Living in a networked world has its advantages, but it also leaves organisations vulnerable to exploitation by malware, inadvertent employee actions and malicious attacks, writes Luke Brown, VP & GM, EMEA, India and LATAM at Digital Guardian.
We’ve seen some of the biggest data breaches on record from some of the largest companies in nearly every major industry leading to new highs in security spending (see Ashley Madison, TalkTalk and Moonpig as well as the spill over from 2014’s Sony Pictures hack.) We’ve also seen data breaches, cyber attacks, and other security issues receiving more attention globally, both in the newsroom and at government level. Looking back, here are four of the top trends in cyber security for 2015.
1. Attackers continue to increase in reach and creativity
Never mind the “sophisticated attacks” you keep seeing in headlines. While attacks are without a doubt growing in sophistication, 2015 has seen many attackers using the same old tactics but in more creative ways. Social engineering attacks like spear phishing have become more targeted and resourceful, relying on crafty cyber sleuthing and other tricks to make their efforts even more effective. For instance, many victims of the recent TalkTalk data breach, claim to have been targeted by very sophisticated phishing attacks, some occurring even before the breach was reported in the media. In one case, the perpetrators were able to slow down the victim’s internet connection before contacting them under the guise of TalkTalk’s technical support team. They then used the personal details stolen in the breach to try and extract payment details from the target. Many of these attacks have been blamed on a rise in ‘hacktivism’ – ‘hacktivists’ being individuals or groups who will attack companies for a variety of reasons, including opposing values, ethics or for monetary gain,
2. The healthcare industry emerges as the top target for cybercriminals
The healthcare sector solidified its place as the favourite target for cybercriminals in 2015, particularly in the US. Recent research from Raytheon/Websense found that the healthcare industry sees 340% more security incidents than other industries. The study also found that healthcare firms are 200% more likely to lose data in security incidents and 400% more likely to fall victim to advanced malware. These figures are reflective of the state of cyber security in the healthcare industry; given healthcare firms’ lack of IT funding and other security resources, it makes sense that healthcare data continues to be low hanging fruit for attackers. The year’s mega breaches in healthcare tell the tale here, with the top five globally – Anthem, Premera, Community Health Systems, Carefirst, and Systema – totalling just shy of 100 million records lost.
3. A major increase in state-sponsored and nationalist cyber attacks
2015 saw more than its fair share of highly targeted, state sponsored cyber attacks with China and Russia two of the major perpetrators, amongst others. It’s widely believed that many of the US healthcare attacks mentioned above were the work of Chinese espionage, particularly the attacks on Anthem and Premera. In fact, with so many PII-harvesting attacks being attributed to China this year, many experts believe that Chinese hackers are compiling profiles of millions in the U.S., particularly intelligence agents. It was recently announced that President Obama and Chinese President Xi Jinping came to an agreement to end cyber attacks, but if recent discoveries – most notably Operation Iron Tiger and the 3102 malware attacks on U.S. Government and the E.U. Media – are any indication, a true cyber ceasefire for state-sponsored hacking may be yet to come.
Closer to home, George Osborne recently announced that the UK is set to double UK funding to fight cybercrime to £1.9bn over five years. This is in response to growing evidence that nationalist militants in the Middle East are trying to develop the ability to launch deadly cyber attacks on UK infrastructure including hospitals and airports.
4. Cyber security goes mainstream
This is another trend that has been growing over the past few years, but there’s no question that cyber security made it to the forefront of mainstream and even pop culture focus in 2015. From record-breaking attendance at conferences like InfoSecurity, RSA and Black Hat to the tabloid-like media frenzy following the Ashley Madison and TalkTalk data breaches, cyber security is “in.” We can only hope that this heightened attention spills over to improved cyber legislation and prioritisation of security in the private sector.
Many of these trends have been developing slowly for several years, but 2016 is when they truly came to the fore. What they show us is that cyber security will only grow in importance as the world we live in becomes increasingly connected and reliant on technology. However, by learning from breaches such as those at TalkTalk, Ashley Maddison and Anthem and Premera, businesses and organisations can take steps that will prevent them from being the next global security headline.
