Learn about 2016 Data Breach Predictions
2015 has seen a fair number of data breaches and malware attacks. But what does this mean for businesses in 2016?
Our forensics team has examined many business environments post breach. They’ve witnessed the rise and fall of popular hacking trends for over 13 years. Here are some of our forensics experts’ predictions for the future of data breaches that we’ve taken from our new 2016 SecurityMetrics Guide to PCI Compliance:
See also: Top 5 Security Vulnerabilities Every Business Should Know
Insecure remote access continues to be a large problem for many businesses, according to Visa. As of now, insecure remote access is the largest single origin of data compromise. If a method of intrusion worked in more than 29% of last year’s investigated breaches, hackers will likely keep using that method.
Unfortunately, many businesses don’t configure remote access properly when they install them. They use weak passwords and usernames, don’t implement two-factor authentication, and don’t have firewalls properly set up.
Even the rise of EMV implementation won’t affect remote access much, since it doesn’t affect the hacker’s ability to gain access to a merchant’s system. Merchants will need to secure their remote access in order to prevent these types of attacks.
Since implementing EMV in 2016, the amount of large-scale breaches should start to decrease. It may happen slowly, but as more businesses migrate to EMV, we’ll see less large-scale breaches than we saw in 2015.
Unfortunately, employees introduce the potential for inadvertent employee error. The point of vulnerability in many of the 2015 largest breaches was an act by a person with no malicious intent. Some actions an employee could make is clicking on a phishing link, letting a social engineer have access to sensitive information, or incorrectly setting up security hardware. Unfortunately, when the human element is involved, no security solution is 100% secure.
See also: PCI Requirement 7: 5 Reasons You Should Limit Employee Access to Your Data
With the rise in implementing EMV, attacks surrounding POS devices will significantly decrease. Attackers will find it increasingly difficult to obtain cardholder data from card-present environments.
That being said, EMV still has a ways to go. Many businesses still haven’t fully implemented it, and attackers are already working on trying to crack it. But while it may not be a perfectly secure environment in 2016, pushing for EMV is one of the many efforts that will help improve the landscape of the payment card industry.
As a result of EMV, attackers will likely turn to card-not-present environments to steal cardholder data. Or they will focus on businesses slow to make changes to EMV requirements, making attacks more focused.
So how do we combat these potential hacking trends? It’s not as technical as you may think. Most steps you can take to protect your data are fairly easy to do. Get started with the following tips:
These days, it’s more crucial than ever to not only get your business PCI compliant, but to take extra security measures to protect your data. Attackers have an unlimited amount of time to crack new encryptions and eventually make new security obsolete. You can’t afford to take your chances with outdated practices and technology.
See also: The Importance of the PCI DSS: Why You Should Get Compliant
.svg)
