We are only a month into 2016 and it’s already shaping up to be a big year for data breaches. Of the many organizations facing increasing threats this coming year, the presidential candidates are also likely to be attractive targets for attacks. Recent cyberattacks targeting information from Hillary Clinton and Donald Trump are an indicator of how the threat landscape is changing with hacktivism making a comeback.
Beyond the candidates, companies also face hacktivism and several other new data breach threats in the coming year. While traditional threats will continue to make headlines, there are several emerging issues that need to be addressed in data breach preparedness plans. To help risk managers prepare for what lies ahead, outlined below are our top trends anticipated in 2016.
Hacktivism will return in force
Foreshadowed by last year’s high-profile data breaches – think website Ashley Madison – hacktivist activities are likely to resurge with the intention of causing reputational damage to a company or cause in lieu of financial gain. Organizations and groups with a polarizing or controversial standing should be prepared for the possibility of an attack aiming to harm its organization and/or constituency. These incidents can cause significantly more damage to individuals and are harder to resolve for the business, so organizations must be prepared to respond to this type of incident and ensure that all scenarios are accounted for in their data breach response plans.
2016 elections set the stage for attractive hacking targets
With big data analytics driving modern campaigns, the potential for a politically motivated attack is a significant threat. The presidential arena is an attractive platform for criminals or activists seeking notoriety, and a hack of this kind could take many forms from exposing secrets or embarrassing information about the candidates to outing fund sources of super PACS. This year’s race is particularly polarizing with the involvement of outspoken candidates, the current political uncertainty and the comeback of hacktivism. In addition to attackers looking to expose information about candidates, other countries will likely be on the lookout for vulnerabilities to target during the election to gain insight into the foreign policy positions and platforms that could impact their country if a certain candidate is elected. Generally, risk managers at businesses and political campaigns should be prepared for a data breach around any major activity or event. If sensitive information about a campaign or donor base is exposed, it could cause a major disruption in the campaign and reputational damage.
Consumers and businesses will be caught in the middle of cyber conflicts between countries
As nation-states continue to move their conflicts and espionage efforts to the digital world, we will likely see more incidents aimed at stealing corporate and government secrets or disrupting military operations. The Wall Street Journal reported in October 2015 that more than 60 countries have or are developing tools for computer espionage and attacks, and 29 countries now have formal military or intelligence units dedicated to cyber efforts. These attacks are likely to cause collateral damage to millions of innocent individuals whose personal records could be exposed in the process, similar to the Office of Personnel Management breach in 2015. While hackers in the OPM breach were likely targeting information from a subset of individuals, millions of people’s information was exposed in the process.
Healthcare data breaches will continue to make headlines
Healthcare companies will remain a top target this year, due to the high value of medical records on the black market. However, this year we expect that breaches of smaller organizations will cause the most damage. While insurers and large hospital networks contain the largest amount of data, and therefore present the largest payoff to hackers, they also spend more time preparing for attacks and investing in security compared to smaller organizations. Regardless of size, this sector will continue to be a focal point for attacks. Organizations must protect their data by investing in up-to-date security technologies and regularly training employees on proper data handling practices.
Only time will tell what type of breaches will top the charts this year, but we can bet that the frequency and sophistication of security incidents will probably continue to advance. Companies must confront the rising threats and vulnerabilities in today’s data breach landscape, and take the necessary steps to protect themselves. By investing in up-to-date security technologies, training employees, implementing security awareness programs and regularly updating data breach response plans, companies can be much more confident and prepared to face an attack.