Experian Forecast Predicts Major Data Breach Trends for 2017
January 11, 2017
Experian Data Breach Resolution recently released its fourth annual Data Breach Industry Forecast. Experian says five data breach trends will dominate 2017:
- Aftershock password breaches will change system access security. “Aftershock” password breaches occur when attackers who previously captured login credentials continue to sell old credentials on the dark web. Users often reuse passwords, often in multiple systems (home, bank, workplace). Therefore, the old credentials can frequently be used to mount new attacks against different entities, some of whom were not the victims in the original attack that produced the login credentials for the cyber thieves. Two-factor authentication will become more commonly utilized as a result.
- State-sponsored cyber-attacks will move from espionage to war. Experian notes that when the issue of state-sponsored cyber-attacks came up during the recent U.S. presidential campaign, both candidates said they would favor using cyber weapons to retaliate. On this basis among others, Experian predicts an escalation in cyber-attack conflict in 2017. Experian anticipates that these conflicts will have material impact upon consumers and businesses.
- Healthcare organizations will be the most targeted sector with new, sophisticated attacks emerging. Experian believes 2017 will see criminals expanding into new subsectors of the healthcare industry, including hospital networks.
- Criminals will focus on payment-based attacks despite the implementation of EMV card technology. The payment card industry hoped that the shift to EMV (chip card) technology in the U.S. would significantly curb cyber theft of credit and debit card information. However, only 44 percent of U.S. merchants have EMV-capable terminals, and only 29 percent actually have the software permitting them to accept chip-based transactions. Uneven adoption of the technology, combined with attackers targeting new industries and adapting their tactics, may mean that payment card attacks will plague companies in 2017.
- International data breaches will impact multinational companies. Experian believes that breaches involving the loss of international consumers’ data will cause the most significant damage in 2017. Experian notes that new regulations will also soon take effect in Canada, and Australia is also considering a data breach bill. A recent Ponemon Institute study found that 42 percent of companies have not included processes to manage an international data breach in their incident response plans. The General Data Protection Regulation (GDPR) in the EU will go into effect in May of 2018, but companies will have to do advance planning and work to be ready.
This Data Security & Privacy Alert is intended to keep readers current on developments in the data security & privacy world and in the law, and is not intended to be legal advice. If you have any questions, please call Sandy B. Garfinkel, Chair of the firm’s Data Security & Privacy Group, at 412‐566‐6868.