CYBER & INFOSEC

"blogger, InfoSec specialist, super hero ... and all round good guy" 

DISCUSSIONS, CONCEPTS & TECHNOLOGIES FOR THE WORLD OF

JOIN THE DISCUSSION

The 5 Biggest Cybersecurity Threats of 5 Industries




Unaddressed cybersecurity threats can cause lost profits, regulatory fines and missed opportunities. Plus, as company leaders scramble to recover from attacks, making progress often takes weeks or months, severely disrupting business operations. If a cyberattack compromises customer data — as many do — the ramifications may include lost or damaged customer trust.


Various industries have an increased likelihood of experiencing specific kinds of cyberthreats. Here are the top five seen in five well-known sectors.


Health Care


Cybercriminals love wreaking the most havoc possible. They know that one of the most effective ways to do that is to attack health care, an industry where unexpected issues could cost patient lives.


1. Ransomware


When ransomware strikes a hospital, workers typically cannot access electronic patient data, lab reports, and other essentials. They often have no choice but to operate with pen-and-paper methods.


One cybersecurity agency predicted a five-fold increase in health care ransomware by this year. That’s worrying since ransomware was already a crippling issue long before now.


2. Phishing


Many cybercriminals capitalized on the urgency and desire for information surrounding COVID-19 when orchestrating their phishing efforts. Those attacks are seemingly ramping up even more during vaccine rollouts.


For example, one cybersecurity company logged a 189% increase in phishing attacks against hospitals and pharmacies from December 2020 to February 2021. There was also a 530% jump in vaccine-related phishing efforts during that same time.


3. Employee Errors


Health care is a high-pressure, fast-paced industry. The people who work in it often sacrifice sleep and remain under high stress. All these factors can combine to mean that workers make cybersecurity mistakes. Those could encompass sending an email to the wrong recipient or forgetting to log out of a secure portal before going to check on a patient.


4. DDoS Attacks


Distributed Denial of Service (DDoS) attacks occur when criminals use bots to flood an organization’s online infrastructure, effectively shutting it down with the barrage of activity.


One study revealed a staggering 2.9 million DDoS attacks during the first quarter of 2021 alone. Those harmed numerous industries, but researchers confirmed that health care has been at ongoing elevated risk for targeting


5. Business Email Compromise


A business email compromise (BEC) attack is a more targeted phishing effort where cybercriminals typically target only a few victims who have the information they want, posing as someone the victim knows and trusts.


In a case study mentioned in a federal government presentation, one BEC attack on a nursing home resulted in a person sending 600 patient records to an attacker. The estimated worth of that mistake may have been more than $600,000.


Manufacturing


Today’s manufacturers are increasingly dependent on the internet. That reliance can cause problems if companies don’t follow cybersecurity best practices.


1. IIoT Attacks


Manufacturing brands often use Industrial Internet of Things (IIoT) software to make assets like robots, packaging machines, and conveyor belts communicate. This approach streamlines the workflow. However, there’s an increasing cybersecurity threat to industrial control systems (ICS). Such attacks could disrupt production and cause injuries or fatalities.


2. Ransomware


Cybercriminals know that unexpected shutdowns can cause disastrous effects for manufacturers. Thus, they often plan ransomware attacks that shut victims out of their systems and hinder operations.


3. Spam/Malware


Spam messages often contain malware. Even if they don’t have dangerous attachments or links, spam can severely disrupt manufacturing operations. The IT team at one South African manufacturing plant took up to 90 minutes to sort through 12,000 spam messages daily.


However, manufacturing professionals can stay safer by taking care when clicking on message content. Unexpected links or attachments could contain content that harms a network.


4. Phishing


The manufacturing industry is not alone in its battle against phishing. However, a 2020 study showed manufacturing was the industry chosen most often for phishing attempts, getting targeted in 38.6% of attacks.


5. Outdated Operating Systems


Running obsolete operating systems at a manufacturing plant creates cybersecurity threats. That’s typical because the operating systems no longer receive security updates that patch known vulnerabilities and provide users with more robust cybersecurity features.


Retail


Retailers handle vast amounts of customer data — including, most notably, payment details. Thus, the retail sector is one of the most at-risk sectors for cybersecurity issues.

1. POS Attacks


Point-of-sale (POS) systems are crucial for helping retailers log transactions and interact with customers. However, an unsecured system can become a customer data gold mine.


2. Card-Not-Present (CNP) Fraud


As you might guess from the name, card-not-present fraud happens when criminals try to buy things from retailers while using payment details from cards they don’t possess.


Some of those transactions occur over the phone, but most occur online. There’s also another internet-related link since the people who have the payment details often got them via a data breach or on the dark web.


