with so many PII-harvesting attacks being attributed to China this year, many experts believe that Chinese hackers are compiling profiles of millions in the US, particularly intelligence agents. It was recently announced that President Obama and Chinese President Xi Jinping came to an agreement to end cyberattacks, but if recent discoveries - most notably Operation Iron Tiger and the 3102 malware attacks on the US government and EU media - are any indication, a true cyber ceasefire for state-sponsored hacking may be yet to come.
Closer to home, George Osborne recently announced that the UK is set to double funding to fight cybercrime to £1.9 billion over five years. This is in response to growing evidence that nationalist militants in the Middle East are trying to develop the ability to launch deadly cyberattacks on UK infrastructure including hospitals and airports.
4. Cybersecurity goes mainstream
This is another trend that has been growing over the past few years, but there’s no question that cybersecurity made it to the forefront of mainstream and even pop culture focus in 2015. From record-breaking attendance at conferences like InfoSecurity, RSA and Black Hat to the tabloid-like media frenzy following the Ashley Madison and TalkTalk data breaches, cyber security is “in.” We can only hope that this heightened attention spills over to improved cyber legislation and prioritisation of security in the private sector.
Many of these trends have been developing slowly for several years, but 2015 is when they truly came to the fore. What they show us is that cybersecurity will only grow in importance as the world we live in becomes increasingly connected and reliant on technology. However, by learning from breaches such as those at TalkTalk, Ashley Maddison and Anthem and Premera, businesses and organisations can take steps that will prevent them from being the next global security headline.
Luke Brown, VP & GM, EMEA, India and LATAM at Digital Guardian