By Thor Olavsrud
Jan. 10, 2017
To combat this trend, Experian recommends implementing two-factor authentication to identify users. It also recommends companies account for aftershock breaches in their incident response plans.
2. Nation-state cyber-attacks will move from espionage to war
Experian predicts that cyber conflicts between nation-states will escalate from espionage to cyber-warfare in 2017.
"While the [U.S. Office of Personnel Management] breach of 2015 was clearly motivated by gaining specific intelligence, in 2017 we will see new operations made public that use cyber-attacks as an outright offensive weapon," the report said.
Experian notes that when the issue of state-sponsored cyber-attacks came up during the recent U.S. presidential campaign, both candidates said they would favor using cyber weapons to retaliate, leading Experian to predict an escalation in cyber-attack conflict in 2017. These conflicts will tend to leave consumers and businesses as collateral damage.
"The progression of cyber-attacks driven by nation-states will undoubtedly place critical infrastructure in the crosshairs, potentially leading to widespread outages or exposed personal information that could impact millions of innocent consumers," the report said.
Experian recommends companies address this threat by participating in their respective Information Sharing and Analysis Center (ISAC) to share cyber threat information with peers and national defense organizations. Additionally, businesses &8212; especially businesses involved in critical infrastructure — should prepare for full-on disruption. Proactive steps could involve purchasing insurance protection and shoring up security measures against large-scale disruptions.
3. Healthcare organizations will be the most targeted sector with new, sophisticated attacks emerging
For years, personal medical information, particularly electronic health records (EHRs), have been some of the most valuable data criminals can target. In 2015, many attackers focused on health insurers. But Experian believes 2017 will see criminals expanding into other aspects of healthcare, including hospital networks. The report notes that hospital networks tend to be more distributed, making it harder to maintain security measures compared with more centralized organizations.
"The consequences of a medical data breach are wide-ranging, with devastating effects across the board — from the breached entity to consumers who may experience medical ID fraud to the healthcare industry as a whole," says Ann Patterson, senior vice president, Medical Identity Fraud Alliance (MIFA).
Experian predicts ransomware will be a top concern.
"Ransomware presents an easier and safer way for hackers to cash out. Given the potential disruption to a company, most organizations will opt to simply pay the ransom," the report says. "This has unintended consequences of funding more research and development by attackers who will in turn develop more sophisticated and targeted attacks. These new variants will likely be able to evade many of the security detection systems that were developed and are now widely deployed to stop the previous generation of attacks."