Cyber predictions for 2015

Steve Weisman

Special to USA TODAY

As the great sage and Hall of Fame baseball player Yogi Berra once noted, "It's tough to make predictions, especially about the future," but as 2014 rapidly comes to a close and we leave the hackings of Home Depot, JPMorgan, Sony, Community Health Systems and many others in the rear-view mirror, we turn our attention to what 2015 will bring in regards to hacking, data breaches and identity theft.

Hackers won't be going away anytime soon, so get ready for a bumpy 2015.

Cognizant of the words of wisdom of the ancient Chinese philosopher Lao Tzu that "those who have knowledge, don't predict. Those who predict, don't have knowledge" I humbly offer my cyber predictions for 2015.

1. While hacks of major retail businesses will continue to occur with frightening regularity, it will be the health care industry that will be the source of many, if not most, major data breaches. Due to a perfect storm of vulnerability caused by large amounts of stored electronic data shared by many users within the health care system, the health care industry has become a major target for hacking, with the stolen personal information used for identity theft, including medical identity theft. The effects of that can be particularly harmful when an identity thief's medical records become mixed with the victim's medical records. The FBI has warned the health care industry that its cyber security is not presently sufficient to protect the information it stores.

2. As evidenced by the recent attack on Sony, companies are extremely vulnerable to hacking by nation states, criminal organizations or terrorists. The type of malware used to attack government agencies and major corporations is increasingly available to such groups who are showing a willingness to wreak havoc for purposes not restricted to financial gain.

3. A key element found in just about all major data breaches is that the malware necessary to harm the company or governmental agency is unwittingly downloaded. This is done through sophisticated phishing e-mails that appear to be legitimate and are specifically addressed to the employee or third-party contractor who is the weak link. Then it is exploited by luring that person into downloading the malware that brings about the hacking. These e-mails will continue to become more difficult to recognize in the upcoming year. Dealing with this type of phishing, called spear phishing or social engineering, and learning how to identify it must become an element of primary security for everyone, including individuals, companies and government agencies.

4. The Cloud will become even more broadly used by everyone for data storage and will consequently become a greater target for hackers and identity thieves. They will will focus their attention on hacking smartphones to gain the passwords necessary for access to the victims' information in the cloud. Greater use of dual-factor identification, and greater attention to smartphone security, including complex passwords, encryption and security software, will help us all increase security.

5. Just as in 2014 we learned of the Heartbleed and Shellshock computer vulnerabilities that had been present, but largely unrecognized, for years, so will we find that other long-standing vulnerabilities will be discovered and exploited by identity thieves and hackers. Part of the problem is that much of the development of new software is built upon open-source programming such as Open SSL that contained and most likely still contains vulnerabilities waiting to be exploited. Developers have got to do a better job of building in security and updating security to all programs.

6. Personal banking and other financial transactions will become increasingly mobile and consequently will become an increasing target of hackers and identity thieves. We can learn from the experience in Europe where mobile banking has been done longer and where hackers have been able to even defeat dual-factor identification programs used for enhanced security. A great source of the problem with smartphone security can be traced to malicious apps that are unwittingly downloaded. Limiting your sources for apps to legitimate vendors, such as Google App, can help limit your vulnerability.

7. Hacks of major retailers will increase in the months preceding October of 2015. That is the date that stores must switch to smart cards with computer chips that generate a unique number for every individual transaction. Although some stores, such as Walmart have already switched to smart card technology, many have not, and many people have not received new credit cards with computer chips to avail themselves of the protection provided by the new system. Security measures to eliminate the types of hacking done to Target, Home Depot and others have still not been sufficiently taken by many American companies.

8. Expect a repeat in 2015. As exposed recently by the security company FireEye, hackers were able to use spear-phishing techniques to gain access to pharmaceutical companies' computers, data and e-mails in order to gain information that they could use for purposes of profiting by insider trading using information not available to the public. We can well expect that this scenario will be repeated again and again in 2015.

So, there you have it. I didn't want to even get into threats involved with the Internet of Things and other possible cyber threats that may or may not materialize because, as Mark Twain said, "I've had a lot of worries in my life, most of which never happened."

Steve Weisman is a lawyer, a professor at Bentley University and one of the country's leading experts in scams and identity theft. He writes the blogwww.scamicide.com and his new book is Identity Theft Alert.

Featured Weekly Ad