Tag: cybersecurity

  With cyber threats intensifying and data breaches rising, understanding how to respond to incidents is more important than ever. In this interview, Michael Bruemmer, Head of Global Data Breach Resolution at Experian, is joined by Matthew Meade, Chair of the Cybersecurity, Data Protection & Privacy Group at Eckert Seamans, to discuss the realities of data breach response. Their session, “Cyber Incident Response: A View from the Trenches,” brings insights from the field and offers a preview of Experian's 2025 Data Breach Industry Forecast, including the role of generative artificial intelligence (AI) in data breaches. From the surge in business email compromises (BEC) to the relentless threat of ransomware, Bruemmer and Meade dive into key issues facing organizations big and small today. Drawing from Experian's experience handling nearly 5,000 breaches this year, Bruemmer sheds light on effective response practices and reveals common pitfalls. Meade, who served as editor-in-chief for the Sedona Conference’s new Model Data Breach Notification Law, explains the implications of these regulatory updates for organizations and highlights how standardized notification practices can improve outcomes. Bruemmer and Meade’s insights offer a proactive guide to tackling tomorrow’s cyber threats, making it a must-listen for anyone aiming to stay one step ahead. Listen to the full interview for a valuable look at both the current landscape and what's next.  Click here for more insight into safeguarding your organization from emerging cyber threats.  

Replay attacks may threaten your customers’ online security Today, consumer online security is more important than ever. This year, the FTC has already received nearly six million reports of fraud, and 1.4 million of those cases were specifically identity theft.[1] In addition, a recent study reported that losses due to identity fraud amounted to almost $23 billion in 2023.[2] And consumers aren’t the only ones at risk. According to CyberArk’s global research report, 93% of organizations had two or more identity-related breaches in the past year.[3] This means it’s not only up to consumers to protect themselves against identity theft. It’s also up to businesses to protect themselves and their customers from the threat of fraud. As security technology advances, so do the tactics of hackers attempting to steal information such as usernames, account numbers, and passwords from innocent online users. One method that hackers use to obtain this information is called a replay attack, which can pose a serious threat to your customers’ online security. What is a replay attack? A replay attack is a network-based security hack in which a hacker intercepts legitimate data transmission and then fraudulently repeats it to gain access to a network or system. These attacks are designed to fool the victim into believing the hacker is a genuine user, and they happen in three steps: Eavesdropping: The hacker listens in on secure network communications, such as information sent through a Virtual Private Network (VPN), to learn about the activity happening on that network. Interception: The hacker intercepts legitimate user information – usernames, user activity, computer specs, passwords, etc. Replay: The hacker illegally resends (or “replays”) the valid information they gathered to trick the receiver into thinking that they are a genuine user. Here’s an example: John transfers funds from one online banking account to another. A hacker illegally captures that transaction message (which is often accompanied by a digital signature or token) and “replays” that same transaction message multiple times to trigger additional fund transfers, all without the genuine user’s knowledge or permission. The bank doesn’t recognize a problem because the “replayed” transaction messages includes the legitimate digital signature/token, so the bank approves the additional transfers. Replay attacks aren’t just used for banking transactions. They can be used for various activities, such as: Internet of Things (IoT) device attacks: IoT devices include a multitude of “smart home” devices such as smart plugs, cameras, locks, appliances, speakers, lights, and more. Vulnerabilities in these devices can allow hackers to replicate commands to these devices that seem legitimate, such as turning on cameras, unlocking doors, and disabling security systems.[4] Remote keyless entry systems for vehicles: Most vehicles use a remote key fob to lock and unlock the doors. This key fob usually uses radio waves to send the lock/unlock signal to the car. Hackers can use a device to receive and transmit radio waves near a person’s vehicle that mimic that same lock/unlock signal, and then “replay” that signal to unlock the person’s car themselves.[5] Text-dependent speaker verification: Some people use voice recognition to verify their identity when accessing an account or system. Hackers can record a person’s voice when the person speaks to verify their identity, and then “replay” that voice recording to fraudulently access the account.[6] How to prevent replay attacks Replay attacks are dangerous because they are often unnoticed or overlooked until the damage has already been done. Fortunately, there are ways to stop hackers from using replay attacks to access your customers’ personal information. Device intelligence: By leveraging unique intelligence about the device being used, replay attacks can be thwarted even when fraudsters are using authentic, but stolen, information. Time stamping: By forcing a timestamp on all sent and received messages, you can prevent hackers from sending repeated messages with legitimate information obtained illegally. Geolocation review: By identifying suspicious language and/or time zones, you can compare access routes to confirm customers are authentic and secure. Why it matters for your business Consumers in the U.S. value network security more than ever, with 70% rating security a top priority, even over personalization and convenience.[7] People want to feel safe online, and if they experience a threat of identity theft or fraud, they’ll need to find a reliable resource to keep their personal information secure. Successful replay attacks allow fraudsters to impersonate real users and potentially gain partial or full access to their personal online accounts. If your customers fall victim to these kinds of attacks, the resulting stress may have a negative impact on your relationship with them. With our fraud management solutions, your business can strengthen your customers’ trust and security by leveraging highly trained fraud analysts to help uncover suspicious activity that might not be noticed otherwise. Lower fraud losses and achieve fraud capture rates that exceed industry averages. Protect your customers by using a covert, frictionless solution the reduces false positives. Improve operational efficiency by prioritizing resources across the board. Protect your consumers with powerful fraud management solutions 63% of consumers say it’s important for businesses to be able to recognize them online, and 81% say they are more trusting of businesses that can accomplish easy and accurate identification.[8] While replay attacks can cause consumers stress and anxiety, taking action to prevent them can fortify a strong, trusting relationship between your business and your customers. Protect your customers and prevent replay attacks with our powerful fraud management solutions. Get started [1] IdentityTheft.org, 2024 Identity Theft Facts and Statistics. [2] Javelin, 2024 Identity Fraud Study: Resolving the Shattered Identity Crisis. [3] CyberArk, Report: 93% of Organizations Had Two or More Identity-Related Breaches in the Past Year, May 2024. [4] Hackster.io, IoT Devices May Be Susceptible to Replay Attacks with a Raspberry Pi and RTL-SDR Dongle, 2017. [5] Automotive World, How to mitigate vulnerabilities in keyless entry systems, 2023. [6] Antispoofing, Audio Replay Attacks and Countermeasures Against Them, 2022. [7] 2018 Experian® Global Fraud Report [8] Experian® 2024 Identity and Fraud Report Highlights Evolving Fraud Landscape This article includes content created by an AI language model and is intended to provide general information.

