Thought Leadership on Business Strategy & Technology Value presented by Paragon Solutions.
In the modern era of mega breaches, there seems to be an ever-upward trend of more attacks, more leaked records and more varied threats.
Yet, by the numbers, 2015 was not a complete disaster. While significant interruptions, shifts in perspective and challenges to the security industry continue to evolve, there are some areas of slowed growth and even improvement.
According to the IBM X-Force Threat Intelligence Report 2016, by the end of 2014, some estimates indicated there were more than one billion leaked emails, credit card numbers, passwords and other types of Personally Identifiable Information (PII) being reported stolen.
Today, small shifts to the landscape have been experienced, with cybercriminals focusing more readily on targets of higher-value records such as health-related PII and other highly sensitive data, and with less emphasis on the emails, passwords and even credit card data that were the targets of years past.
IBM’s X-Force Threat Intelligence Report 2016 reveals several key trends to keep in mind when formulating PII best practices and protocols for the coming months.
- The sophistication of attack techniques increased in the year with advances such as overlay malware on mobile platforms, tricking end users into providing personal data as desktop browser web injections had done in years past.
- Popular attack methods such as distributed-denial-of-service (DDoS) attacks continued to be an attractive means to an end, particularly as a distraction to cover a more targeted attack technique or as a way to demand ransom.
- With notable incidents and targeted malware affecting geographies including Canada, Australia, the United Kingdom, France, Turkey and Japan, we look at how attacks adapt to extend beyond borders.
- The complexities of doing business at scale, both strategic and technical, create barriers to overcome in preventing these attacks from occurring. A focus on user education and systematic protocols for operating a strong risk assessment program can provide value in that effort.
- By January 2015, the connected world was already inundated with a litany of constant data breaches, making it almost too easy to tune out the near daily reports of new incidents. Tuning out, however, was not the appropriate strategy, as existing avenues of attack were adapted and applied vigorously while novel threat techniques and attacks on prominent targets dominated headlines for weeks on end.
- From an industry perspective, healthcare was in the spotlight with a number of high-profile US incidents resulting in the theft of more than 100 million PII records. Malicious advertising, also known as malvertising, increased throughout 2015. In these cases, infected ads, primarily targeting Adobe Flash vulnerabilities, were served to millions of viewers on popular websites and resulted in the installation of ransomware and other types of malware. Toward the end of the year, a security researcher uncovered a number of misconfigured NoSQL databases that exposed more than 200 million combined records, reinforcing that, more than ever, basic security practices are critical to protecting end-user data.