Data breaches have evolved from credit card fraud with financial consequences to medical identity theft with life-threatening implications. According to leading experts, the frequency, severity, and impact of data breaches are expected to escalate.
Industry experts forecast top trends in data breach, privacy, and security:
1. Global criminals. Criminals are now globally connected and increasingly part of organized crime rings. - Rick Kam, president and co-founder, ID Experts.
2. Advanced persistent threat (APT). APT is the biggest threat to organizations, whereby hackers gain access to a network and remain there undetected for a long period of time. - James Christiansen, chief information risk officer, RiskyData.
3. Malicious attackers. Hacktivists and national states have an advantage over today’s defenders of corporate data and IT infrastructure. - Dr. Larry Ponemon, chairman and founder, the Ponemon Institute.
4. Breaches affect everyone and everything. Breaches affect large and small businesses of all kinds, regardless of sophistication, and high- and low-tech information. - Kirk Nahra, partner, Wiley Rein.
5. Information can be infinitely distributed, causing limitless damage. The electronic health information privacy breach epidemic is an unanticipated “game changer” in that health information can be stolen from anywhere in the world, distributed to an infinite number of locations for an infinite period of time and can cause limitless damage. - James C. Pyles, principal and co-founder, Powers Pyles Sutter & Verville PC.
6. Increased enforcement risk. Regulators at both the federal and state levels in the U.S. and in many foreign countries have become, and will continue to be, increasingly aggressive in investigating security breaches and obtaining substantial monetary settlements or penalties from responsible organizations. - Philip Gordon, shareholder, Littler Mendelson, P.C.
7. Identity theft will not go away, until the issue of identity is solved. "Identity-proofing" consumers involves verifying and authenticating with numerous technologies, and the flexibility of consumers to recognize a slight trade-off of privacy for security. - Robert Siciliano, CEO, IDTheftSecurity and personal security and identity theft expert.
8. Real-time prevention. The rate of exposure for personally identifiable information is now so great, we must concede that the data itself is no longer able to be protected. Our defensive strategy must now shift to real-time prevention of the abuse of this sensitive information by criminal elements. - Anthony M. Freed, Community Engagement Coordinator, Tripwire.
9. More digital devices and technologies, to digitize personal data. Drones, utility smart meters, automated license plate readers, and more powerful facial recognition software - all used to collect and digitize consumers' sensitive personal data - will provide more opportunities for government to resell consumer data, forcing consumers to demand better privacy protections and read/approve/decline company privacy statements. - George Jenkins, editor, I’ve Been Mugged.
10. Many data breaches are avoidable if commonsense security practices are in place. In recent cases brought by the Federal Trade Commission against companies that experienced data breaches, the companies' security practices did not protect against even readily foreseeable threats. Companies need to use “reasonable and appropriate security measures” for handling consumers’ personal information. - Joanna Crane, senior consultant, Identity Theft Assistance Center.
11. Long-term monitoring. Data obtained by hacking, theft or unauthorized access, isn't always used immediately by the perpetrators. Organizations need to develop a tactical plan for incident response that includes persistent, long-term diligence and monitoring, due to the possibility of lag time that can occur between the time of the breach and the fraudulent use of consumer information. - Robin Slade, development coordinator, Medical Identity Fraud Alliance (MIFA) and president & CEO, FraudAvengers.org.
12. Continued business naiveté. Corporations continue their delusional belief that data security and cyber privacy are a byproduct of purchasing better technology. It helps, but it's the human beings using the technology correctly (or not, in the case of most breaches) that actually delivers results. Forward-thinking companies will focus assets on training the stewards of their valuable data. - John Sileo, privacy evangelist and CEO of The Sileo Group.