2023-2024 Experian Data Breach Response Guide Learn how you can boost your preparedness against cyberattacks—download the new guide now. As the proliferation of connected devices and third-party integrations accelerate, organizations are becoming more exposed to risk. Your attack surface is expanding, and it’s a hacker’s dream. But their dream is your nightmare. While there will always be at least one monster hiding under the bed, being prepared and having a plan can help you sleep easier and soften the blow when an attack does happen. How likely is your organization to be the victim of an attack? As pointed out in the 9th Annual Experian Data Breach Response Guide, “Cyber attacks happen once every 39 seconds.[1]  There’s no time to rest, and no time to let your guard down. It’s just a matter of time before your data becomes a target, whether it is a direct hit to your organization or through a third-party supply chain attack (one of the latest trends hackers are using to gain access to huge amounts of data in just one sweep). You never know when your day will come, so being prepared now is the only way. 15% fewer incidents occur on average for customers with a plan.[2] Having fewer incidents helps keep your data safer and your bottom line healthier as the cost of a data breach continues to break records year after year. Learn How You Can Be Prepared Our 2023-2024 Data Breach Response Guide has been updated with the latest predictions, trends, and expert advice based on real-world experience. This is the ninth year I’ve rolled out this guide, and it gets better every year, with deeper insights into the state of cyber threats across industries and current best practices, and step-by-step guidance for creating, testing and implementing a plan for your business. Highlights include: Third-party breaches are rising — A partner breach make up 62% of system intrusions.[3] Healthcare and financial services have the highest volume of breaches, representing over half the share of breaches serviced by Experian in 2022.[4] How having a response plan can save your business—90% of consumers are more forgiving of companies that had a response plan before a breach.[5] How Experian Data Breach Solutions can help your organization respond quickly to and minimize the impact of a data breach Ready to Get Started? A data breach preparedness plan is never a one-and-done deal. It needs to evolve along with the cyber threats it is meant to conquer. Experian is a partner you can trust. We continue to expand our product offerings, keep our eyes and ears on the lookout for rising threats and trends, and use our years of experience to support our partners when they need us most. Download the latest edition of the Experian® Data Breach Guide [1] Zippia, 30 Crucial Cybersecurity Statistics [2023]: Data, Trends and More. [2] Experian Data June 2023 [3] Resmo, Third-Party Data Breach Statistics. [4] Experian Data June 2023 [5] Experian Data Breach Consumer Survey.

