Thinking “it won’t happen to us” is one of the biggest mistakes a business can make when it comes to cybersecurity. Every organization is at risk of a data breach, systems hack, malware or ransomware attack, or the cybercriminal illicitly accessing their network’s processing power.
Yet for the high-target industries, we’ll talk about below, there are an even higher risk profile and specific types of threats that businesses within these industries need to prepare for and protect against.
Top Target Industries For Cyber Attack
From 2014 through the first half of 2018, the greatest number of data breaches affected business and medical/healthcare organizations.
Per Statista, in the first half of 2018, the majority (309) of the 688 reported breaches impacted business while 181 hit medical/healthcare organizations. Banking, credit, and financial organizations rounded out the top three (84 breaches) with government/military completing the five top targets with 49 and 45 breaches respectively.
Energy and utilities are also another trending target, so this article will examine the types of threats for each of these six areas.
This is a broad catch-all category, so no wonder it represents the majority of threats.
Consider e-commerce/retail, for instance. These companies are threatened through omni-channel access and supply chain networking, which hold a large collection of personal and financial data. Meanwhile, small businesses are also at risk. While enterprise-level organizations typically have the infrastructure in place to thwart cyber attacks, small-scale companies may lack the resources for cybersecurity or not prioritize this expense. Yet, in April 2017, it was reported that approximately 14 million small businesses had been hacked over the preceding 12 months.
This information-intensive industry is a frequent target for its stores of data. Health care and medical organizations access and store electronic healthcare records, which contain large amounts of personal information as well as financial details. The WannaCry ransomware attack, for instance, devastated operations at Britain’s National Health Service (NHS) and negatively impacted patient care.
This industry’s strict compliance standards aim to detect any exploitable vulnerabilities, but healthcare entities need to have their networks and systems locked down to facilitate HIPAA compliance and protect electronic protected health information (ePHI).
This industry is a prime target for obvious reasons. After all, these organizations deal in what attackers want most — money and personal information.
In a 2016 survey, Accenture found that 78% of financial institutions were confident in their cybersecurity strategies, yet 1 of every 3 is successfully attacked (at an average of 85 breach attempts per year).
The FDIC requires penetration testing for financial institution compliance. Banks, credit unions, and other financial institutions must ensure security and confidentiality of customer information, put controls in place to prevent illicit access of information, and make sure customer and consumer information are properly disposed of.
Government and military security breaches tend to be high-profile, so this industry’s presence in this blog is unlikely to surprise. This sector is targeted by:
- Foreign powers trying to spy upon or negatively impact a global competitor
- Hacktivists looking to make a political statement
- Cybercriminals seeking to monetize the abundant personal information in federal, state, and local databases.
The Department of Defense in Sept 2018 released its cyber strategy addressing the need to “ensure the U.S. military’s ability to fight and win wars in any domain, including cyberspace,” as well as “preempt, defeat or deter malicious cyber activity targeting U.S. critical infrastructure that could cause a significant cyber incident.”
Educational institutions are targeted for several reasons:
- Valuable intellectual property from campus research
- Student and employee personal information
- Computer processing power.
Additionally, higher education institutions have great turnover in their population, which can result in poor password protections and susceptibility to social engineering.
Between 2005 and 2015, higher education was one of the highest hit with a total of 539 breaches involving nearly 13 million records. Then, in a later Gemalto report, the number of lost, stolen or compromised data records was up 164 percent in the first six months of 2017 compared to the last half of 2016.
The energy and utility sector faces its own particular concerns. Though highly regulated and subject to tough compliance laws (such as NERC), there is great potential for hacktivism and cyberterrorism. They usually have equipment separated by miles of empty space, and motivated hackers can cause widespread power outages undermining critical defense infrastructure and risking the health and safety of millions of citizens.
After all, it is the energy grid and utilities that power, literally, our economy and everyday lives. A known national security priority, this area is also at risk of malware infections of the many mobile connections (web, mobile, and network security is critical). At the same time, backup restoration services are important too.
On This List? Here’s How RedTeam Can Help
Ultimately, hackers don’t target specific industries as much as specific vulnerabilities. With virtually every industry facing some level of risk, smart first steps are to perform regular software updates, enable two-factor authentication, perform regular backups of company data, create strong passwords, and maintain quality antivirus software.
You can also learn more about threats and vulnerabilities in your organization with penetration testing. It’s an invaluable tool to detect holes in your security defenses and take follow-up action to mitigate them. You can learn more about penetration testing here, or click the button below to get a customized penetration testing quote for your organization just by answering a few easy questions.
10-Point Offensive Security Checklist
Get A Bird's Eye View Of Your Organization's Security Readiness