Cyber attacks in 2015 likely to expand, change in scope

By Erin Ayers on December 31, 2014

experianlogoCyber attacks will not abate in 2015, but they may shift in severity, targets, and the type of information sought by hackers, according to a new report from Experian, which also predicted a closing “window” for the payment card breaches that have become the bane of retailers.

If the breaches experienced in 2014 have generated any positive results, it could be the increased awareness for businesses, regulators, and consumers, Experian suggested. All stakeholders can be expected to take a more aggressive stance against cyber attacks over the next year, the firm added.

“For businesses, the risk of experiencing a data breach is higher than ever with almost half of organizations suffering at least one security incident in the last 12 months. To address this, 48 percent of organizations increased investments in security technologies in the same timeframe, and 73 percent acknowledged the likelihood of a breach by developing a data breach response plan,” stated Experian in its report. “Cyber insurance policies are also becoming more important to a company’s preparedness plan, with the adoption rate more than doubling over the last year from 10 percent in 2013 to 26 percent in 2014.”

In 2015, regulations will demand that merchants implement tougher security, including EMV (chip and pin) technology. Experian said that between now and October, hackers could ramp up their efforts to steal payment card information via point-of-sale malware. Retailers shouldn’t rest easy, the report indicated.

“Once chip and PIN technology is adopted, it won’t be long before cyber thieves identify new vulnerabilities to target. Either way, retailers need to prepare for the likelihood of a breach by hardening the security of their infrastructure and ensuring there is a proper incident response plan in place,” said Experian in its report. “The risk of credit card companies and banks filing lawsuits against breached retailers will also be motivation for companies to invest in security sooner rather than later.”

And hackers themselves will seek to find new information to steal, Experian predicted. Pilfered credit cards aren’t nearly as valuable on the black market as other personal details, such as Social Security numbers, healthcare data, and passwords to online accounts. An increase in interest in medical identity theft points to a rise in attacks on healthcare organizations.

“Cybercriminals looking to capitalize on a bigger payout may continue to target the healthcare industry for access to patients’ Protected Health Information (PHI). Industry reports reveal medical identity theft has now claimed more than 1.8 million U.S. victims, granting hackers the ability to gain medical services, procure drugs, and defraud private insurers and government benefit programs,” said Experian. This sensitive information held by healthcare entities, coupled with a lack of resources to safeguard that data, could create a significant problem, the firm warned.

Experian also predicted a rise in attacks on cloud providers and the many connected devices included in the Internet of Things as cybercriminals zero in on the data that will provide the greatest gains. In response to the rising action in cyber space, the report also predicted more accountability for business leaders, more action from regulators, and more potential harm from insider threats.

erin.ayers@zywave.com'

Erin is the managing editor of Advisen’s Front Page News. She has been covering property-casualty insurance since 2000. Previously, Erin served as editor-in-chief of The Standard, New England’s Insurance Weekly. Erin is based in Boston, Mass. Contact Erin at [email protected].