2016 Data Breach Predictions from SecurityMetrics PCI Compliance Guide
Learn how data breaches may look in 2016.
Read our 2016 SecurityMetrics Guide to PCI Compliance2015 has seen a fair number of data breaches and malware attacks. But what does this mean for businesses in 2016?
What data attacks will be more common for 2016?Our forensics team has examined many business environments post breach. They’ve witnessed the rise and fall of popular hacking trends for over 13 years. Here are some of our forensics experts’ predictions for the future of data breaches that we’ve taken from our new 2016 SecurityMetrics Guide to PCI Compliance:
SEE ALSO: Top 5 Security Vulnerabilities Every Business Should Know
1. Insecure Remote Access will remain a problem
Insecure remote access continues to be a large problem for many businesses, according to Visa. As of now, insecure remote access is the largest single origin of data compromise. If a method of intrusion worked in more than 29% of last year’s investigated breaches, hackers will likely keep using that method.Unfortunately, many businesses don’t configure remote access properly when they install them. They use weak passwords and usernames, don’t implement two-factor authentication, and don’t have firewalls properly set up.
Even the rise of EMV implementation won’t affect remote access much, since it doesn’t affect the hacker’s ability to gain access to a merchant’s system. Merchants will need to secure their remote access in order to prevent these types of attacks.
2. Large scale breaches will decrease, but humans remain high-risk
Since implementing EMV in 2016, the amount of large-scale breaches should start to decrease. It may happen slowly, but as more businesses migrate to EMV, we’ll see less large-scale breaches than we saw in 2015.Unfortunately, employees introduce the potential for inadvertent employee error. The point of vulnerability in many of the 2015 largest breaches was an act by a person with no malicious intent. Some actions an employee could make is clicking on a phishing link, letting a social engineer have access to sensitive information, or incorrectly setting up security hardware. Unfortunately, when the human element is involved, no security solution is 100% secure.
SEE ALSO: PCI Requirement 7: 5 Reasons You Should Limit Employee Access to Your Data
3. EMV will change breach methodology
With the rise in implementing EMV, attacks surrounding POS devices will significantly decrease. Attackers will find it increasingly difficult to obtain cardholder data from card-present environments.That being said, EMV still has a ways to go. Many businesses still haven’t fully implemented it, and attackers are already working on trying to crack it. But while it may not be a perfectly secure environment in 2016, pushing for EMV is one of the many efforts that will help improve the landscape of the payment card industry.
As a result of EMV, attackers will likely turn to card-not-present environments to steal cardholder data. Or they will focus on businesses slow to make changes to EMV requirements, making attacks more focused.
Fight data breaches
So how do we combat these potential hacking trends? It’s not as technical as you may think. Most steps you can take to protect your data are fairly easy to do. Get started with the following tips:- Get PCI compliant: The PCI DSS offers the minimum security you should have for your business. Start by getting compliant.
- Migrate to EMV: If you haven’t implemented EMV yet, make every effort to do so. It will significantly reduce the amount of vulnerabilities your card environment will have.
- Secure Ecommerce Environments: Make sure you correctly install and configure antivirus applications. Scan often for malware and review code for potential security holes.
- Train Employees: We can’t stress this enough. No security technology is 100% secure when employees are involved. Ensure your employees know your security policies and are following them.
- Perform security testing: You don’t know how strong your defenses are until you test them. Hire penetration testers and have an ethical social engineer test your employees.
- Be up to date on security software: New updates are often published to fix security holes in software, browsers, mobile devices, and more. Stay updated on these fixes; join forums, sign up for newsletters, and establish a regular schedule to check software for the most recent updates.
These days, it’s more crucial than ever to not only get your business PCI compliant, but to take extra security measures to protect your data. Attackers have an unlimited amount of time to crack new encryptions and eventually make new security obsolete. You can’t afford to take your chances with outdated practices and technology.
SEE ALSO: The Importance of the PCI DSS: Why You Should Get Compliant
Read our full PCI Compliance Guide!