Thinking "it won't happen to us" is one of the biggest mistakes a business can make regarding cybersecurity. Every organization is at risk of a data breach, systems hack, malware or ransomware attack, or cybercriminals illicitly accessing their network's processing power.
Yet, for the high-target industries we'll talk about below, there is an even higher risk profile and specific types of threats that businesses within these industries need to prepare for and protect against.
From 2014 through the first half of 2018, the greatest number of data breaches affected businesses and medical/healthcare organizations.
Per Statista, in the first half of 2018, the majority (309) of the 688 reported breaches impacted business, while 181 hit medical/healthcare organizations. Banking, credit, and financial organizations rounded out the top three (84 breaches), with government/military completing the five top targets with 49 and 45 breaches, respectively.
Energy and utilities are also trending targets. This article will examine the types of threats for each of these six areas, which are:
This is a broad catch-all category, so no wonder it represents the majority of threats. Consider e-commerce/retail, for instance. These companies are threatened through omnichannel access and supply chain networking, which hold extensive personal and financial data. Meanwhile, small businesses are also at risk. While enterprise-level organizations typically have the infrastructure to thwart cyberattacks, small-scale companies may need more resources for cybersecurity or prioritize this expense. Yet, in April 2017, it was reported that approximately 14 million small businesses had been hacked over the preceding 12 months.
This information-intensive industry is a frequent target for its stores of data. Health care and medical organizations access and store electronic healthcare records, which contain large amounts of personal information as well as financial details. The WannaCry ransomware attack, for instance, devastating operations at Britain's National Health Service (NHS) and negatively impacted patient care.
This industry's strict compliance standards aim to detect any exploitable vulnerabilities. Still, healthcare entities must lock down their networks and systems to facilitate HIPAA compliance and protect electronically protected health information (ePHI).
This industry is a prime target for obvious reasons. After all, these organizations deal in what attackers want most — money and personal information.
In a 2016 survey, Accenture found that 78% of financial institutions were confident in their cybersecurity strategies. Yet, one of every three is successfully attacked (averaging 85 breach attempts per year).
The FDIC requires penetration testing for financial institution compliance. Banks, credit unions, and other financial institutions must ensure the security and confidentiality of customer information, put controls in place to prevent illicit access to information, and ensure customer and consumer information is correctly disposed of.
Government and military security breaches tend to be high-profile, so this industry's presence in this blog is unlikely to surprise. This sector is targeted by:
The Department of Defense in Sept 2018 released its cyber strategy addressing the need to "ensure the U.S. military's ability to fight and win wars in any domain, including cyberspace," as well as "preempt, defeat or deter malicious cyber activity targeting U.S. critical infrastructure that could cause a significant cyber incident."
Educational institutions are targeted for several reasons:
Additionally, higher education institutions have a high turnover in their population, which can result in poor password protection and susceptibility to social engineering.
Between 2005 and 2015, higher education was one of the highest hits, with 539 breaches involving nearly 13 million records. Then, in a later Gemalto report, the number of lost, stolen, or compromised data records were up 164 percent in the first six months of 2017 compared to the last half of 2016.
The energy and utility sector faces particular concerns. Though highly regulated and subject to strict compliance laws (such as NERC), there is a strong potential for hacktivism and cyberterrorism. They usually have equipment separated by miles of empty space, and motivated hackers can cause widespread power outages undermining critical defense infrastructure and risking the health and safety of millions of citizens.
After all, it is the energy grid and utilities that power, literally, our economy and everyday lives. A known national security priority, this area is also at risk of malware infections of the many mobile connections (web, mobile, and network security is critical). At the same time, backup restoration services are essential too.
Ultimately, hackers target specific industries less than specific vulnerabilities. With virtually every industry facing some risk, innovative first steps are to perform regular software updates, enable two-factor authentication, perform regular company data backups, create strong passwords, and maintain quality antivirus software.
You can also learn more about threats and vulnerabilities in your organization with penetration testing. It's invaluable for detecting holes in your security defenses and taking follow-up action to mitigate them. You can learn more about penetration testing here, or click the button below to get a customized penetration testing quote for your organization just by answering a few easy questions.