Kroll Advisory Solutions has released its 2013 Cyber Security Forecast, spotlighting some of the pressing and perhaps unexpected privacy and security issues healthcare and other organizations may be grappling with in the coming year.

While last year’s vulnerabilities will continue to haunt organizations that have yet to evolve their policies and procedures – from encrypting data to regularly changing passwords – there are many threats waiting in the wings, according to Kroll, which lists some things to think about in 2013.

1. "Vampire data": Don't get bitten by data you didn't know you had. Data exists in countless locations and formats within an organization, and many providers might not even realize that data exists until a cyber attack or breach, according to Kroll, which refers to that situation as vampire data – it comes back out of nowhere to "drain the life" out of the organization. Examples include backup tapes and archiving that go back decades (even though they were scheduled to be destroyed); emails that should be destroyed after 90 days but exist indefinitely on employees’ desktops; and material that has been copied to portable or cloud storage without the organization’s consent or knowledge. Kroll officials suggest taking a data inventory, classifying it by confidentiality or sensitivity level, and then handling it accordingly; only allow users to access the data they need and provide employees with regular data handling training to avoid unnecessary data propagation or transmission.

2. Forensics: more important than ever in the wake of a breach. During its forensics investigations, Kroll sometimes has limited resources at its disposal, because many organizations aren’t properly logging or documenting their activities, officials say. That means providers could spend more money to discover whether the breach occurred and what was lost, and may wind up sending notifications based on reasonable assumption rather than concrete evidence of exposure. Luckily, Kroll sees attitudes toward documentation shifting as organizations come to understand the reputational and financial importance of forensics investigations. In the meantime, organizations should turn on their logs and make sure they are retained long enough to be useful, officials say. It's also helpful to perform a security assessment and train key employees in the basics of immediate breach response. Those employees who are most likely to be first responders in a breach should know how to respond without wiping out vital evidence needed to understand the incident, or if applicable, meet the requirements set by the cyber insurance policy carrier, according to Kroll.