2016 Predictions for Small Business Cyber Security (Part 2 of 2) 2016 Predictions for Small Business Cyber Security (Part 2 of 2)

2016 Predictions for Small Business Cyber Security (Part 2 of 2)

by Calyptix, January 20, 2016

small-business-cyber-security-predictions


Note: This is the second post in a two-part series. Click here for Part 1.


We’re not done yet! A few more predictions for small business cyber security trends in 2016 are below. Read on to see what we expect to see in healthcare, regulation, and DDoS attacks.

Prediction #5. Healthcare cyber security will improve (but not enough)

After the first half of 2015, the healthcare sector was the most-breached industry of the year. Breaches at Anthem, Premera Blue Cross, Excellus BlueCross BlueShield, and others affected more than 100 million records.

The FBI sounded the alarm in 2014 about lax data security in healthcare, and those warnings apparently went unheeded.

How will all of this stolen health data be used in 2016? Medical fraud and identify theft are two possibilities.

encryption-in-healthcare-cybersecurity

Health data encryption

Data encryption will become more popular in health IT in 2016. We predict this for two reasons:

Reason #1. “Lost and stolen assets” is the number-one cause of healthcare data breaches, according to cyber security statistics in the 2015 Protected Health Information Data Breach report from Verizon.

Reason #2. When an unencrypted device is stolen from a healthcare office, the organization must disclose this as a data breach. However, if the device is encrypted, the organization does not have to disclose the theft (because the thief most likely cannot access the data).

So healthcare organizations will want to cut down on their number-one cause of data breaches, and they can do that by encrypting data. This is why we expect to see an expansion of encryption as a small business cyber security trend next year.

Internet of unhealthy ‘things’

Researchers are also starting to find malware inside of medical devices. And for the first time, in July, the FDA advised against using a medical device due to a major security flaw. We expect to see more news on the poor security of health devices in 2016 as the “Internet of Things” expands in the medical field.


View part 1: 2016 Predictions for Small Business Cyber Security (Part 1 of 2)


cyber-security-regulation-red-tapePrediction #6. Cyber security regulation will expand

An avalanche of cybersecurity laws hit the business world in 2015. Some of them landed only last month.

In 2016, we will see cyber security regulation touch more industries. Well established guidelines, such as PCI DSS and HIPAA, may also adjust as more vulnerabilities are discovered.

Below are just a handful of recent developments in this space.

Information Sharing – December 18, 2015.

Signed just a few weeks ago as part of a major spending bill, the Cybersecurity Act of 2015 is now U.S. law. It includes the Cybersecurity Information Sharing Act of 2015 (CISA), which is intended to encourage companies to share cyber threat information with the federal government and each other.

U.S. Defense Contractors – Aug. 26, 2015

The Department of Defense issued an interim rule in August that obligates defense contractors and subcontractors to protect “covered defense information.” Cyber security incidents that affect systems containing this data must be reported. Policies and procedures for contracting cloud computing services are also outlined.

European Union – December 16, 2015

New regulations in the European Union will affect companies around the world.

“The impact of the new General Data Protection Regulation (GDPR) cannot be overstated. It will affect not only companies established in the EU, but also any company in the world that processes personal data of EU residents, even if the company does not have an office there.” (more via Lexology)

Financial Services – Nov. 9, 2015

Banks in New York can expect more regulation in 2016. The New York Department of Financial Services sent a letter to state and federal regulators in November to ask for help crafting new cybersecurity regulation for financial institutions.

Sanctions on Foreign Actors – Jan 4. 2016

The U.S. Treasury Department hopes to discourage cyber threats from overseas. It proposed new regulations this month to impose sanctions on foreign cyber security threats that target the country’s infrastructure.


View part 1: 2016 Predictions for Small Business Cyber Security (Part 1 of 2)


Prediction #7. Same cyber security trends in small business

2016 will have a few surprises, but we also expect a few well-known, long-time cyber security trends to continue in small business IT.

Old vulnerabilities continue to dominate

First, new vulnerabilities will be discovered, but most security breaches will be based on vulnerabilities that are at least 12-months old. Cyber statics from Verizon’s 2015 Data Breach Investigations Report show that an astounding 99.9% vulnerabilities that were exploited in 2014 were disclosed more than a year prior.

Whether through negligence or ignorance, people do not patch systems as often as they should. In 2016, outdated systems will continue to be breached by simple exploits that have been around for years.

Phishing Attacks: 30% will open a scam emailEmail phishing will still work

Second, email phishing will remain a popular means of attack. Last year, the Sony breach, the Anthem breach, and White House breach all hinged on phishing emails.

The approach is very simple but very effective at penetrating cyber security systems – especially when an attacker crafts a custom email for a target. On average, phishing emails can receive email open and click rates that rival email marketing of the business world:

  • 23% of recipients open phishing messages
  • 11% click on attachments (via Verizon DBIR 2015)

Researchers saw phishing increase 74% in the second quarter of 2015 – so you can expect to see plenty of it in 2016.

DDoS attacks will grow bigger and badder

Third, DDoS attacks are a common means of cyber attack, and they seem to grow stronger and more popular every year.

According to research from Akamai, the number of DDoS attacks doubled in Q1 2015 compared to the year prior. They hit record levels in Q2 and grew another 23% in Q3.

They even knocked out the BBC’s websites at the end of Q4. The attackers claim that DDoS campaign was the biggest attack on record, peaking at 602 Gbps.

We see no reason for the swell of DDoS attacks to end in 2016.

Defy the trends

All three of these small business cyber security trends involve simple but effective methods of attack, especially when used against unsuspecting targets.

The question is not if your organization will experience a data breach. The question is when, because the statistics show it is almost inevitable. Will it happen in 2016? Time will tell. But whenever it happens, be ready. Have your systems patched. Teach users about phishing emails. And protect yourself against DDoS attempts.

 

Related resources

2016 Predictions for Small Business Cyber Security (Part 1 of 2)

Egress Filtering 101: What it is and how to do it

Small Business Cyber Attacks that Stole Thousands

4 Reasons Why Healthcare Data Breaches Are Rising

3 Simple Rules to Stop Malware

No Comments


    Leave a Reply

    Your email address will not be published Required fields are marked *

    You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

    *