A few day ago over at the CFO Net­work group on LinkedIn, Scott Ernst (VP at Wells Far­go Insur­ance Ser­vices) post­ed a link to an arti­cle by Michael Bruem­mer, VP of Exper­ian Data Breach Res­o­lu­tion. The arti­cle, based on Expe­ri­an’s annu­al Data Breach Indus­try Fore­cast, sum­ma­rizes five data breach trends busi­ness lead­ers need to be on the look­out for head­ing into 2016.

It’s worth a few min­utes to read the arti­cle, but in case you’re pressed for time, here’s Michael’s list:

1. The EMV Chip and PIN lia­bil­i­ty shift will not stop pay­ment breach­es.
2. Big health­care hacks will make the head­lines but small breach­es will cause the most dam­age.
3. Cyber con­flicts between coun­tries will leave con­sumers and busi­ness­es as col­lat­er­al dam­age.
4. 2016 U.S. pres­i­den­tial can­di­dates and cam­paigns will be attrac­tive hack­ing tar­gets.
5. Hack­tivism will make a come­back.

These trends make sense to me so I won’t be sur­prised to see them emerge over the com­ing year. And, Micheal’s right that the best way to pre­pare is to

update … response plans accord­ing­ly

Aside from the large expense of a data breach, orga­ni­za­tions also need to be ready for the most­ly suc­cess­ful attempts at steal­ing mon­ey via busi­ness email com­pro­mise (BEC), which exploits peo­ple and process more than tech­nol­o­gy. This tech­nique has result­ed in about $1.2 bil­lion stolen in just the last cou­ple of years world­wide. For one high pro­file exam­ple, see the sto­ry Bri­an Krebs pub­lished about the $46 mil­lion stolen from Ubiq­ui­ti Net­works in 2015.

The good news is all these risks can be sig­nif­i­cant­ly low­ered with a rea­son­able amount of effort. There are many good risk man­age­ment frame­works you could choose to help guide the work. Right now I real­ly like the NIST Cyber­se­cu­ri­ty Frame­work (CSF) which I’ve been using a lot late­ly.

What cyber­se­cu­ri­ty trends are you watch­ing?