Reflections, New Predictions, and What to Expect by 2033.  Where We’ve Been: A Cybersecurity Recap It’s been a decade since Experian released its first forecast. At the time, hacker activity was heating up, and breach "fatigue" was setting in. The report highlighted the budding threat of healthcare incidents, started a conversation about the connection between the cloud, big data, and big international breaches, and was one of the first—if not the first preparedness and response organization to sound the alarm on the cyber insurance surge. Fast forward to 2023: Clever cybercriminals have not slowed, and data breaches are busier and livelier than ever, with cyberattacks costing organizations $2.9 million every minute1, with major businesses suffering losses of $25 per minute.2 Hold on to your keyboard if you’re wondering where the cybercriminals could go next. The Tenth Annual Experian Data Breach Industry Forecast findings offer a road map into the future. findings offer a road map into the future. Literally. It outlines how modern technology, cyber resilience, and cyber recovery will play a role in the next generation of attacks. With six predictions instead of five, this year’s report also candidly reflects on what we got right and where we missed the mark over the last nine years while homing in on what 2023 and 2033 could bring. Nearly 70% of business leaders feel their cybersecurity risks are increasing, and only 5% of companies2 data is probably protected.3 Where We Are: Reality. It’s Not Quite What It Seems With more than 80% of U.S.4 adults expressing some concern about the metaverse and deepfake-enabled attacks up 53% from 2021,5 2023 could see cyberattacks move into unprecedented and unchartered territory. Will keyboards and screens become easy gateways to widespread attacks in seen and unsuspected ways for corporate entities and consumers alike? What about the continued rise of remote work? Will its staying power reveal vulnerabilities? As technology evolves, so too can scams and increased risk. Are you prepared? Globally, cybercrime is on track to cost $10.5 trillion annually by 2025.6 Where We’re Headed: Today and 10 Years From Now The Tenth Annual Data Breach Industry Forecast isn’t a crystal ball, but it’s close. With now ten reports issued and over 18 years of experience servicing, researching, and tracking data breaches, I’ve encountered almost everything in the what-if world of preparedness drills and real-world live incident responses. I’ll end with this fact. Only time will tell what happens next. Until then, if you’re a CISO, cyber risk insurer, CFO, General Counsel, or other professional responsible for or connected to cybersecurity preparedness and response, I recommend you review the Tenth Annual Experian Data Breach Industry Forecast. Your company’s future could depend on it. Read the 2023 Experian Data Breach Industry Forecast 1-2 https://businessinsights.bitdefender.com/what-are-the-biggest-cyber-threats-of-the-future 3 https://www.accenture.com/_acnmedia/PDF-96/Accenture-2019-Cost-of-Cybercrime-Study-Final.pdf#zoom=50 4-5 https://www.varonis.com/ 6 Cybersecurity Ventures, Cybercrime Magazine

Experian’s latest Global Insights Report found that more than half of consumers have increased their online spending in the last three months, and 50% say it will increase in the next three months. Life online is here to stay, and consumer expectations have shifted, giving businesses and opportunity to sink or swim when building trust and gaining loyalty. This spring, Experian surveyed 6,000 consumers and 2,000 businesses across all industries to learn more about how, why, and where consumers are interacting with businesses online. Our research found that: Experience is top of mind, with 81% of consumers saying that a positive online experience makes them think more highly of a brand Digital payment options are on the rise with 62% of consumers using mobile wallets and 57% considering buy now, pay later as a replacement for their credit card Security is still a big factor, but 73% of consumers say the onus is on businesses to protect them online Download the report to get all the latest insights into consumer sentiment and how recent changes are impacting business priorities and investments. Download the report

