Cybersecurity is guaranteed to make big headlines in 2015, according to one computer fraud expert.
Why? Just look at 2014, says security pro Kent Schneider. Home Depot. Target. Staples. Sony. Schneider says that with so many major companies getting hacked over the past several months, it's no wonder "60 Minutes" called 2014 the "year of the data breach."
Schneider, former international president and CEO of the Armed Forces Communications and Electronics Association (AFCEA), says that while 2014 was a landmark year for data breaches, 2015 could be even more significant. "Over the next year, we'll see numerous new incidents," Schneider predicts, "but we'll also see movement toward building a new infrastructure designed to fix the system."
Schneider predicts four notable milestones will impact cybersecurity in 2015:
More breaches. At an October cybersecurity event cohosted by the U.S. Secret Service, the FBI and the Financial Services Roundtable, officials reported that hackers have stolen more than 500 million financial records in the last year. But that was just the beginning, Schneider says. Joseph Demarest, Jr., assistant director of the FBI's cyber division, made a blunt prediction to event attendees: "You're going to be hacked." Schneider agrees: "It's not a matter of whether, but when."
The EMV chip credit card rollout. In an attempt to stem credit card fraud, U.S. issuers are replacing traditional cards with the EMV chip-enabled cards already in use in Europe and around the world. The majority will be shipped to consumers ahead of the October 2015 deadline when retailers and card issuers could become liable for credit card fraud losses if they don't upgrade to the new system. While the EMV rollout may cut down on card counterfeiting, it only treats a symptom, not the disease itself. "It won't fix the fundamentally flawed system, in which fraudsters exploit insecure rights management and access controls," Schneider says.
Working to remove human error and criminal intentions. Many of the notable breaches in 2014 happened because the wrong people had too much access to private data, Schneider says. In most enterprises, effective rights management and access controls are lacking and not integrated with existing systems, which is a major issue since up to a third of cyber-crimes are committed by insiders. According to Schneider, one of the most effective methods of fixing the system will be to lock the human element out of security systems – as least the parts where human error or malicious behavior can cause problems.
Diminishing the role of the password. Schneider predicts that professional cybercriminals will continue to get smarter, but thankfully, so will security technology and processes. He points to the importance of creating an unbroken chain of trust between the user and the enterprise in order to remove any holes for a cybercriminal to exploit. "An essential way to close the gaps is to remove our over-reliance on passwords," Schneider says. To that end, enterprise security is moving toward biometrically enabled credentials for each user – a retinal scan, fingerprint, facial recognition or voice print for every access session. "Most data breaches occur through impersonation of a valid user, and in most enterprises the current ID verification – often simple user IDs and passwords – is woefully inadequate," he says.
Schneider says 2015 won't be boring when it comes to cybersecurity. "I predict that industry and government agencies who have responsibility for securing computer systems will be looking for more than the patchwork and plug-the-dike approaches we've seen over the past few years. Consumers are demanding better security for their data, and industry must respond," he said.