As we detailed in our recap of 2018’s data breaches last week, patterns are shifting as fraudsters look for new ways to monetize data through more targeted, wide-reaching attacks that gathers more personal information in each sweep. Less breaches, but bigger impact — that was the story of 2018.
What the Identity Theft Resource Center’s report detailed about 2018 was that the number of personal records exposed more than doubled in 2018. Exposed PII records rose 126%. To be more specific, this was a sharp increase from 197,612,748 records exposed to 446,515,334 records exposed.
This aligns with what we shared in our State of Card Fraud: 2018 report we detailed why fraud is going to continue to get worse before it gets better. With new threats emerging at a pace faster than most organizations can keep up with, data breaches have become the status quo. Managing the fallout from these breaches has become as important as detecting when they occur. That's the story that's emerging in 2019.
For financial institutions, preparing for the year ahead means knowing what industry trends are gaining traction. Companies are catching on about what they need to do to prepare for data breach threats, but there are still gaps. Experian dug into how threats have evolved in its latest report, “2019 Data Breach Industry Report Forecast.”
“It’s safe to say that hackers are not necessarily catching organizations off-guard, data breach preparedness is at an all-time high, according to our annual study with the Ponemon Institute, with 82% of companies saying they have a response plan in place. However, cybercriminals are increasingly becoming more sophisticated and it's a constant game of cat and mouse,” the report detailed.
Brian Stack, Vice President of Dark Web Intelligence at Experian, explained a little deeper about that “low risk, high yield proposition for cybercriminals,” that’s occurring. With easier access to droves of data on the Dark Web, at increasingly cheaper prices, fraudsters are able to monetize their efforts at a greater scale than ever before. They will continue to look for new methods, he notes, such as hacked cell phone and internet service data records.
“...Because of the unprecedented amount of personal data available, coupled with the commoditization and ease of access of hacking tools and services, expect cybercriminals to change tactics and focus on multi-vector attacks. Hackers still want to steal all that data, but now they want to turn your devices into botnets that can cause even more damage,’ Stack writes in the report.
Experian also provided some insight into what they think will define the data breach problems of 2019.
1. Biometrics Tech will Create a New Target For Fraudsters
Biometrics have been a technology trend that has defined the future of payments. Driven by smartphones that power easier and quicker ways to pay for an item online, and verify an identity in a tap of a fingerprint or scan of a face, biometrics have continued to gain traction across the payments ecosystem. Biometrics act as a multi-factor authentication tool, which is why they’ve increased in popularity.
Organizations, however, must remember that the data used for those biometrics must be protected using encryption technology that is properly stored. Experian noted this in its report.
“Biometrics are an increasingly popular form of authentication. While biometric solutions offer a security layer for data, biometric data will gain value to cybercriminals and is at risk for theft and fraud.”
2. Skimming Fraud Isn’t Going Away
Experian’s predictions about skimming fraud has aligned with much of what our team has discussed on the subject. Skimming fraud is going to continue to be a major headache for financial institutions. Experian reports:
“Skimming isn’t new, but the next frontier is an enterprise- wide attack on a major financial institution’s national network, which could result in millions in losses. ...cybercriminals are using proprietary web technology and network infrastructure, it is very difficult to detect an attack until it’s too late. Organizations should monitor their networks for anomalies to financial transactions.”
3. Wireless Companies Could Be the Next Big Target
It doesn’t come off much shock that smartphones, the one thing that more than 70 percent of all U.S. consumer have on them at any given moment, would be the next big target for hackers. Smartphones are treasure troves of data, and without proper security measures, it’s easy to see why hackers would try to target this market. Experian predicts...
“A major wireless carrier will be attacked with a simultaneous effect on both iPhones and Android, stealing personal information from millions of consumers and possibly disabling all wireless communications in the United States.”