With the ushering in of another new year, I find myself acting nostalgic, wondering where the previous year went and of course pondering the year ahead. Here are three security and commerce trends which will continue in 2017.
- Healthcare Data Breach
According to the Privacy Rights Clearinghouse, healthcare data breaches in 2016 comprised of 290 incidents that were reported or discovered. In 2015, there were only 82, resulting in a 254% increase in 2016! Healthcare data has a high monetizability and will continue to be targeted, so we can expect this trend to continue in 2017.
An important factor in the increase of data breaches is due to organizations not having security policies and procedures in place to protect their infrastructure. I’ve observed many healthcare organizations and service providers talk about having proper security assessments and penetration testing performed, even discussing the importance of a HITRUST certification, but only a handful actually have them done. Knowing where the vulnerabilities lie within your organization is a critical component in enhancing the security of your data.
- Hospitality – A Hacker’s Playground
Hospitality is another targeted sector that has had hundreds of incidents of data compromised and we will continue to see this happen in 2017. For many years I was able to work with breached merchants and advise them regarding security and forensic options. Unfortunately, many of these entities were the brand name hotels you and I often use during the course of standard business and personal travel.
I’ve observed the Hospitality industry continue to lag behind the retail sector both in terms of technology, as well as process and policy. PCI compliance in this sector isn’t necessarily an afterthought but is an overinflated self-assessment until the data breach occurs.
A classic example of a weak security policy that was in place at a prominent hotel that I stayed at during a business trip, is a photo that reads, If The Computer Shuts Down, the PW is [email protected]!. The photo illustrated a label on a hotel monitor with the password to login. Not only is this representative of a bad password policy but the entirety of the security culture at the hotel. This is the tip of the iceberg in the hospitality sector and will continue to facilitate hacks and data compromises of all sorts in 2017.
- A Positive Trend – EMV and US Retailers
EMV, a technical standard created by Europay, MasterCard, and Visa, increases the security of using credit cards during payment transactions. Credit card fraud is usually caused by “leaky” POS systems, but the use of EMV cards, or smart cards that have a chip or PIN, makes it difficult to clone a card and steal data.
In 2017, US retailers employing chip card readers will dramatically increase due to merchant liability incentives from Visa. By the end of the year, you should be able to insert your card in at least 4 out of 10 merchants visited. The one exception is gas pumps since Visa has granted exceptions until 2020, but many chains such as Maverik will start implementing the chip card readers sooner than later.