Cyberattacks. Recent large-scale cyberattacks on Americans’ debit and credit cards, especially the breaches at Target and Neiman Marcus, have led cybersecurity experts to focus on EMV (Europay, MasterCard, and Visa) cards with integrated chips. Those payment methods may present new vulnerabilities in the payment card system.
Richard Henderson, security strategist at Fortinet, says that as the United States moves to chip-and-PIN technology for credit and debit cards, it will be interesting to see what methods hackers use to compromise them. He notes that a new trend in financial hacking will likely involve more malware that compromises two-factor authentication safeguards. Henderson notes that this malicious software pretends to be the institution that you are authenticating onto, but it is actually intercepting the two-factor authentication token meant for the user. The hackers then use that token to log in under the compromised credentials.
Experts also say a growing trend in cyberattacks is the method hackers used to get at Target’s networks, which was by stealing the credentials of a third-party vendor who had access to the retail giant’s network. “One thing that people are going to be talking about a lot this year is supply chain,” John Pirc, chief technology officer at NSS Labs, told Security Management.
Pirc pointed out that as larger companies acquire smaller ones, they should be vigilant about ensuring the security measures are in place throughout the entire supply chain. “When you start looking at a lot of these mergers and acquisitions, when a big 10,000-pound gorilla company acquires a startup…the adversary is going to target the little company, bury themselves in, then get connected. So I think you’re going to see more of that,” he said.
Finally, companies point to a growing awareness among all levels of the enterprise about the need for good cyber hygiene and basic user education. Businesses that are not traditional security companies are increasingly investing resources, both financial and human, in preventing cyberattacks, according to Cameron Camp, security researcher at ESET. He says that more companies have been hiring chief information security officers and chief intelligence offers to bridge the gap between IT departments and the C-suite. “They want to hear what IT has to say, whereas before it was just the guys keeping the gears running.”