Aftershock password breaches will expedite the death of the password.

  • What and Why: Companies will face the consequences of previous data breaches, as username and password information breached years prior (and often from an unrelated company) is continued to be sold through darknet markets.
  • The Takeaway: Companies should consider (1) using multi-factor authentication to verify users to help solve the password reuse problem; (2) accounting for aftershock breaches in their data-breach response plans; and (3) educating customers about resetting their passwords and about the broader risk associated with password reuse across websites.

Nation-state cyberattacks will move from espionage to war.

  • What and Why: Cyberattacks by hackers sponsored by foreign nations will likely continue to increase and escalate. Although these attacks are motivated by the desire to gain intelligence, they will lead to collateral damage to consumers and businesses through widespread outages or exposure of personal information.
  • The Takeaway: Businesses should prepare for large-scale attacks, particularly if they are a part of critical infrastructure, by staying vigilant about their security measures and by considering purchasing proper insurance protection.

Healthcare organizations will be the most targeted sector with new, sophisticated attacks emerging.

  • What and Why:
    • Medical identity theft will remain cybercriminals’ top target, as medical information is lucrative and easy to exploit.
    • Experian predicts that in the new year mega breaches will move on from focusing on healthcare insurers to distributed hospital networks, which might have more security challenges compared to centralized organizations.
    • Experian also predicts that electronic health records (EHRs) will likely be a primary target for attackers, since EHRs are widely used and are likely to touch a compromised computer.
    • The top breach vector will likely be ransomware because a disruption of healthcare system operations could be catastrophic and most organizations would rather opt to simply pay the ransom than fight the attack. According to the recent Office of Civil Rights (OCR) guidance, depending on the facts, ransomware attacks may be classified as breaches and require notification under the HIPAA Breach Notification Rule, in accordance with 45 CFR 164.404.
  • The Takeaway: Healthcare organizations need to ensure they have proper, up-to-date security measures in place, including data-breach response plans in the event of a ransomware attack and adequate employee training about the importance of security.

Criminals will focus on payment-based attacks despite the EMV shift taking place over a year ago.

International data breaches will cause big headaches for multinational companies.

…read more

Source:  Lexology

Thanks CSO, Mondaq, Lexology and for reading Breach Trends 2016

This Site is Blocked By Some Browsers, WOT And Parental Controls Triggered By TERMS and TOPICS of Internet Crime; Child Porn, Pornography Addiction, Sexting, Sextortion, Sexual Harassment.  Children as young as nine years old are Watching Porn and Sexting.

Use the POWER of Social Media SHARING  to HELP INCREASE AWARENESS of these important topics for Parents, Friends and our Children

Like and Share on our Facebook page