The breadth and depth of the data breaches seen by the world in 2014 was shocking – spanning major banks, e-commerce giants, healthcare giants, casinos and others, exposing hundreds of millions of usernames, passwords and credit card details. The coming year will be no different, and businesses and consumers need to be prepared for continued changes in the cybercrime landscape.
ThreatMetrix has outlined several predictions for the New Year:
Mobile will represent more than half of transactions during the holiday season
During this year’s Cyber Week, from Thanksgiving Day through Cyber Monday, mobile accounted for 39 percent of all transactions across the ThreatMetrix Global Trust Intelligence Network (The Network). By next year, ThreatMetrix predicts this number will surpass 50 percent. Additionally, as retailers make the looming switch to Europay-Mastercard-Visa (EMV) payments systems by the October 2015 deadline, those systems also accept mobile capabilities such as Apple Pay, which will also contribute to increased mobile payments.
“Consumers are far more comfortable shopping on mobile devices than they were even a year ago, and that trust is going to continue to grow,” said Alisdair Faulkner, chief products officer at ThreatMetrix. “Unfortunately, many businesses face difficulties determining the authenticity of mobile transactions through hidden cookies and geo-location data. Leveraging a global network of trust intelligence enables businesses to differentiate between previously authenticated users and potential fraudsters and will be the best way to protect sensitive information and customers against cybercrime in 2015.”
Information sharing will continue to rise
While cybercrime threats will grow in sophistication during the coming year, information sharing about those threats within and across industries will also grow to combat those cybercriminals. For example, the financial services industry is already paving the way for growth of information sharing with the Financial Services Information Sharing and Analysis Center (FS-ISAC), and retailers are beginning to see the benefits of information sharing, establishing their own group this past year. The Network, which analyzes more than 850 million monthly transactions across 3,000 customers, also provides a shared view of cybercriminals’ activity, enabling companies within The Network to protect their business by accurately identifying fraudsters, as well as good customers.
“Businesses in many industries are seeing the benefit of information sharing, and that will continue to increase in the coming year,” said Andreas Baumhof, CTO at ThreatMetrix. “Unfortunately, while information sharing is common practice in some industries, businesses in other industries, such as retail, are often wary of sharing too much information with competitors. However, with today’s highly organized cybercriminals, it takes a network to fight a network. The balance is between businesses sharing good data, not just big data, and maintaining a certain level of trust to stay competitive with one another.”
Cybercriminals will identify new opportunities to compromise personal information
In 2014, there were many high profile data breaches that were deemed “unprecedented.” Hundreds of millions of user accounts have been compromised, including the Home Depot breach and the Russian cybercrime ring exposing 1.2 billion passwords. Most recently, the Sony breach has been a sign of cybercriminals shifting their focus to cyber sabotage. In 2015, there will be more unprecedented attacks as cybercriminals continue to become more sophisticated.
“There is no end in sight,” said Reed Taussig, president and CEO at ThreatMetrix. “Last year, ThreatMetrix predicted the password apocalypse for 2014 – and the number of major data breaches over the past year targeting user login information shows that prediction was true. There are endless opportunities for hackers to steal personal information, and that’s not going to stop in the coming year – it’s going to get worse. I would venture to guess that in 2015, one of the world’s major stock exchanges may very well be compromised, which has the potential to result in severe economic damage on a global basis.”
The Internet of Things will continue to be a security nightmare
One of the first major hacks to the Internet of Things came in early. It can be near impossible to know when one of the many connected devices used day-to-day is compromised – from smart phones to washing machines and refrigerators – and as more devices are added to the Internet of Things in the next year, protecting these devices will become even more difficult.
“We can’t even protect our most critical assets, so how can we be expected to protect a smart fridge?,” said Baumhof. “One of the biggest problems is that many of these tools have a long lifespan and current security systems rely heavily on the ability to patch systems on a regular basis. For most of the devices within the Internet of Things, that practice is not implemented, nor feasible.”
Health systems will become a major target for cybercriminals
This year, U.S. healthcare spending hit $3.8 trillion. Unfortunately, almost one-third of that is wasted to fraud. As more money is dedicated to the healthcare market, cybercriminals will follow the trail to cash in on the market.
“In major data breaches, cybercriminals target credit cards and login credentials, but there are other sources where money is flowing, and it’s only a matter of time before cybercriminals ramp up their attention toward those industries,” said Faulkner. “In the New Year, insurance, healthcare and pharmacies will be new focuses for fraudsters. As healthcare information makes the shift electronically via the Health Insurance Portability and Accountability Act (HIPAA), fraudsters will find ways through its security holes to commit healthcare fraud and steal personal information.”