2015 has been a big year in cybersecurity. We’ve seen some of the biggest data breaches on record, fallout from crippling hacktivism attacks (see Ashley Madison and the spillover from 2014’s Sony Pictures hack), and new highs in security spending. We’ve also seen data breaches, cyberattacks, and other security issues receiving more attention globally, both in the newsroom and at the government level. Looking back, here are four of the top trends in cybersecurity for 2015.
1. Attackers continue to increase in reach and creativity
Never mind the “sophisticated attacks” you keep seeing in headlines. While attacks are without a doubt growing in sophistication, even more so 2015 has seen many attackers using the same old tactics but in more creative ways. Social engineering attacks like spear phishing have become more targeted and resourceful, relying on information from previous data breaches as well as crafty cyber sleuthing to make their efforts even more effective. The best example of this came in May, when the IRS reported that cybercriminals had used stolen PII from previous, unrelated data breaches to gain unauthorized access to IRS accounts and steal tax return information for over 100,000 U.S. households. That information was used to file fraudulent tax returns, resulting in the refunding of around 15,000 filings.
2. The healthcare industry emerges as the top target for cybercriminals
The healthcare sector solidified its place as the favorite target for cybercriminals in 2015 – in fact, recent research from Raytheon/Websense found that the healthcare industry sees 340% more security incidents than industry at large. The study also found that healthcare firms are 200 percent more likely to lose data in security incidents and 400 percent more likely to fall victim to advanced malware. These figures are reflective of the state of cybersecurity in the healthcare industry; given healthcare firms’ lack of IT funding and other security resources, it makes sense that healthcare data continues to be low hanging fruit for attackers. The year’s mega breaches in healthcare tell the tale here, with the top five – Anthem, Premera, Community Health Systems, Carefirst, and Systema – totaling just shy of 100M records lost.
3. A major increase in state-sponsored cyberattacks
2015 saw more than its fair share of highly targeted cyberattacks with state backing – many of them coming from China. It’s widely believe that many of the healthcare attacks mentioned above were the work of Chinese espionage, particularly the attacks on Anthem and Premera. The FBI hasn’t been shy about attributing (sometimes in speculation) multiple major cyberattacks to China as well, including the OPM hack. May saw the indictment of five hackers from the Chinese military, followed by a a warning from the FBI in June that Chinese hackers were targeting major U.S. companies using the Sakula malware. With so many PII-harvesting attacks being attributed to China this year, many experts believe that Chinese hackers are compiling profiles of millions in the U.S., particularly intelligence agents. Last Friday it was announced that President Obama and Chinese President Xi Jinping came to an an agreement to end cyberattacks, but if recent discoveries - most notably Operation Iron Tiger and the 3102 malware attacks on U.S. Government and the E.U. Media - are any indication, a true cyber ceasefire for state-sponsored hacking may be yet to come.
4. Cybersecurity goes mainstream
This is another trend that we’ve watched grow over the past few years, but there’s no question that cybersecurity made it to the forefront of mainstream and even pop culture focus in 2015. From record breaking attendance at conferences like RSA, Black Hat, and Defcon to the tabloid-like media frenzy following the Ashley Madison data breach to Hollywood productions like Mr. Robot, CSI Cyber, and the Black Hat movie, cybersecurity is “in.” We can only hope that this heightened attention spills over to improved cyber legislation and prioritization of security in the private sector.
Of course, many of these trends have been developing for several years, and it’s likely that they will only continue to grow through 2016 – but we’ll save our 2016 predictions for another post.
Advanced Threat Protection - Building a Kill Chain Defense
Detect and stop targeted attacks with a data-centric approach that protects sensitive data regardless of the source of attack.
Related ArticlesAmericans and Cybersecurity: Five Surprising Facts
Most Americans have been the victim of a cybercrime, and don’t expect things to get better anytime soon.Seek Evil, and Ye Shall Find: A Guide to Cyber Threat Hunting Operations
On the heels of our Cyber Hunting Safety webinar, here’s a guide on where to start in your own cyber threat hunting efforts.How to Avoid Cyber Alert Fatigue: Tips from Infosec Pros
23 cybersecurity pros discuss the best ways to avoid cyber alert fatigue.