Five Data Breach Trends For 2016

A few day ago over at the CFO Network group on LinkedIn, Scott Ernst (VP at Wells Fargo Insurance Services) posted a link to an article by Michael Bruemmer, VP of Experian Data Breach Resolution. The article, based on Experian’s annual Data Breach Industry Forecast, summarizes five data breach trends business leaders need to be on the lookout for heading into 2016.

Data Breach Word Cloud

It’s worth a few minutes to read the article, but in case you’re pressed for time, here’s Michael’s list:

  1. The EMV Chip and PIN liability shift will not stop payment breaches.
  2. Big healthcare hacks will make the headlines but small breaches will cause the most damage.
  3. Cyber conflicts between countries will leave consumers and businesses as collateral damage.
  4. 2016 U.S. presidential candidates and campaigns will be attractive hacking targets.
  5. Hacktivism will make a comeback.

These trends make sense to me so I won’t be surprised to see them emerge over the coming year. And, Micheal’s right that the best way to prepare is to

update … response plans accordingly

Aside from the large expense of a data breach, organizations also need to be ready for the mostly successful attempts at stealing money via business email compromise (BEC), which exploits people and process more than technology. This technique has resulted in about $1.2 billion stolen in just the last couple of years worldwide. For one high profile example, see the story Brian Krebs published about the $46 million stolen from Ubiquiti Networks in 2015.

The good news is all these risks can be significantly lowered with a reasonable amount of effort. There are many good risk management frameworks you could choose to help guide the work. Right now I really like the NIST Cybersecurity Framework (CSF) which I’ve been using a lot lately.

What cybersecurity trends are you watching?