2015 year of collateral damage’ in cyber

2015 year of collateral damage’ in cyber | Insurance Business

2015 year of collateral damage’ in cyber
2015 was the “Year of Collateral Damage” in cyber security as cyber attacks “touched people who never dreamed they might be involved in a security breach,” according to a new report.

The HP Enterprise Security Research Cyber Risk Report 2016 noted that two high profile attacks in particular caused concern for those who would be otherwise safe.

“If 2014 was the Year of the Breach, 2015 was the Year of Collateral Damage as certain attacks touched people who never dreamed they might be involved in a security breach,” the report states.

“Both the United States Office of Personnel Management (OPM) and the Ashley Madison breaches affected those who never had direct contact with either entity, and whose information resided in their networks only as it related to someone else—or, in the case of the Ashley Madison breach, did not appear at all but could be easily deduced from revealed data.

“With the OPM breach, the true targets of the breach may be people who never themselves consented to inclusion in the OPM database—and who may be in danger thanks to its compromise.

“Data compromise is no longer just about getting payment card information. It’s about getting the information capable of changing someone’s life forever.”

The interconnectivity of this data provides brokers with further information to approach clients with that highlight the importance of cyber cover for a range of businesses.

The report also notes that businesses using apps are also becoming more of a target for hackers and cyber criminals as they provide the easiest way into a network.

“The perimeter to your network is no longer where you think it is,” the report continues.

“With today’s mobile devices and broad interconnectivity, the actual perimeter to your network is likely right in your pocket.

“Attackers realise this as well and have shifted their focus from servers and operating systems directly to applications.

“They see this as the easiest route to accessing sensitive enterprise data and are doing everything they can to exploit it.

‘Today’s security practitioner must understand the risk of convenience and interconnectivity to adequately protect it.”

The report concludes that, whilst the threat of cyber attack is not going away, smart businesses will still be able to protect themselves.

“In the coming years, the complexities of legislation and international events will have a greater impact in the realms of security and privacy,” the report concluded.

“As a result, network defenders need to understand the complexities of privacy issues as thoroughly as they understand the impact of security vulnerabilities. Instead of symmetric responses to threats, tomorrow’s network defender must understand how to respond asymmetrically to threats through automated analysis, wide-reaching fixes, and a community-based defense.

“While the threat of cyberattack is unlikely to go away, thoughtful planning can continue to increase both the physical and intellectual price an attacker must pay to successfully exploit an enterprise.”