The ongoing COVID-19 pandemic has facilitated an increase in information collection among consumers and organizations, creating a prosperous climate for cybercriminals. As businesses and customers adjust to the “new normal,” hackers are honing in on their targets and finding new, more sophisticated ways to access their sensitive data. As part of our recently launched Q&A perspective series, Michael Bruemmer, Experian’s Vice President of Data Breach Resolution and Consumer Protection, provided insight on emerging fraud schemes related to the COVID-19 vaccines and how increased use of digital home technologies could lead to an upsurge in identity theft and ransomware attacks. Check out what he had to say: Q: How did Experian determine the top data breach trends for 2021? MB: As part of our initiative to help organizations prevent data breaches and protect their information, we release an annual Data Breach Forecast. Prior to the launch of the report, we analyze market and consumer trends. We then come up with a list of potential predictions based off the current climate and opportunities for data breaches that may arise in the coming year. Closer to publication, we pick the top five ‘trends’ and craft our supporting rationale. Q: When it comes to data, what is the most immediate threat to organizations today? MB: Most data breaches that we service have a root cause in employee errors – and working remotely intensifies this issue. Often, it’s through negligence; clicking on a phishing link, reusing a common password for multiple accounts, not using two-factor authentication, etc. Organizations must continue to educate their employees to be more aware of the dangers of an internal breach and the steps they can take to prevent it. Q: How should an organization begin to put together a comprehensive threat and response review? MB: Organizations that excel in cybersecurity often are backed by executives that make comprehensive threats and response reviews a top corporate priority. When the rest of the organization sees higher-ups emphasizing the importance of fraud prevention, it’s easier to invest time and money in threat assessments and data breach preparedness. Q: What fraud schemes should consumers be looking out for? MB: The two top fraud schemes that consumers should be wary of are scams related to the COVID-19 vaccine rollout and home devices being held for ransom. Fraudsters have been leveraging social media to spread harmful false rumors and misinformation about the vaccines, their effectiveness and the distribution process. These mistruths can bring harm to supply chains and delay government response efforts. And while ransomware attacks aren’t new, they are getting smarter and easier with people working, going to school and hosting gatherings entirely on their connected devices. With control over home devices, doors, windows, and security systems, cybercriminals have the potential to hold an entire house hostage in exchange for money or information. For more insight on how to safeguard your organization and consumers from emerging fraud threats, watch our Experian Symposium Series event on-demand and download our 2021 Data Breach Industry Forecast. Watch now Access forecast About Our Expert: Michael Bruemmer, Experian VP of Data Breach Resolution and Consumer Protection, North America Michael manages Experian’s dedicated Data Breach Resolution and Consumer Protection group, which aims to help businesses better prepare for a data breach and mitigate associated consumer risks following breach incidents. With over 25 years in the industry, he has guided organizations of all sizes and sectors through pre-breach response planning and delivery.

