Five Data Breach Threats

According to a recent Business News Daily article, securing sensitive information has never been more difficult with new malware threats that seem to pop up every single year. Being ready for a data breach is essential to survival if, or more likely, when one occurs.

Based on Experian’s 2017 Data Breach Industry Forecast report, here are some of the cyber threats businesses can expect:

1. Aftershock password breaches will become more common

Experian predicts that “aftershock” breaches, repeated unauthorized logins after usernames and passwords obtained in previous breaches are sold on the dark web, will continue to rise this year.

To mitigate this risk, companies should implement two-factor authentication to verify users, which helps solve the password reuse problem. Secondary authentication methods can be password alternatives such as tokens, SMS alerts, geolocation confirmation, or biometrics.

2. Nation-state cyberattacks will move from espionage to war

Experian expects cyberattacks to continue against the United States, and with no international agreement governing engagements in cyberspace, the number of attacks will increase and could possibly escalate already existing tensions between countries.

3. Health care will be the most targeted sector

As health care institutions deploy new mobile apps, it is anticipated that they will introduce new vulnerabilities that will be attractive targets to hackers. It is expected that ransomware will be the main type of malware used.

The U.S. Department of Health and Human Services, Office for Civil Rights, has classified ransomware attacks as requiring consumer notification. Experian suggests that preventing data breaches will become even more important. Consumers who have never been notified of breaches are likely to react strongly to news of their information being stolen.

4. Criminals will focus on payment-based attacks

Payment-related breaches will continue, since many small merchants still lag behind in their transition to EMV chip and PIN. There are legitimate barriers to adopting this technology, such as having to manage more infrastructures, the need for software updates to accept payments, and the impact on the checkout process. However, the risk of not adopting the technology is high, as attackers have demonstrated the ability to exploit older technology.

5. International data breaches will cause big headaches for international companies

New regulations in Canada, Australia and the EU require companies to notify customers whose data has been stolen. Even if your business doesn’t sell to international customers yet, it’s wise to start complying with these new rules to ensure you are prepared in the event of an incident.

To prevent breaches, Experian advises all organizations to train employees on how to spot phishing attacks, keep all security software fully patched, and have contingency plans for responding to a ransomware attack.

If your company falls victim to a data breach, prepare yourself and learn how to respond to it using tips found in this Business News Daily guide.

FTC Data Breach Response

The Federal Trade Commission’s new Data Breach Response: A Guide for Business and accompanying video can help you figure out what steps to take and who to contact. Among the key steps are securing physical areas, cleaning up your website, and providing breach notification. The guide also includes a model data breach notification letter.

ISO 27001 Information Security Standard

ISO 27001:2013 is an information security standard. If you are interested in an on-site ISO 27001 Requirements class, you can view the course description by clicking on the course title.