“2017 will be a year of legal battles — between the internet giants and against federal regulators — while the promised consumer protections will fall short on enforcement,” Forrester writes.
More data breaches
Of course predicting more data breaches is not a real shocker. Forrester estimated that a Fortune 1000 company will succumb to a cyberbreach and ultimately close down.
There will be no improvement in the time companies take to react to a breach, Millis said. Ponemon Institute found that when a breach was identified within 100 days, average costs were $5.83 million per breach. However, if a breach went undetected for more than 100 days, costs rose nearly 40 percent.
Healthcare breaches will become as large and common as retail breaches, Forrester believes. The 2015 breach of Anthem that affected as many as 80 million patients will become commonplace. As a result of mergers, acquisitions, and other partnership arrangements, large healthcare insurer and provider conglomerates are only increasing in size — as is the critical patient information they store. The consolidation of providers leaves security fragmented with varying security levels.
Second, patient data carries unique, permanent information, such as genetic markers, and biometric data, such as fingerprints. For malicious attackers interested in ransom, blackmail, and espionage, this data will be too tempting not to grab. Given the critical nature of the services and the sensitivity of the data at risk, healthcare firms should spend on par with other critical infrastructure industries.
Mike Patterson, vice president of strategy at Rook Security, said there will be a billion-dollar breach. Costs for Anthem's breach reached hundreds of millions of dollars within a few months of its early 2015 disclosure that affected nearly 80 million accounts. Yahoo's acquisition by Verizon could see a devaluation or termination of the $4.8 billion deal value as a result of Yahoo's recent breach disclosure.
“If we are at the point where a big breach at a large enterprise can quickly generate hundreds of millions of dollars in costs or cost shareholders hundreds of millions of dollars in share purchases, we aren't far from a new breach in 2017 taking us over the $1 billion mark,” he said.
By contrast, Justin Giardina, CTO at iland, believes the “little guys” will be the next targets. “While historically, it was the biggest organizations with the most attractive data that got hacked, increasing numbers of malicious attacks targets smaller, often weaker, targets. So, we’ll see medium-sized enterprises raising their security and business continuity efforts.”
There will be a shift in focus from broad-based attacks to more targeted attacks against specific firms or individuals, says Scott Petry, CEO at Authentic8. The best evidence of this is the intellectual property theft against law firms, insider spoofed spear phishing to finance and HR people, ransomware targeting healthcare after Methodist paid out.
Sign up for Computerworld eNewsletters.