Fewer (but better) cyber-attacks for 2015 – mobile auto-logins and healthcare targeted
Wed 19 Nov 2014
A new report indicates that although the number of hacking attempts is likely to diminish next year, the abandonment of ‘carpet bombing’ techniques will be balanced by an increasingly targeted and more user-specific exploitation of Personally Identifiable Information (PII) in order to facilitate unauthorised access – and that these more elaborate attacks will be increasingly aimed at the healthcare sector.
The report, by cybersecurity firm Websense, identifies the healthcare sector as a significant attack vector for cyber-criminals because of the large amount of PII available in patient records. In the UK and the United States the slow and problematic progression away from paper-based medical records also means that the sector is currently more focused on the logistical problems of the transition than on security, providing a window of opportunity for attackers.
The report states: “In an environment still transitioning millions of patient records from paper to digital form, many organisations are playing catch-up when it comes to the security challenge of protecting personal data […] As a result, cyber-attacks against this industry will increase.”
Ajay Dubey, sales manager for Websense, told India’s The Economic Times : “The nature of cyber attacks is changing with criminals going for personally identifiable information, which can be used at a later date. Such attacks are expected to escalate as we go ahead.”
The Websense report also emphasise the increasing importance of exploiting auto-login capabilities of mobile apps in order to gain access to PII data.
Additionally cyber-incursions are likely to be increasingly aimed at countries which are achieving new-found economic prosperity or promise, and not all the motives behind the attack will be pecuniary:
“…because the barrier of entry for cyber activities is minimal compared to traditional espionage and war costs, we believe we will see an increase in loosely affiliated cells that conduct cyber-terrorist or cyber warfare initiatives independent from, but in support of, nation-state causes,”