Experian predicts 5 key data breach targets for 2021

The pandemic warfare will shift to vaccine supply chains, home networks, and data from telemedicine visits in the new year.

istock-1165968532.jpg

Image: iStock/Blue Planet Studio

Cybersecurity professionals should brace for pandemic warfare in 2021, according to a new report from Experian. Experian's eighth annual Data Breach Industry Forecast outlines five predictions for the data breach industry. None of the uncertainty and intensity of the cybersecurity threats of 2020 to ease up in the new year. 

SEE: Meet the hackers who earn millions for saving the web, one bug at a time (cover story PDF) (TechRepublic)

Michael Bruemmer, vice president of Data Breach Resolution and Consumer Protection at Experian, describes the coming year as a "cyber-demic." He credited the combined impact of  these three forces for creating these conditions:

  1. The ongoing coronavirus pandemic and remote work trend
  2. An increase in unsecure apps and devices
  3. Advances in threat vectors

"Hackers have new targets and they have new means of attacking the targets," Bruemmer said.

SEE: Social engineering: A cheat sheet for business professionals (free PDF) (TechRepublic)

Experian predicts that these will be the top five target for hackers and cybercriminals in 2021:

  • The COVID-19 vaccine rollout
  • Home networks
  • Contact tracing efforts
  • 5G networks
  • Personal healthcare data

Bruemmer said that this new focus on the vaccine is the latest front in the misinformation war about the virus. Experian's report described two prongs to this attack: Ongoing disinformation campaigns on social media and attacks on the supplies, supply chains, and cargo shipments. An early example of the second problem is IBM's Security X-Force recent report that a calculated cybercriminal operation is targeting companies in the coronavirus vaccine supply chain with phishing emails

Experion predicts even more anti-vaccination rhetoric and medical misinformation in 2021 which will create discord and chaos. Individuals should examine sources of information to reduce the impact of these attacks and organizations doing vaccine distribution should increase cybersecurity defenses. 

The report also predicts that cyber criminals will take advantage of contact tracing programs to steal personal information.

"They will exploit the API interface through that app to decompile the app and create fake apps," he said. "Social engineering will happen too because it will be easy for people to pretend to be contact tracers."

As many people are still working from home due to the pandemic, hackers will take advantage of this situation to target home networks with ransomware attacks, the report predicts. 

"We think what has happened in 2020 with ransomware and corporations now will happen with home devices," Bruemmer said.

As the report describes, "with control over home devices, doors, windows, and security systems, cybercriminals have the potential to hold an entire house hostage in exchange for money, information or even fame."

In 2021, hackers will take advantage of another dynamic of the pandemic: The increase in telemedicine. Health records are still the most lucrative data to steal and resell and many telemedicine services are not secure.

"In 2020, Experian serviced 5,000 total breaches and 36% were healthcare but with telehealth breaches their number of breachers was up over 90%," Bruemmer said. 

Bruemmer said many telemedicine services involve transferring PHI and PII over a network.

"All these should be encrypted and secure but they are not," he said. 

Finally, Experian predicts that the increase in 5G connectivity will bring a significant increase in  new threat vectors. Bruemmer said that the always-on nature of 5G connections and the overall increase in endpoints are the two biggest risk factors.

As the report states, "The proliferation of technologies embedded in our phones, cars, industrial controls and trusted institutions increases the potential of cyberattacks with the advent of 5G. The communication systems between devices and infrastructure present remote attack access for malicious hackers looking to exploit system vulnerabilities. Increased connectivity poses a considerable threat to the benefits promised by vehicles that can drive themselves, X-rays on demand, and lightning-fast cell-phone service."

Also see