Based on what has happened this year, 2015 should go down as a tipping point for how companies approach data security for years to come. Some of the biggest companies in nearly every major industry were breached during the last 12 months, including TalkTalk, Ashley Madison and Moonpig.
In fact, the latest Breach Level Index report shows there were 888 data breaches in the first half of the year, compromising 246 million data records of customers’ personal and financial information worldwide.
In many cases, breaches resulted from security strategies dominated by a singular focus on breach prevention that includes firewalls, antivirus, threat detection and monitoring. Ahead of the EU General Data Protection Regulation (GDPR) - which will obligate European companies to adopt preventative security measures that lower the risks of data breaches and mitigate the consequences after an incident occurs- it is time to usher in a new era where businesses take a new approach to security that keeps valuable assets secure even when hostile intruders have penetrated the perimeter.
The first step for protecting sensitive information is keeping an eye on the latest developments in the cyber security space. The following are the five key trends businesses should look out for in 2016.
- Protected health information, personally identifiable information, and intellectual property data will become the new oil: During the 19th century, there wasn’t a high level of demand for “rock oil.” However, as more uses were identified for various refinery by-products – including kerosene for lamps and gasoline for the budding automobile industry – demand grew and the economy around oil grew with it. Today, hackers are in a similar “Wild West” environment. They are collecting massive amounts of data – from Social Security and credit card numbers to healthcare records – with the intent of figuring out its best uses at a later date. They’re no longer just targeting data for its immediate value, but instead are intent with its eventual value that will come from repurposing stolen data for future attacks.
- Data integrity attacks will be the new treasure trove for hackers: Today’s connected world constantly generates mounds of data that businesses, industry professionals and analysts use to drive decisions, make projections, issue forecasts and more. Experienced attackers can take seemingly invisible actions to turn “good data” into “bad data” which, over time, can lower or raise the prices of stocks, enabling hackers to earn high dividends. When it comes to entire industries – agriculture, for example – yield projections can be manipulated and hackers can seize investment opportunities based on erroneous data. What’s more, corrupt data can force poor corporate decision-making and take down a company.
- Companies will continue to struggle with cyber security: Organisations worldwide will continue to try to understand their legal and insurance needs due to seemingly ongoing data breaches and will continue to struggle with misaligned or missing technical expertise around their security strategies. Simply put, many businesses will still have trouble understanding the data that they should be protecting, where it is, and how to defend it.
- Two-factor authentication will become the new normal: Due to the ongoing trend of password insecurity. More and more businesses will come to the realisation that passwords are not secure, no matter how complicated or clever we think them to be. Making them more complex, as per the stern instructions we receive when setting up our countless personal and professional accounts, only really helps to prevent an amateur intruder from guessing the password. It does not stop a sophisticated attacker from viewing the password as you type it in, no matter how many different alphanumeric characters it contains.
- APIs will soon become an attack vector capable of delivering the “motherlode” of stolen data to thieves: When an application programme interface (API) is breached, hackers can gain easy access to encryption keys. A compromised API – even for an encryption-protected application – would expose data from all users, throwing the doors open to sensitive information most prized by hackers at countless companies. In short, when an API is successfully targeted, all the application traffic “under it” could be available.
So what steps can businesses take to protect themselves - and their data - in 2016? Organisations need to be continually vigilant and take a multi-layered, dynamic approach to data security which will allow them to be safe in the knowledge that their sensitive information is protected, whether or not a breach occurs.
Only those that adopt a 'secure breach' approach, consisting of a combination of strong authentication, data encryption and key management, will be able to be confident that data is useless should it fall into unauthorised hands.
Jason Hart, VP and CTO for Data Protection at Gemalto
Image source: Shutterstock/wk1003mike