The 2016 cybersecurity trends businesses can’t afford to ignore

Jason Hart, VP and CTO for Data Protection, Gemalto

The latest Breach Level Index report shows there were 888 data breaches in the first half of 2015 alone, compromising 246 million data records of customers’ personal and financial information worldwide.

Though the number of compromised data records declined by 41% with respect to the same period the previous year, data breaches increased by 10% as a result of security strategies dominated by a singular focus on breach prevention that includes firewalls, antivirus, threat detection and monitoring, says Jason Hart, VP and CTO for Data Protection at Gemalto.

However, these approaches to security will have to change if companies wish to comply with the upcoming General Data Protection Regulation (GDPR), which will obligate European companies to adopt preventative security measures that lower the risks of data breaches and mitigate the consequences after an incident occurs. All organisations controlling the processing of personal data will have to notify both authorities and affected individuals when a data breach incident occurs- and face the damage caused to their reputation and bottom line.

Against that backdrop, keeping an eye on the latest developments in the cybersecurity space will be key for protecting sensitive information. The following are the five key trends businesses should look out for in 2016.

1. We will see an uptick in precise and targeted attacks on protected health information, personally identifiable information, and intellectual property data. This kind of information is the new oil. When oil pioneers started harvesting and refining “rock oil” in the mid-19th century, there wasn’t all that much demand. Slowly, as more and more uses were identified for the various refinery by-products – from kerosene for lamps to gasoline for the burgeoning automobile industry – demand grew and the economy around oil grew with it. Today’s hackers are in a similar “Wild West” environment, one in which they are collecting massive amounts of data – from personally identifiable information to Social Security numbers, credit card numbers and even healthcare records – with the intent of figuring out its best uses at a later date. They’re no longer just targeting data for its immediate value, but instead are intent with its eventual value that will come from repurposing stolen data for future attacks.

2. Data integrity attacks will become the new “cash cow” for hackers. Today’s connected world constantly generates mounds of data that businesses, industry professionals and analysts use to drive decisions, make projections, issue forecasts and more. For sophisticated hackers, it’s no longer about stealing data; it’s about accessing and changing it. They can take actions that are difficult to detect and lead to lucrative paydays that may take years to impact a company or industry. Over time, bad data can lower or raise the prices of stocks, enabling hackers to earn high dividends. When it comes to entire industries – agriculture, for example – yield projections can be manipulated and hackers can seize investment opportunities based on erroneous data. For those with an axe to grind, corrupt data can force poor corporate decision-making and take down a company.  And throughout it all, until the pain is felt, data integrity attacks remain invisible.Security_pic

3. Cybersecurity will continue to be a hot topic in the boardroom as companies try to understand their legal and insurance needs due to seemingly ongoing data breaches. However, we’ll continue to see businesses struggle with misaligned or missing technical expertise around their security strategies. Simply put, many businesses still do not understand the data that they should be protecting, where it is, and how to defend it.

4. An increasing number of companies will argue to make two-factor authentication mandatory due to the ongoing trend of password insecurity. The reality is that passwords are not secure, no matter how complicated or clever we make them.  Making them more complex, as per the stern instructions we receive when setting up our myriad personal and professional accounts, only really helps to prevent an amateur intruder from guessing the password.  It does not stop a sophisticated attacker from viewing the password as you type it in, no matter how many different alphanumeric characters it contains.

5. APIs will soon become an attack vector capable of delivering the “motherlode” of stolen data to thieves. When an application programme interface (API) is breached, hackers can gain easy access to security keys themselves. If a mission-critical application is impacted, it could expose data from all users. A compromised API – even for an encryption-protected application – would throw the doors open to sensitive information most prized by hackers at countless companies. In short, when an API is successfully targeted, all the application traffic “under it” could be available.

Now more than ever, simply putting up a wall around the data and hoping it will protect what’s on the other side is no longer enough. Data moves around and is stored in many environments with varying degrees of security. As more individuals have access to that data from multiple access points, organisations must take a multi-layered, dynamic approach to securing it.

Organisations worldwide need to be continually vigilant and implement a data security strategy which will allow them to be safe in the knowledge that their data is protected, whether or not a breach occurs. Only those that adopt a ‘secure breach’ approach, consisting of a combination of strong authentication, data encryption and key management, can be confident that data is useless should it fall into unauthorised hands.

The author of this blog is Jason Hart, VP and CTO for Data Protection at Gemalto.

Comment on this article below or via Twitter: @M2MNow OR @jcm2m


9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, iot home automation is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more

Actility and Helium Network announce roaming integration to scale IoT coverage

Posted on: October 18, 2021

Actility, the provider of IoT connectivity solutions and LPWA technology, and Helium have launched a roaming integration partnership, unlocking affordable and ubiquitous coverage for millions of IoT devices.

Read more

Future of data integration: 2022 and beyond

Posted on: October 18, 2021

Traditional methods including manual creation of scripts, scrubbing the data, and later loading it into a data warehouse or ETL, (extract-transform-load) was used to integrate data from different sources. These methods were adopted in the era of resource constraints and have now become very time-intensive, expensive, and error-prone, says Yash Mehta, an IoT and big

Read more