Experian Lists Top Five Data Breach Trends for 2016

Healthcare, Government Cited as Big Targets

Dec 10, 2015 11:22:28 AM

By Kaitlin Shaw

The credit bureau’s Data Breach Resolution group, Experian, predicted what the top data breach trends for 2016 will be in its third annual Data Breach Industry Forecast, naming the healthcare and government sectors as major targets. Employee error continues to be a leading cause of security breaches, Experian reports.

According to the organization, there have been over 15,000 data breaches over the last decade. Given the ever-evolving nature of security threats, it is critical that businesses continuously update their data breach response plans according to the emerging trends. Preparation is key, Experian asserts.

1) Vendors’ switch to EMV chips and PIN-compatible payment terminals will not stop payment breaches
According to Experian, only about half of executives in the payments sector believe the adoption of EMV chips and PIN-compatible payment terminals will actually decrease the risk of a breach. The reason for this skepticism is because many believe attackers will just look to other ways to steal this information that don’t involve point-of-sale systems, since the value of payment information is so high. The example Experian points to is how the European Union’s adoption of EMV chips a few years back simply caused hackers to focus more on online transactions, where cards don’t need to be presented.

2) Breaches at large healthcare organizations will make headlines, but breaches at smaller organizations will cause the most damage
Experian predicts the healthcare sector will continue to be the one of the most targeted given the high value of medical records—which, according to the group, are worth up to 10 times more than credit card numbers on the black market—and the transition to electronic records. And while large-scale breaches aren’t likely to cease anytime soon (see the recent cyber attacks on major healthcare organizations such as Anthem and Premera Blue Cross Blue Shield, among others), smaller organizations are still more appealing targets as they are less likely to have complex security systems in place. According to Experian, 91 percent of all healthcare organizations reported at least one data breach in the last two years. As in other sectors, healthcare breaches are most often caused by employee error, such as the mishandling of paper records.

3) Cyber conflicts between countries will have a negative impact consumers and businesses
As nations continue their cyber conflicts with one another, consumers and businesses will be left as “collateral damage,” Experian says. The organization cites that there were 61,000 cyber-security breaches in the federal government in 2014 alone, and that over 60 countries have or are developing tools for computer espionage attacks, while 29 countries have formal military intelligence units dedicated to cyber defense.

4) U.S. 2016 presidential campaigns will be targets
As political campaigns are increasingly won and lost online, the potential for politically-motivated cyber attacks is growing tremendously. Experian states it is likely that a presidential candidates and major donor bases will be targeted next year.

5) “Hacktivism” by groups that target organizations they disagree with will resurge
Experian expects to see a resurgence in hacktivist activities, which are motivated by causing reputational damage to a company or cause, citing the Ashley Madison attack this year as one of the prime examples.

The organization concludes that the best way for organizations to address these security risks is to focus more on internal employee training on proper data handling procedures. Experian also encourages healthcare organizations in particular to invest in the most up-to-date security technologies, given the extremely high value of the data they are handling.