Cyber risks evolving to hit less traditional targetsReprints
Last year was the year of collateral damage with respect to cyber risks with attacks touching people “who never dreamed they might be involved in a security breach,” says Hewlett-Packard Co. in a report issued Wednesday.
The Palo Alto, California-based information technology firm says in its “Cyber Risk Report 2016” that the United States Office of Personnel Management and extramarital affairs website Ashley Madison were among those hit by cyber breaches in 2015.
“Data compromise is no longer just about getting payment card information. It's about getting the information capable of changing someone's life forever,” says the report.
Other key themes last year were:
• “Overreaching regulations push research underground.” Too often, says the report, legislation “incurs unwanted consequences to go along with the intended result.”
• “Moving from point fixes to broad impact solutions,” which “strains the resources of both the vendor developing the patch and the customer deploying the patch.”
• “Political pressures attempt to decouple privacy and security efforts.” Many lawmakers in the U.S., the United Kingdom and elsewhere “claimed that security was only possible if fundamental rights of privacy and due process was abridged,” says the report.
• The industry's failure to learn anything about patching in 2015. “While vendors continue to produce security remediation, it does little good if they are not installed by the end user,” the report says.
• Attackers have shifted their efforts to directly target applications. “They see this as the easiest route to accessing sensitive enterprise data and are doing everything they can to exploit it,” says the report.
• The “monetization” of malicious software, which “has led to an increase in ATM-related malware, banking Trojans and malware,” says the report.