Lessons learned? A look back at five cyber-security trends of 2015
2015 was another big year for cyber-security headlines. In fact, the past 12 months have seen some of the biggest data breaches on record, across a wide range of global industries and sectors notes Luke Brown.
Luke Brown, VP & GM, EMEA, India and LATAM at Digital Guardian
From Ashley Madison and Anthem, to TalkTalk and Carphone Warehouse, many of the cyber-attacks last year were large scale, high profile and extremely damaging to the companies involved, not least from a reputational perspective. As a result, we've seen cyber-attacks and other security issues receiving far more attention globally last year, both in the newsroom and at government level. Below are five conclusions that can be drawn regarding emerging trends in the cyber-security landscape.
1. There has been a major increase in state-sponsored and nationalist cyber-attacks
2015 saw more than its fair share of highly targeted state sponsored cyber attacks, with China and Russia two of the major perpetrators, amongst others. It's widely believed that many of the US healthcare attacks to occur in 2015 were the work of Chinese espionage, particularly the attacks on Anthem (up to 70 million members affected) and Premera (up to 11 million records exposed). In fact, with so many attacks attributed to China this year, many experts believe that Chinese hackers are compiling profiles of millions of US citizens, particularly intelligence agents. It was recently announced that President Obama and Chinese President Xi Jinping have come to an agreement to end cyber-attacks between their two countries. However, if recent discoveries - most notably Operation Iron Tiger and the 3102 malware attacks on US Government and the EU Media - are any indication, a true cyber-ceasefire for state-sponsored hacking may be a long way off.
Closer to home, George Osborne recently announced that the UK is set to double UK funding to fight cyber-crime to £1.9 billion over five years. This is in response to growing evidence that nationalist militants in the Middle East are trying to develop the ability to launch deadly cyber-attacks on UK infrastructure including hospitals and airports, from anywhere in the world.
2. Cyber-attackers continue to increase in reach and creativity
Forget the “sophisticated attacks” you keep seeing in headlines. While attacks are without a doubt growing in sophistication, 2015 has seen many using the same old tactics, but in more creative ways. Social engineering attacks such as spear-phishing have become more targeted and resourceful than ever before, relying on crafty cyber-sleuthing and other tricks to make their efforts even more effective. For instance, many victims of the recent TalkTalk data breach (157,000 customer records breached) claim to have been targeted by very sophisticated phishing attacks, some occurring even before the breach was reported in the media. In one case, the perpetrators were able to slow down the victim's internet connection before contacting him under the guise of TalkTalk's technical support team. They then used the personal details stolen in the breach to try and extract payment details from the target over the phone.
3. The insider threat continues to be a major concern for businesses of all sizes
Data security breaches can be devastating in terms of cost and reputation so efforts are rightly directed at protecting the perimeter of an organisation's IT systems from unauthorised intruders. The threat from within, however, is harder to guard against.
It has been widely reported that breaches such as Ashley Madison (37 million records stolen) and Morrison's (100,000 staff records leaked) were both perpetrated by insider threats. However, spotting security threats from within can be incredibly difficult because the attacker often has legitimate access to the data they steal.
Alongside enabling innovation and productivity, every company has to deal with this growing issue. Despite this, of the 770 businesses polled in a recent survey by the SANS Institute, 32 percent had no systems in place to protect against insider attacks, around half struggled to estimate the damage from such an attack, while 44 percent didn't know how much they spent on preventing insider threats. Clearly this needs to change during 2016.
4. The healthcare industry is fast becoming the top target for cyber-criminals
The healthcare sector solidified its place as the favourite target for cyber-criminals in 2015, particularly in the US. In fact, recent research found that the healthcare industry sees 340 percent more security incidents than other industries. The same study also found that healthcare firms are 200 percent more likely to lose data in security incidents and 400 percent more likely to fall victim to advanced malware. These figures are reflective of the state of cyber-security in the healthcare industry; given healthcare firms' lack of IT funding and other security resources, it makes sense that healthcare data continues to be low hanging fruit for attackers. Last year's mega breaches in healthcare tell the tale here, with the top five globally – Anthem, Premera, Community Health Systems, Carefirst, and Systema – totalling just shy of 100 million records lost.
5. Cyber-security has gone mainstream
This is a trend that has been growing over the past few years, but there's no question that cyber-security made it to the forefront of mainstream - and arguably achieved pop culture focus - in 2015. From record-breaking attendance at conferences such as RSA, InfoSecurity and Black Hat to the tabloid-like media frenzy following the Ashley Madison and TalkTalk data breaches, cyber-security is “in.” We can only hope that this heightened attention spills over to improved cyber-legislation and prioritisation of security in the private sector.
Many of these trends have been developing slowly for several years, but 2015 is when they truly came to the fore. What they show us is that cyber-security will only grow in importance as the world we live in becomes increasingly connected and reliant on technology. However, by learning from breaches such as those at TalkTalk, Ashley Maddison, Morrison's, Carphone Warehouse, Anthem, Premera and many more, businesses and organisations can take steps that will prevent them from being a next global security headline in 2016.
Contributed by Luke Brown, VP & GM, EMEA, India and LATAM at Digital Guardian