2014 was a landmark year for data breaches, 2015 could be even more significant, says Schneider, former international president and CEO of the Armed Forces Communications and Electronics Association.
Schneider predicts four notable milestones will impact cybersecurity in 2015:
More breaches. At an October cybersecurity event cohosted by the U.S. Secret Service, the FBI and the Financial Services Roundtable, officials reported that hackers have stolen more than 500 million financial records in the last year. But that was just the beginning, Schneider says. Joseph Demarest, Jr., assistant director of the FBI's cyber division, made a blunt prediction to event attendees: "You're going to be hacked." Schneider agrees: "It's not a matter of whether, but when."
The EMV chip credit card rollout. In an attempt to stem credit card fraud, U.S. issuers are replacing traditional cards with the EMV chip-enabled cards already in use in Europe and around the world. The majority will be shipped to consumers ahead of the October 2015 deadline when retailers and card issuers could become liable for credit card fraud losses if they don't upgrade to the new system. While the EMV rollout may cut down on card counterfeiting, it only treats a symptom, not the disease itself.
Working to remove human error and criminal intentions. Many of the notable breaches in 2014 happened because the wrong people had too much access to private data, Schneider says. In most enterprises, effective rights management and access controls are lacking and not integrated with existing systems, which is a major issue since up to a third of cyber-crimes are committed by insiders. According to Schneider, one of the most effective methods of fixing the system will be to lock the human element out of security systems.
Diminishing the role of the password. Schneider predicts that professional cybercriminals will continue to get smarter, but thankfully, so will security technology and processes. He points to the importance of creating an unbroken chain of trust between the user and the enterprise in order to remove any holes for a cybercriminal to exploit. "An essential way to close the gaps is to remove our over-reliance on passwords," Schneider says. To that end, enterprise security is moving toward biometrically enabled credentials for each user – a retinal scan, fingerprint, facial recognition or voice print for every access session.