With security threats and breaches continuing to strike, the demand for high-quality web protection has been more necessary than ever. 2015 was a year many corporations faced damaging online security incidents. However, last year also brought several new solutions and polices that helped improved digital security.
As 2016 begins, there are several key factors both merchants and banks can learn from when looking back at the events of 2015. Let’s reflect at the leading milestones that occurred last year in cybersecurity:
Attacks Against Third-Party Vendors
Attackers are not only pursuing businesses, but third-party vendors as well. In fact, several prominent third-party vendors were hit with big data breaches in 2015 – including the Army National Guard and Experian. Third-party vendors have recently shown to be at great risk of security issues, and are projected to be a target for hackers 2016.
Stephen Boyer, CTO of BitSight, provided advice on what businesses can do to defend themselves from a third-party breach:
"2015 has proven that attackers are targeting vulnerable third parties and are using those third parties as a springboard to broader ecosystem compromise," Boyer said. "In the years ahead, it will become increasingly important to not only monitor your company’s internal security posture, but also to manage the risk and security practices of third-party vendors."
Cybersecurity Remains an Issue
Although digital security solutions have improved as of late, the amount of breaches that are still occurring remains a problem. According to the Privacy Rights Clearinghouse, there were a total of 184 breaches that occurred through a variety of industries during 2015. Planned Parenthood, Anthem, and CareFirst were some of the major corporations that experienced a breach.
However, many executives are becoming more proactive with preparing for the possibility of a breach and are forming strategies to safeguard their businesses. Bob Shaker, senior incident response manager at Symantec mentioned:
"More and more boards and executives are seeking out assistance to create incident response programs and plans, hold tabletop exercises and train their teams to proactively take steps to be ready to respond to compromises and, if they turn into breaches, reduce the overall impact," Shaker said.
EMV and Increased E-Commerce Fraud
EMV technology was introduced in the fall of 2015 and is expected to heighten security for in-store payments and decrease the ability for hackers to steal credit card data at card-present transactions. However, EMV security features do not apply towards online shopping, and e-commerce merchants are now at a higher risk for fraudsters to target card-not-present transactions instead.
In fact, The Aite Group, a research and consulting firm, has predicted that online credit card fraud within the U.S. will spike from $3.3 billion in 2015 to over $6.6 billion in 2018. This drastic increase is partly due to the fact that the emergence of EMV will attract cyber criminals to shift their tactics towards online transactions.
Push Towards Tokenization
Most of the major card networks throughout 2015 supported the use of tokenization to help further secure web and mobile transactions. Tokenization takes confidential account information and replaces it with non-sensitive data such as letters, numbers, or symbols. These insignificant characters are randomly formulated for every transaction, helping increase the protection and security of online payments. With tokenization, cyber criminals cannot access card information and use it for fraudulent purposes, as the unique tokenized codes are valueless to replicate credit cards.
Focus on Insider Risks
Although a heavy amount of focus is placed against potential outside threats, it is equally imperative to guard against possible insider dangers. The Verizon Data Breach Report found that 20.6 percent of attacks conducted were because of insider abuse and 15.3 percent coming from device theft or loss.
Piero DePaoli, senior director of global product marketing for Symantec, mentioned it is crucial that businesses educate their employees on cybersecurity:
"Employees can often be an organization's biggest threat both maliciously and accidentally. They might intentionally attempt to steal data and can also fall victim to realistic-looking phishing scams and unintentionally expose company information. That’s why it’s especially important to continually educate employees on cybersecurity and company policy," DePaoli said.
2015 proved to show that many attackers are targeting third-party vendors and that data breaches are a continuing issue. The arrival of EMV technology late last year also brought on more troubles for online merchants, as fraudsters have shifted their strategies towards digital crime instead. However, the push towards integrating tokenization for websites and focusing on insider risks has proven to show positive results towards preventing future risks. It is imperative that online merchants use a variety of security options available for full protection against cyber crime to safeguard their business.