For the cyber security industry, 2014 was a year of high-profile hacks. Data breaches hit every sector, from retail stores and financial instiutions to health care providors, and the fall-out was felt from the C-suite to the man in the street. As we begin a new year of threats in a world where just being connected means being vulnerable to attack, predicting what’s next is a cottage industry all its own. While no one can be 100 percent certain what hackers will target next, you can bet breaches will continue to be a concern in 2015.
Year over year, data breaches are increasing in frequency. In a September 2014 survey by the Ponemon Institute*, sixty percent of respondents said their companies had more than one data breach, up eight percent from the year prior. Along with these intrusions, the amount of data being stolen is also on the rise. In the same sample, forty-three percent of respondents claimed a data breach involving the loss or theft of more than 1,000 records, an increase of 10 percent from 2013.
An industry that will likely continue to be an attractive target for cyber criminals is health care. According to the Identity Theft Resource Center, healthcare data accounted for 43 percent of major data breaches reported in 2013 and didn't slow in 2014. As noted in Websense Security Labs (WSL) 2015 Security Predictionsreport, the detailed information hospitals and other providers are required to collect and keep for the patients they treat –including names and addresses, financial details and insurance information – make them a one-stop shop for Personally Identifiable Information (PII) and losing that information isn’t cheap.
A June 2014 calculation by the Center for Strategic and International Studies estimated the annual cost of cybercrime and economic espionage to the world economy at more than $445 billion. In the United States health care industry, a large portion of that number results from government levied Health Insurance Portability and Accountability Act (HIPAA) fines of anywhere from $100 to $50,000 per violation. According to the 2015 workplan of US Department of Health and Human Services Office of Inspector General (OIG), HIPAA compliance will be a primary focus over the coming year with OIG comparing hospital contingency plans in the event of a breach against government -and industry-recommended practices and performing audits of other service providers to ensure regulatory compliance. While no organization can afford to ignore the importance of effective information security, the enormous regulatory pressures faced by the health care industry make Data Loss Prevention (DLP) execution and strategy paramount.
It’s been said that the more things change, the more they stay the same. While security technology continues to evolve, so do the aims and tactics of cyber criminals. Knowing what information you need to protect and having a strategy to do so is key to avoid becoming another casualty in this modern day conflict.
To read more about DLP risk reduction and execution visit: http://www.websense.com/content/dlp-practical-executives-guide.aspx and to explore further forecasts for 2015, see Websense Security Labs (WSL) 2015 Security Predictions report.
*Ponemon Institute (September 2014). Is Your Company Ready for a Big Data Breach? The Second Annual Study on Data Breach Preparedness