Any responsible business manager knows that protection business and client data is a vital part of running a success organization. Now a new report identifies key factors that can improve a company’s ability to avoid hacks and prevent data breaches. And here’s the good news: These tactics really work. During 2018, the number of personal records exposed in data breaches soared — a total of 446.5 million pieces of data – an increase that was more than double the number of records breached during 2017, according to the Identity Theft Resource Center. The business, healthcare and financial sectors were the top three sectors hit, with hacking being the most common form of attack. But among the companies surveyed in the latest annual study sponsored by Experian Data Breach Resolution, there are important signs of hope. Despite the startling increase in the number of records stolen by data thieves – a gain of 126 percent – the number of survey participants reporting a breach increased by just 5 percent. This trend demonstrates that while hackers might be grabbing more data when they do manage to crack a database, the smaller increase in total breaches reported in the survey indicate that a growing number of institutions are improving their abilities to fend off cybercriminals. What’s their secret?  To encourage more effective strategies to handle and prevent breaches, “Is Your Company Ready for a Big Data Breach?” uncovers several important lessons learned from companies that are successfully insulating themselves – and their customers – from data theft.  Prevention is the best response: The overarching lesson that researches found is that an effective data breach response plan starts with preventing breaches in the first place, rather than reacting after customer and business data has been stolen. Of the 643 U.S. business people surveyed who work on privacy, compliance and IT security, 29 percent reported that their organizations had prevented any breach involving more than 1,000 records for the past two years. Rate your plan: The Ponemon researchers found that the percentage of companies that find their data breach response plans to be very effective increased from 42 percent in 2016 to 52 percent in 2018. Not surprisingly, more people at organizations that didn’t report a breach rated their response plans as effective – 62 percent – while 45 percent of those at companies that suffered data theft nonetheless felt their plans were effective.  Money matters: Ponemon researchers found that more investment in cybersecurity technology seemed to pay off. One of the most common factors among companies that prevented breaches was increased spending on technology to detect and prevent attacks. Of companies that prevented breaches, 73 percent increased their tech spending, versus 61 percent of those companies that were breached.  No train, no gain: An even bigger improvement came from training employees and making them aware of privacy and data protection issues and practices. The likelihood of a data breach was significantly reduced when awareness training specifically targeted employees and other stakeholders in business processes who work with or access sensitive or confidential personal data. At organizations that implemented training, 79 percent avoided a breach versus 69 percent of those that were hacked.  Cybersafety starts at the top: Executive engagement also matters. Making data security a priority among C-suite executives and corporate board members translates into keeping records safer. The study found that 54 percent of executives and 39 percent of directors were knowledgeable and engaged in planning data breach responses. At companies that were breached, 49 percent of executives and 32 percent of board members were involved with cybersecurity response.  Sharing is caring: Another key finding in preventing breaches is that organizations that sharing their insights and experiences in handling and preventing breaches improved their cybersafety. Operations that participated in learning about data protection and hacks from industry peers and government agencies were more likely to avoid a breach – 59 percent of those who joined sharing programs didn’t suffer an attack, while 46 percent of those participating experienced a breach.  Cybersafety is a process: Finally, organizations that want to stay cyber-safe might want to adopt the Boy Scout motto, “Be Prepared.” Companies that successfully prevented a data breach took several preventive measures to guard against attacks. That includes conducting regular reviews of physical security and access to confidential information, instituting third-party cybersecurity assessments, making data breach response part of their business continuity plans and creating backup websites that can be activated to provide content and information should a breach occur. For the study, Ponemon researchers surveyed 643 professionals working in information technology and security, compliance and privacy who deal with data breach response plans in their organizations. The entire comprehensive survey of cybersecurity practices – “Sixth Annual Study: Is Your Company Ready for a Big Data Breach?” – is available to download now. The Ponemon Institute, headquartered in Traverse City, Michigan, conducts independent research on data protection and emerging information technologies. Experian Data Breach Resolution helps businesses of all sizes manage the risk of fines, customer loss, negative press and litigation due to a breach of data, and is a subsidiary of Experian, the global leader in consumer and business credit reporting and marketing service operating in 80 countries. Download the Ponemon study Learn more about our Data Breach solutions

From malware and phishing to expansive distributed denial-of-service attacks, the sophistication, scale and impact of cyberattacks have evolved significantly in recent years. Mitigate risk by employing these best practices: Manage third-party risks. Regularly review response plans. Opt in to software updates. Educate, educate, educate. Organizations must adopt stronger, more advanced technical solutions to protect sensitive data. While enhanced technology is necessary for defending against data breaches, it can’t work independently. Learn more

