By Thor Olavsrud
Jan. 10, 2017
Experian recommends healthcare organizations of all sizes and types review their security measures and ensure they have contingency planning for responding to ransomware attacks as well as adequate employee security training.
4. Criminals will focus on payment-based attacks despite the EMV shift taking place over a year ago
All payment cards in the U.S. started incorporate EMV chips last year. But according to a report last September by the Strawhecker Group (TSG), only 44 percent of U.S. card-accepting merchants have EMV terminals, and only 29 percent can actually accept chip-based transactions.
Experian predicts that uneven adoption of the technology, combined with attackers targeting new industries and adapting their tactics, means payment attacks will plague companies in 2017.
"Instead of targeting big name retailers as we've seen in the past, attackers may turn their attention to smaller franchised stores and others with distributed infrastructure," the report says. "Along with needing to manage more distributed infrastructure, these businesses are experiencing other barriers, such as the need for software updates to accept payments that are not available and the impact it can have on the checkout process."
For years, cybercriminals have made use of skimmers, devices capable of stealing magnetic stripe data from point-of-sale (POS) systems. In the past, such devices have largely been used with ATMs. But the increasing popularity of self-checkout terminals in retail outlets opens new opportunities for criminals to use the devices. EMV chips help defend against skimmers if the technology is used, but current adoption levels lead Experian to predict that at least one major national retailer will be hit with a significant skimming outbreak in 2017.
To combat this, Experian says that while there are legitimate barriers to merchants adopting EMV Chip and PIN technology, the risk of not doing so has become too high to ignore.
"It is essential that companies behind the curve speed up their plans for EMV Chip and PIN adoption," the report said. "Both retail companies and consumers need to maintain security best practices during this time of ongoing transition and recognize that cyber criminals may shift their focus but won't be completely deterred. Paying close attention to potential weak spots, including catching POS simmers quickly, can help mitigate potential fallout."
5. International data breaches will cause big headaches for multinational companies
Experian believes that breaches involving the loss of international consumers' data will cause the most significant damage in 2017, especially once the new General Data Protection Regulation (GDPR) in the E.U. goes into effect. Experian notes that new regulations will also soon take effect in Canada, and Australia is also considering a data breach bill.
A recent Ponemon Institute study found that 42 percent of companies have not included processes to manage an international data breach in their incident response plans.