By: Nicole For cybersecurity experts and analysts, 2014 was the year data breaches became a personal threat. With the loss of 56 million records in the Home Depot point-of-sale system breach and more security attacks reported than any ever before (a total of 783 for the year), data breaches were elevated from a potential threat to a distinct possibility for many companies. Despite increased cybersecurity awareness in 2015, the past year saw an upswing in healthcare industry breaches, including those at Anthem and Premera. This summer, we also saw the Office of Personnel Management (OPM) lose the records of more than 21.5 million federal employees and family members. As we move into 2016, how can public and private organizations learn from the past few years of detrimental security breaches and better protect their data, their employees and their overall well-being? Below are a few takeaways from the Metis cybersecurity team. 1. Know that old-school security tactics can no longer fully protect data. For years, antivirus (AV) solutions were hailed as the save-all solution for organizations trying to defend against data breaches, but hackers have gotten smarter and their tactics have changed. According to a study conducted by Lastline Labs, antivirus scanners are only able to detect 51 percent of malware samples, leading major enterprises like Netflix to announce that they have canned their AV solutions entirely. With a major organization like Netflix supporting the “no AV” trend, it can only be expected that other major technology companies follow suit. 2. Use behavioral patterns to identify security breach warning signs. Enterprises that want to stay ahead of hackers in 2016 aren’t going to worry about the thousands of new malware strains created each day – instead, they will be looking for warning signs of a breach. Gartner is predicting an uptick in the use of behavioral analytics technology to identify users’ anomalous behaviors within a network. More often than not, early detection of suspicious activities and log data points to a hacker using compromised credentials to move through a network. As organizations begin to supplement their security staff with behavior analytics technology, hackers will be more readily identified. Hackers, of course, aren’t the only threat to a network. Malicious insiders, known as insider threats, often leave warning signs of a breach before they disclose confidential data. Monitoring file activity and employees relationships to certain data is the best way for organizations to detect an insider threat before it is too late. When it comes to protecting data, keeping a consistent watch on which employees are touching which files can save organizations from compromising critical information. 3. Recognize how to use DDoS attacks to your advantage. A recent Cybersecurity Ventures report noted that distributed denial of service (DDoS) attacks are often the “first wave” of attacks before hackers breach a network using malware or phishing schemes. This smoke-and-mirrors approach distracts security teams with the DDoS attack while data is being compromised. Moving forward, more organizations will be prepared to monitor and mitigate DDoS attacks while keeping a watchful eye on the rest of the network’s security posture. By staying ahead of hackers and diligently watching for the warning signs of a breach, organizations can avoid a massive cyberattack. We’ll keep an eye on which organizations are best protecting themselves in 2016 and which haven’t adapted to the new age of cybersecurity protection.