2016 Security Trends: What's Next for Data Breaches?
|
 |
|
Physical Damage
There will be an increased volume of targeted attacks with damage as the primary objective.
Perhaps the most famous account of a network attack that resulted in actual damage to computers and other resources was the one at Sony. Here, besides the headline-grabbing news of data and assets ex-filtrated and released to the world, the company reeled from the carnage of attackers securely deleting everything on 3,262 of Sony's 6,797 PCs and 837 of its 1,555 servers. This brought all business operations to a standstill, and the company had to resort to pen and paper, faxing and other "old school" means to try to get things done. Each of those computers and servers that had data wiped also had key start-up software removed or destroyed to render the computers useless without being completely rebuilt. This further ensured that the business would be impaired for weeks or months. The custom malware used also added a threatening screen to each employee computer.
Whether sponsored by a foreign country or a group of malcontents, network attacks with the primary purpose of inflicting damage will likely become more common in the coming year.
Over the past year, there have been a number of disturbing developments with regards to data breaches. Not only have data breaches become more frequent, but their impact has become greater — not just in the sheer volume of information or assets stolen, but in the very nature of what hackers are targeting. The extremely sensitive data lost in the White House and Office of Personnel Management breaches are prime examples. Unfortunately, given the successful breaches of high-value targets in 2015, we can be sure that 2016 will only get worse.
With this horrifying direction and the gravity of what's at stake, it would be a fair expectation that most enterprises should be seriously looking at how their security needs to change. Obviously, traditional security is of little value when it comes to stopping a data breach. Intruders can easily elude preventative security — generally by compromising a single user device or account — and furtively conduct their business inside a network for months before being discovered.
A big part of the problem is that security organizations are still focused on preventative security — looking for a silver bullet that will keep an attacker out of their networks in the first place. Despite a Gartner recommendation that organizations shift security efforts toward the detection of network intruders and the emergence of promising new behavioral analytic tools and security strategies, well under 1 percent of enterprises have the ability to find a post-intrusion network attacker. Cyber criminals continue to have the potential for unimpeded, long-term success.
So how will attacks change in 2016? In this slideshow, David Thompson, Sr. Director of Product Management, LightCyber, has identified data breach trends we can expect to see in 2016.
Related Topics : Unisys, Stimulus Package, Security Breaches, Symantec, Electronic Surveillance
PAM Solutions: Critical to Securing Privileged Access
To protect the company from those insiders who abuse their privileged access and from hackers with stolen credentials, many companies are turning to a privileged access management (PAM) solution. ... More >>
How Can We Fix the Fake News Problem?
Is fake news a security issue? Some say yes, as it can be used as a social engineering tool to spread disinformation and conceivably to get unsuspecting users to click on malicious links. ... More >>
The World According to Blockchain
Blockchain comes with many costs and is surrounded by confusion. Here, we examine realistic use cases, drawbacks and the potential of blockchain. ... More >>