Jason Hart, VP & CTO of Gemalto, is a pro at spotting trends in cyber attacks. His company (which offers a host of digital security solutions) recently released its Breach Level Index for 2015, revealing a notable shift in attacks.
“In 2014 we saw a lot of attacks involving financial information and credit card data,” said Hart, who spoke with Richard Stiennon at the 2016 RSA Conference in San Francisco. “What we see in 2015 is the attack factors have changed and the bad guys are going after low-hanging fruit.”
Instead of banking info, malicious actors are looking for login credentials.
“For me that’s a bigger problem than credit card information,” Hart continued. “If my credit card data is captured or compromised, it’s easy for me to replace my credit card. But if my user credentials and other personal information are compromised, I have no visibility. I can’t just go and swap out a new card. And for me, that’s unforeseen risk.”
And that may only be the tip of the iceberg. Every year it seems as if enterprises endure the worst security breaches of all time, but they always get worse. Hart anticipates a greater number of breaches in the future, and he expects them to be larger and make a bigger impact on those who are hit.
“The next big attacks that we’re going to see are going to be integrity-based,” Hart warned. “With the integrity of the data being changed, there’s going to be a lag effect.”
Consequently, it could take up to two years before anyone realizes that an attack has occurred. During that time threat actors may be able to manipulate data to their advantage.
“I live in England in a very rural village,” said Hart. “I have two neighbors. They have tractors that are enabled with IoT. The data they’re collecting allows them to understand the soil quality and crop quality. But I’m sure the manufacturers are looking at that data from a global point of view and see, from a holistic view, what’s going on. That data is very valuable to the commodity markets.”
It could also be valuable to someone looking to make a quick buck.
“A bad guy could place money on the stock market, alter the integrity of that data and affect it, legitimizing his money,” Hart concluded.