All posts by Michael Bruemmer

When it comes to cybercriminals and threat vectors, we need to expect the unexpected. Experian’s 12th annual Data Breach Industry Forecast highlights several potential trends for 2025, with AI playing a central role. This year has already seen more data breaches and impacted consumers than 2023, indicating that global data breaches are not slowing down. Some things to watch out for next year includes the potential for more internal fraud. As companies train employees on AI, there is a growing risk that some will misuse their knowledge for internal theft and sourcing sensitive information. Another trend may be cyberattackers targeting large data centers, with the growth of generative AI introducing power as a new attack vector. It’s reported that a single ChatGPT query uses significantly more electricity than a standard Google search, making data centers and cloud infrastructure vulnerable, especially in countries with varying security standards. We expect AI-related attacks to dominate the headlines next year and investments in cybersecurity will increase to tackle this emerging threat, as hackers leverage AI for phishing, password cracking, malware, and deepfakes. Jim Steven, Head of Crisis and Data Response Services at Experian Global Data Breach Resolution in the UK, anticipates that global data breaches will persist at their current rate next year. He notes that ransomware attacks are likely to become even more sophisticated with the integration of AI. Additionally, Steven predicts that threat actors will escalate their tactics to achieve greater rewards, and the misuse of consumer data to damage reputations will increase in 2025. To access the complimentary report, click here.

In its 11th year, Experian's Data Breach Resolution group today released its annual Data Breach Industry Forecast for 2024. The report’s global outlook identifies potential moves cybercriminals near and far may take to penetrate organizations and cause chaos. The six predictions included offer commentary into the evolving landscape including the vulnerabilities in expansive data supply chains, what may be new targets, and the sophistication of cyber crews globally. A key reminder is that cybercriminals are working smarter not harder. Like many, they too are potentially leveraging modern tools like artificial intelligence. There may be sophisticated cybergangs operating like organized crime families. Also, hackers today could be backed by growing resources from nation-state sponsors. Their MO is not only stealing data to possibly sell on the dark web or deploy ransomware anymore. They can potentially reap benefits by disrupting economies or industries as we mention in our prediction, “No, not Mother Earth!” or use intellectual property as collateral or for personal gain outlined in the “Winning from the Inside” prediction, for example. There are always new ways of conducting “business” for cybercriminals. In the face of emerging cyber threats, organizations are urged to prioritize cybersecurity as a fundamental aspect of their operations. They should regularly update and reinforce security protocols, conduct thorough risk assessments, and invest in cutting-edge cybersecurity technologies. By staying vigilant and adopting a proactive cybersecurity stance, organizations can significantly mitigate the risks posed by the evolving tactics of cybercriminals in 2024 and beyond. Experian Global Data Breach Resolution offers international resources for companies impacted by a security incident and services include IdentityWorks℠ Global, multilingual call centers, and notifications covering more than 100 countries. Experian has also recently expanded capabilities to Japan, Taiwan and Thailand. To access the complimentary report, visit https://ex.pn/2024databreachindustryforecast.

There hasn’t been many world events that have occurred during my 25+ year career that have had such an impact on cybersecurity as the pandemic. As I reflect on the approximate one year mark since we first heard about COVID-19, it’s truly been one for the record books. This is not relative to numbers such as the amount of data breaches that have been caused by the pandemic, but more so because of the long term ramifications. The pandemic opened up many new cyber scams and threat vectors as well as more vulnerable targets due to rapid and – at times – rushed changes organizations had to undertake in order to respond. A good cyber review of 2020 can be found here. Now we are at a tipping point with societal and operational changes companies and cybersecurity professionals will need to grapple with for a long time. I addressed how some of these will affect 2021 in my annual Data Breach Industry Forecast. As we forge ahead, there are two key areas I see as major security concerns with long-term impact: Remote working is here to stay There is no turning back in how, and more importantly, where we do business. What that means is a larger workforce working from home, which spurs a number of concerns and vulnerabilities from a security standpoint. Businesses now have a much broader threat landscape to protect. Not only that, but families need to tighten their security hygiene as well for their personal devices since criminals know we are spending more time at home using these tools. I predict that operationally there will be new strategies to protect systems and a rethinking of best practices in addition to a flurry of new protection software and other technologies to better protect this at-home frontier. Companies will also need to create new trainings for its employees and find better defenses for social networking attacks like spear phishing. Healthcare will never be the same That line is an understatement. Unfortunately, cybercriminals will not take pity and leave the embattled industry alone. Medical information is very lucrative and thieves will continue to take advantage of healthcare organizations’ focus on the pandemic. But they must address security, especially with advancements here to stay such as telehealth. In fact, I envision that operationally we’ll see more third party data breaches as more providers engage outside suppliers for their digital offerings. Also, with increased digital visits there could be more patients visiting smaller clinics or diagnostic testing centers for further evaluations or tests, which opens up more roads where patients’ information is flowing back and forth. Organizations will need to shore up third party security protocols and expectations to try to prevent this type of data breach. We are only at the beginning of this journey to overcome unexpected challenges and manage new ways of conducting business. For more commentary and updates on the cyber-demic, follow my LinkedIn monthly digest.

There is no doubt data breaches have become a part of the Corporate and consumer consciousness. As data breaches have become more prevalent and companies are in need of assistance to prepare for and respond to a breach, industry analysts have taken notice of the experts in the marketplace like Experian. In its first report on data breach services, we are proud to have been named as a leader in The Forrester Wave™: Customer Data Breach Notification And Response Services, Q3 2015.

In the wake of some of the largest data breaches in history, which were specifically payment card breaches, we thought it would be insightful to take a closer look at how companies are dealing with the aftermath.

The growing prevalence of widely publicized data breaches is sparking a change in the attitudes of business leaders and consumers when it comes to cybersecurity. Board members and the C-suite can no longer ignore the drastic impact a data breach has on company reputation, and consumers are demanding more communication and remedies from businesses after a data breach occurs. As a result, the topic is a high priority facing businesses and regulators in 2015. The Experian Data Breach Resolution group serviced more than 3,000 breaches in 2014, the most in more than a decade of handling breach resolution. While our data breach services and identity protection products assist companies after a breach has occurred, our experience and insights help companies beforehand to plan and better protect their reputations in the aftermath.