When news broke of the Target breach in December 2013, it was a fitting precursor for what was to come in 2014. A Ponemon Institute survey released in September found that 43% of US companies had experienced a security breach in the past year. Big names were impacted, including eBay, American Express, JPMorgan Chase, and the Home Depot. And with the big names came big headlines. The rhythm of breaches, headlines, and reactions was unrelenting.
So that was 2014. And 2015 will likely be more of the same.
[For more on the Target attackers' tactics, check out: What Banks Can Learn from the Target Breach]
"It's hard to imagine that enough organizations will be able to fortify their defense over the next year to see a significant decrease in successful attacks," Colin McKinty, head of cyber security strategy at BAE Systems Applied Intelligence, told us.
The big question of 2015 isn't whether there will be just as many attacks, he said; it's whether organizations will start responding better. "Leadership teams at financial services organizations need to understand that today's approach for cyber security must be based on detection of attacks and preventing the criminals from leaving with key assets." That means investing in solutions that help detect and contain intrusions quickly. Last year, the mean time to detection for a data breach was eight months, Hewlett-Packard's security head Art Gilliland said in an interview with Fortune.
Ryan Wilk, director of customer success at NuData Security, said that, in addition to having a containment plan in place for a breach incident, banks need to get better at monitoring vulnerable access points. "For instance, look at VPN. Companies can use that, but it can be vulnerable. You're just putting access out there on the Internet. You need intel from that kind of access point to get visibility into unusual behavior."
Companies should also try to move away from an active directory type of access model in their own networks, Wilk said. The Target hackers were famously able to gain access to customer data and credit card credentials by acquiring admin credentials to the network active directory, allowing them to bypass firewalls and other security measures.
Organizations also need to get better at identifying whether users logging in really are who they say they are, Wilk said. That will require using multiple authentication methods and data points that can be applied depending on the risk involved in a certain login or activity.