From malware and phishing to expansive distributed denial-of-service attacks, the sophistication, scale, and impact of cyberattacks have evolved significantly in recent years. With data breach as the new normal, organizations must adopt stronger, more advanced technical solutions to protect sensitive data. While enhanced technology is necessary for defending against data breaches, it cannot work independently of precautionary, often-overlooked measures like risk assessment, threat information sharing, or employee awareness and education. Even with the most cutting-edge defense systems in place, companies can’t underestimate the importance of employing fundamental security practices to mitigate cyber threats. In a climate where the risk of a data breach continues to grow, preparation is critical. “The Fifth Annual Study: Is Your Company Ready for a Big Data Breach?,” sponsored by Experian Data Breach Resolution and conducted by the Ponemon Institute, examines how organizations stack up in data breach preparedness. Organizations can help mitigate risk by employing the below best practices: Manage third-party risks: A cyberattack on partners or vendors can have dire consequences for an organization, regardless of how exhaustive its own security measures may be. The risk resulting from a third-party’s lax security measures is too great to ignore. However, only 48 percent of organizations conduct assessments on third-party cybersecurity tactics. Regularly review response plans: The threat and severity of data breaches are continually changing. Keeping a pulse on vulnerabilities is vital for any company. However, 40 percent of respondents say they don’t have scheduled times to review and update their data breach response plan. A staggering 26 percent report not reviewing or updating their organization’s plan after implementation. Opt-in to software updates: Outdated software exposes areas susceptible to infiltration, increasing a company’s risk of attack. Despite such risk, only 26 percent of respondents say employees are required to update software systems regularly. Organizations should require that all employees have the most up-to-date software available. Educate, educate, educate: Data breaches caused by employee negligence are a concern of 80 percent of respondents. Because of their access to a company’s computers, systems, and networks, employees must be actively involved in an organization’s data breach defense. Organizations should conduct regular training and awareness programs on the consequences of mishandling sensitive confidential information. Data breach preparedness is a multifaceted effort that requires cross-company support and involvement. Organizations can’t rely solely on technological solutions to thwart cyber threats. Having a solid response team in place and a well-defined process are fundamental elements of a data breach response plan that, though seemingly basic, should never be overlooked. Download our Fifth Annual Data Breach Preparedness Study

Cybersecurity cannot be successful if siloed. The entire organization must be part of the effort. Take these steps to ensure a more engaged relationship between cybersecurity teams, C-suite executives and other departments: Make the company’s chief information officer accountable directly to the chief executive officer and/or the board. Train employees at every level to spot security risks and to understand their role in protecting the entire organization from cyberattacks. Put cybersecurity on the agenda for every board and executive-level meeting, and incorporate it into quarterly state-of-the-company, all-hands meetings. With cybersecurity threats evolving and escalating daily, companies need to make engagement a priority that starts at the top and continues through every level of the organization. Increasing engagement in cybersecurity >

  There’s a consensus that too many C-suite executives are disengaged with their organization’s cybersecurity efforts. That indifference can seriously hamper an organization’s ability to quickly and effectively respond to an incident. To best protect the organization, cybersecurity professionals should take the following steps to increase engagement: Pinpoint the greatest cybersecurity issues your organization faces and create descriptive verbiage that simplifies these risks. Engage in one-on-one meetings with key leaders to help them understand how cybersecurity risks affect not only the overall organization, but their domain as well. Stage a cybersecurity simulation exercise for your C-suite executives in which members role-play a data breach scenario. Leadership is not the only department that should be invested in protecting the organization. Next week, we’ll look at how to engage the entire organization in cybersecurity efforts. If you’d like, you can jump ahead and read it now. Increasing engagement in cybersecurity

Turns out, Americans still don’t know much about CyberSecurity. That’s according to new research from the Pew Data Center, which conducted a cybersecurity knowledge quiz. The 13 question quiz was designed to test American’s knowledge on a number of cybersecurity issues and terms. A majority of online adults can identify a strong password and recognize the dangers of using public Wi-Fi. However, many struggle with more technical cybersecurity concepts, such as how to identify true two-factor authentication or determine if a webpage they are using is encrypted. As we in the industry know, cybersecurity is a complicated and diverse subject, but given the pervasiveness of news around cybersecurity, I was still a little surprised by the lack of knowledge. The typical (median) respondent answered only five of the 13 questions correctly (with a mean of 5.5 correct answers). 20% answered more than eight questions accurately, and just 1% received a “perfect score” by correctly answering all 13 questions. The study showed that public knowledge of cybersecurity is low on some relatively technical issues, like identifying the correct example of multi-factor authentication, understanding how VPNs minimize risk and knowing what a botnet is. On the flip side, the two questions that the majority of respondents answered correctly included identifying the strongest password from a list of four options and understanding that public Wi-Fi networks have risk even when they are password protected. Given the median scores, I was proud of missing only one question – guess I have more reading to do on Botnets. As an industry, it is our duty to not only create systems and securities to improve the tactical effectiveness of fraud prevention, but to educate consumers on many of these topics as well. They often are the first line of defense in stopping fraud and reducing the threat of breaches.