3. Insufficient Wi-Fi Security


Many retailers find that Wi-Fi is instrumental in their work, whether they’re checking stock levels for a customer or going through a mandatory online training module. However, poor Wi-Fi security can be a significant business threat.


In one instance involving apparel and home goods retailer, hackers capitalized on weak security for a Wi-Fi network. That attack allowed them to access an unencrypted central database that included credit card numbers.


4. Domain Spoofing


This kind of attack happens when criminals build a fake website to impersonate a real one. Such efforts rose during the early days of the coronavirus pandemic, especially as people rushed to buy masks, hand sanitizer, and other essentials.


It also becomes more common during the holiday season as customers try to find and secure great details. One straightforward way to avoid domain spoofing trickery is to always type a retailer’s URL directly into the address bar rather than clicking on a link.


5. Website Plug-In Vulnerabilities


Retailers commonly use plug-ins to boost site functionality. However, hackers regularly aim to exploit weaknesses in those widely used extras.


In one 2019 attack, hackers targeted a plug-in that helps retailers price their products and offer customer discounts. More than 30,000 websites had the tool installed on them.


Government


When you think about the sheer amount of data held by the world’s government agencies, it’s no surprise that people with malicious intentions frequently target it.


1. Ransomware


Ransomware is an ever-growing threat for the government sector, too. In one recent attack, a group claimed to steal 250 GB worth of data from the Washington, D.C. police department, threatening to leak it unless they received payment.


2. Phishing


Some phishing scams directly target government officials, urging them to provide sensitive details. However, a related problem is that people who orchestrate phishing attacks often pose as government bodies. Thus, organizations such as the Internal Revenue Service regularly warn the public that its representatives never communicate through email.


3. Foreign Interference


Some government cybersecurity threats happen because people operating on behalf of other countries want to wreak havoc. For example, at the end of 2020, Russian hackers compromised several U.S. government entities, including the Commerce and Treasury departments.


4. DDoS Attacks


The hackers who set off DDoS attacks don’t always solely target government bodies. The trouble is that cybercriminals often set their sights on major internet service providers. Then, government departments fall victim, as well as consumers, businesses and virtually anyone else who goes online.


During a recent DDoS attack in Belgium, the issue disrupted the country’s Parliament gatherings and some law enforcement agencies.


5. BEC Attacks


Officials at the Federal Bureau of Investigation (FBI) have tracked a steady increase in BEC attacks against state, local tribal, and territorial governments. Statistics collected from 2018 to 2020 showed that the losses from such events ranged from $10,000 to $4 million.


Higher Education


Many entities in the higher education sector became more dependent on the internet than ever recently due to the COVID-19 pandemic interfering with in-person classes. Cybercriminals took notice of that shift and used it to their advantage.


1. Ransomware


The higher education industry often gets targeted with emerging types of ransomware, such as the PYSA type, which federal cybersecurity experts became aware of in March 2020. The education sector, like some other industries, often deals with double extortion. In such cases, criminals encrypt data plus threaten to leak it unless victims pay the requested amount.


2. Data Breaches


Data breaches happen through both malicious and unintentional actions and can cause immense damage. They’re not just problematic for universities in the United States, either. A 2020 survey of higher education institutions in the United Kingdom showed that 54% had at least one data breach in the past year.


3. Phishing


Many phishing-related cybersecurity threats affect higher education entities, too. A recent study showed that hackers are most interested in engineering phishing attacks that target cloud data. More specifically, 60% of phishing emails sent to higher education parties concerned information stored in the cloud.


4.SQL Injection Attacks


SQL injection attacks happen when cybercriminals insert malicious code into database-driven applications. In 2020, an Italian hacktivist collective targeted three universities, accessing more than two-dozen databases.


Those responsible claimed that they carried out the attacks to draw attention to the importance of cybersecurity in today’s society.


5. Poor Vendor Vetting


Higher education institutions often rely on third-party organizations to fill some of their technology gaps. Perhaps that means paying an outside service provider to build a new student portal or give access to an e-learning platform.


In any case, cybersecurity threats can emerge when decision-makers at colleges and universities don’t take the time to thoroughly vet the companies that get their business. If those organizations have poor or non-existent cybersecurity, their customers often experience related adverse effects.


Proactive Behavior Helps Reduce Cybersecurity Threats


There’s no single, guaranteed way for organizations to stay protected against all potential cyberattacks. However, an ongoing commitment to internet security best practices goes a long way.


Seemingly simple behaviors such as setting unique passwords and changing them frequently reduce a hacker’s reach if they break into a system. Plus, reporting suspicious emails and links can help IT experts highlight any concerning patterns that could threaten a company. No matter a company’s size or type, cybersecurity is a team effort.