All Time High was a good name for a James Bond film theme. But it’s an unwelcome descriptor for a trend in data breaches and hacks. As we wrote earlier this year, Insurance Business Magazine reported, “there were 1,093 tracked data breaches in 2016, a new all-time high according to a report from the Identity Theft Resource Center (ITRC) and CyberScout…the previous record was 780, recorded in 2015, making a 40 per cent increase last year. However, the report asks whether it is the number of incidents that has risen or just the reporting of them by states.”
FinTech website Bankless Times adds that “the business sector was once again the most victimized area with 494 incidents representing 45.2 per cent of all breaches. Health care and medical services placed second at 377 beaches (34.5 per cent).
“Hacking, skimming and phishing attacks accounted for more than half of all breaches. CEO spear phishing efforts, aka business email compromise schemes, are the most common type. Due to a 400 per cent rise in such attacks, the IRS issued both consumer and industry alerts on them in 2016.”
Heading into the home stretch of 2017 then, have the trendlines gotten worse? As Experian wrote in a recent report on where things were headed, “while some tried and true attacks continue to serve as go-to methods for hackers, there are evolving tools and targets that are likely to become front page news in 2017.”
Among them, they were expecting:
» Nation-State cyber-attacks will move from espionage to war
» Healthcare organizations will be the most targeted sector
with new, sophisticated attacks emerging
» Criminals will focus on payment-based attacks despite the
EMV shift taking place over a year ago
» International data breaches will cause big headaches for
A couple of these have already occurred — health care, for example, remains a heavily targeted sector, and controversy still swirls over the degree to which countries have destabilized rivals through election hacking — including here at home.
Indeed, one of the disturbing new trends in data hacks, perhaps unforeseen by either Insurance Business Magazine or Experian, is the pilfering of voter information itself, and the identity theft of those registered. As we to to post this, nearly two million Chicago-area voting records have been exposed to hackers after a misconfigured security setting on the server storing them.
As CNN reports, “Election Systems & Software (ES&S), the Nebraska-based voting software and election management company, confirmed the leak on Thursday. In a blog post, the company said the voter data leak contained names, addresses, birthdates, partial social security numbers and some driver’s license and state ID numbers stored in backup files on a server.”
Everything, in other words, hackers need to create fake identities.
Similarly, there are worries that the Federal panel created to look into “phantom voting” — the idea that the popular vote was somehow misrepresented in its totals — may make even larger swathes of the American public privy to data theft. As ABC notes, “by compiling a national list of registered voters, the federal government could provide one-stop shopping for hackers and hostile foreign governments seeking to wreak havoc with elections.
“‘Coordinating a national voter registration system located in the White House is akin to handing a zip drive to Russia,'” according to one of the secretaries of state declining to send private voter info to the commission.
On the other hand, while the potential for wider, more destructive breaches looms, BizTech actually has some recent good news: “While U.S. retailers report fewer breaches this year than last, many still feel vulnerable, according to a recent survey of retail executives. Only 19 percent of U.S. retail respondents report being breached in the last year, significantly less than the global average (26 percent), and down from 22 percent the year before, according to the retail edition of the 2017 Thales Data Threat Report survey, which was conducted by 451 Research.”
Of course, the “good news” is that decline in actual breaches — not those feelings of vulnerability. As for addressing those vulnerabilities, the article had some suggestions, including:
- Retailers shouldn’t be satisfied with mere “compliance” with safety standards, but move beyond them, including adopting security tools such as encryption or payment tokenization.
- Encryption itself needs to move beyond laptops and desktops and also include mobile devices, cloud storage and environments, etc.
- To further secure data, retailers should encrypt and control access both within containers and underlying data storage locations.
AVP Solutions has also responded to the rise in data breach events by adding new security features to our services called SmartIDentity for Business (SID4B). That package became available this past spring, and includes:
- Business Internet Credential Monitoring with email and SMS text alerts
- Data Breach Event Checklist available for viewing or download
- Quarterly cyber security and information governance training events
- Flash email and SMS text alerts concerning immediate and emerging cyber threats
- Fully Managed Identity Fraud Research, Remediation and Recovery services for a group of up to 5,000 Affected Consumer per Data Breach event, and more
These services are available to our clients, but whether you “fortify” through us, or simply update internally, or simply doublecheck that your business is PCI Compliant, remember that a brief lull now in the number of breach incidents is likely to simply be the calm before the storm.