Technology sharing can unlock a more effective strategy in fighting fraud. Experian’s multi-layered and risk-based approach to fraud management is discussed as many businesses are learning that combining data and technology to strengthen their fraud risk strategies can help reduce losses. Evolving fraud schemes, changes in regulatory requirements and the advent of new digital initiatives make it difficult for businesses to manage all of the tools needed to keep up with the relentless pace of change.

2017 data breach landscape Experian Data Breach Resolution releases its fourth annual Data Breach Industry Forecast report with five key predictions What will the 2017 data breach landscape look like? While many companies have data breach preparedness on their radar, it takes constant vigilance to stay ahead of emerging threats and increasingly sophisticated cybercriminals. To learn more about what risks may lie ahead, Experian Data Breach Resolution released its fourth annual Data Breach Industry Forecast white paper. The industry predictions in the report are rooted in Experian's history helping companies navigate more than 17,000 breaches over the last decade and almost 4,000 breaches in 2016 alone. The anticipated issues include nation-state cyberattacks possibly moving from espionage to full-scale cyber conflicts and new attacks targeting the healthcare industry. "Preparing for a data breach has become much more complex over the last few years," said Michael Bruemmer, vice president at Experian Data Breach Resolution. "Organizations must keep an eye on the many new and constantly evolving threats and address these threats in their incident response plans. Our report sheds a light on a few areas that could be troublesome in 2017 and beyond." "Experian's annual Data Breach Forecast has proven to be great insight for cyber and risk management professionals, particularly in the healthcare sector as the industry adopts emerging technology at a record pace, creating an ever wider cyber-attack surface, adds Ann Patterson, senior vice president, Medical Identity Fraud Alliance (MIFA). "The consequences of a medical data breach are wide-ranging, with devastating effects across the board - from the breached entity to consumers who may experience medical ID fraud to the healthcare industry as a whole. There is no silver bullet for cybersecurity, however, making good use of trends and analysis to keep evolving our cyber protections along with forecasted threats is vital." "The 72 hour notice requirement to EU authorities under the GDPR is going to put U.S.-based organizations in a difficult situation, said Dominic Paluzzi, co-chair of the Data Privacy & Cybersecurity Practice at McDonald Hopkins. "The upcoming EU law may just have the effect of expediting breach notification globally, although 72 hour notice from discovery will be extremely difficult to comply with in many breaches. Organizations' incident response plans should certainly be updated to account for these new laws set to go in effect in 2017." Omer Tene, Vice President of Research and Education for International Association of Privacy Professionals, added "Clearly, the biggest challenge for businesses in 2017 will be preparing for the entry into force of the GDPR, a massive regulatory framework with implications for budget and staff, carrying stiff fines and penalties in an unprecedented amount. Against a backdrop of escalating cyber events, such as the recent attack on Internet backbone orchestrated through IoT devices, companies will need to train, educate and certify their staff to mitigate personal data risks." Download Whitepaper: Fourth Annual 2017 Data Breach Industry Forecast Learn more about the five industry predictions, and issues such as ransomware and international breach notice laws in our the complimentary white paper. Click here to learn more about our fraud products, find additional data breach resources, including webinars, white papers and videos.

Adam Fingersh, senior vice president and general manager of Experian’s fraud and identity business, shared several fraud prevention strategies that businesses and consumers can use to manage risk and increase security while using Internet-enabled products, also known as the Internet of Things (IoT).