Industries Hit Hardest From Cyber Attacks

Cybercrime is increasing across the board. Yet for a variety of reasons, the heat is more intense for some sectors. Finance and government organisations are obvious examples. Retailers are also heavily targeted, especially since businesses collect far more than our payment details nowadays.

Sectors who previously saw low rates of cybercrime are also beginning to see a spike in incidents. Data security is emerging as one of supply chain and manufacturing’s top concerns, the attack vector spreading with every system that goes online.

Eventually, cybersecurity is going to be a challenge for nearly every business. If you’re in a highly targeted field, reactive countermeasures will no longer be enough. Below are today’s hardest hit sectors and what their vulnerabilities are teaching us about cybersecurity.

Government Agencies: Strengthen Links

Cybersecurity is a risk for nearly every industry. But for government agencies, the stakes are higher. Agencies hold far more user data than any sector. And then there’s confidential information that could cripple national systems and endanger citizens should it be stolen.

Criminals that go after government agencies also aren’t your typical breed of hackers. Because attacks are politically motivated, these people are often backed by powerful entities. In 2018, the UK revealed that a Chinese state-funded group was behind a series of cyberespionage attacks–the first time the National Cyber Security Centre publicly assigned responsibility for a cyber attack to China.

Departments that invest limited funding into cybersecurity are weak links, allowing bad actors to use them as gateways into the network. According to data, there are gaps across a number of sectors. Most–such as energy, food, and communications–are critical to day-to-day living.

When attacks can come from everywhere, defence becomes a collective effort. Part of the response against evolving threats, according to the National Cyber Security Strategy, will be a focus towards helping councils “protect their systems and citizens’ personal data”.

Operators in critical infrastructure will also have to re-assess MSPs they work with. As threat actors are exploiting partner vulnerabilities, it’s going to be necessary to re-evaluate systems and implement containment measures that mitigate risk coming from third-party access.

SMEs: Find Partners Who Can Adapt

When it comes to cyberattacks, it’s often high profile names that hit the news. British Airways made headlines in 2018 after being hit with a breach that exposed the credit card data of 380,000 people. Earlier this year all eyes were on Advanced, a service provider for the NHS, after an attack crippled a number of emergency services.

In contrast, the data breach of a local corner store may not have as widespread an effect–unless it’s compounded across thousands of businesses. And that’s exactly what’s happening. Forty-three percent of all cyberattacks are made against small businesses.

What makes the small corner shop over at your local High Street more appealing than bigger targets? They have fewer–if any–defences in place. Fewer than half of employees have received cybersecurity training within the last two years. Around a third of businesses have no cybersecurity programme in place.

When asked about the lack of preparation, many businesses state cost to be the main hurdle between them and proper security measures. They can neither afford the systems nor the specialists. The industry has to address this gap with flexible and scalable services that can be adjusted to individual budgets and needs.

Healthcare: Train From The Ground Up

Unlike tech companies and other highly targeted institutions, healthcare organisations are woefully behind on cybersecurity practices. More than half of medical devices still use legacy systems that are no longer supported with patches. A hospital can be running software from hundreds of different vendors on their network, opening numerous gaps criminals can exploit.

Effects are usually devastating when one slips through the cracks. Healthcare companies have the highest cost of recovery at around $10 million, according to IBM’s Cost of Data Breaches Report 2022. They’re also more likely to pay ransomware because patient lives come before everything else–a tendency that criminals know how to put pressure on.

With ransomware being a top threat for healthcare organisations, employee training is crucial. Raising awareness and teaching staff to identify suspicious email is a start. “It really is a lot of times about the basics,” says Kevin Tambascio, cybersecurity manager at Cleveland Clinic.

Working with vendors who practise good cyber hygiene is another way to modernise security systems in healthcare. The biggest breaches of recent years saw criminals moving laterally, using MSPs to breach hospital networks. Talk to your vendors about threats, what’s being done to protect your data, and contingency plans in the event of an attack.

Retail: Control Access To Sensitive Data

In the world of retail, cash has lost its crown. Last year, nearly every shopper used some form of contactless payment. Seventy-seven percent of Gen Z shoppers feel secure enough to leave their wallets at home altogether.

But with this shift to a cashless mindset comes a greater sensitivity to security risks and dangers. More than half of online shoppers will abandon their carts if they feel a shop can’t be trusted to protect their confidential data. 

Figures show that customers are right to be wary. Attacks on retailers have tripled between July 2021 and July 2022, with criminals pouncing on shoppers who have no choice but to buy essentials online. The average victim loses a staggering £8,775 to credit card fraud.

It’s clear that cybersecurity is no longer only nice to have, but an important competitive edge. Retailers can improve their defences by keeping software updated. Brands should also tighten access controls for their employees. Not everyone needs permissions to customer databases. Adopting a Principle of Least Privilege (LPoP) approach can help restrict the information criminals gain in the event of a breach.

In some sectors, the question is when you’re going to be targeted, not if. A proactive stance will be necessary to minimise and contain damage. Evolvit can help reassess your readiness against common threats in your industry. Book a free consultation today.