NEW YORK (MainStreet) — Ask data breach experts to predict what the near-term trend is likely to be and the immediate response is gloomy silence. That’s because nobody expects a break, nobody expects better news. For some months there has been a parade of big breaches - from Target to HomeDepot to United Air to Anthem to the U.S. Office of Personnel Management - and the stark reality is that experts anticipate matters will only get worse.
“It is safe to say the Data Breach Era will continue for the foreseeable future because too many organizations do not maintain even basic cyber security hygiene, let alone have the skills and resources to cope with the rapid pace of evolving threats,” said Elad Yoran, executive chairman of security company KoolSpan.
The money question: are the targets changing?
The vital question: are you in the crosshairs?
For a time, retailers were where hackers put their energy as they sucked out hundreds of millions of credit card records. Then the focus shifted to health insurers, where hackers scored big on Social Security numbers and insurance info. Then to airlines, where they gathered up the itineraries of many tens of millions of us. Along the way, big federal government agencies were targeted, and hackers made off with millions of files, including some gathered in security clearance background checks.
Who’s on the hot seat now? The experts have opinions. From intellectual property to small businesses, there are many highly probable targets for hackers.
“Small business is under attack,” said Mike Bruemmer, a vice president with Experian, which regularly issues forecasts on data breach trends. “Small business is a new frontier for hackers.” That is a big shift - but big business has tightened its defenses. And the focus on small business is frightening because - in reality - few small businesses have meaningful defenses. That means hackers can have their way inside many small businesses and may never be caught.
Bruemmer also expects intensified efforts - perhaps by state sponsored hackers acting on behalf of foreign governments - to breach large federal and state agencies. That just may put personal files of many millions of employees and even private citizens in the hands of foreign governments.
A third area for attack, according to Bruemmer, will be intellectual property. That means patents, secret formulas, hush-hush business plans.
“Intellectual property remains a prime focus,” agreed Matt Little, a vice president at security company PKWARE.
Multiple experts also said attacks will continue against health insurers and any company with large stores of credit card data.
Across so many diverse targets, exactly what are hackers hunting? Craig Williams, a security expert with Cisco, summed it up: money. “With nearly every major breach, people are looking for information that has high value,” he said.
More specifically, what’s up? Why is so much - seemingly random - information being gathered? Andrea Little Limbago, principal social scientist at Endgame, a company that focuses on providing security tools to the U.S. intelligence community, offered this guess: “Cyber terrorists are clearly building a large database of U.S. citizens that covers a variety of attributes that can later be used to blackmail, recruit and identify vulnerabilities.”
Read that again: you - we - all of us - just may be in the crosshairs.
What makes it all more worrisome: the hackers are getting ever smarter. Many now are inside systems for months, possibly years, and they are steadily sifting out valuable information using what Bruemmer called “the slow drip method,” where they escape detection.
Many networks have screens to detect wholesale data exfiltration - start to move out multi gigabyte files and alarm bells rings. Export a few tiny megabyte files, however, and that looks routine.
Are there ways to stop the hacking epidemic? Experts talk about a big shift away from perimeter defenses - focused on keeping attackers out - and into data protection (typically via encryption) where the goal is to insure that what data the criminal makes off with is of no use.
Will that work? Yes, probably. Up to a point.
“You can’t patch the user,” sighed Cisco’s Williams. Most breaches, when the analysis is done, happen because of innocent user error. And that’s hard to prevent. “The user always is the weak link,” said Williams.