The State of Cybersecurity In 5 Key Industries
Updated: Sep 4, 2020
By Beata Estrada
Last year was a rough time for cybersecurity, with Dark Reading highlighting more than 5,000 data breaches and 7.9 billion records exposed. Compared to 2018, the numbers showed a 33% increase in criminal activity. Most of these breaches were a consequence of the public’s gradual shift to becoming completely digital. And while the convenience of tech developments like cloud storage, social media, and e-commerce is undisputed, it has also opened up new risks like never before. For one, a wealth of sensitive data may only be a few clicks away from landing in the wrong hands.
Between human error and the growing number of malware threats, companies have every reason to up their security. As such, it is no surprise that Maryville University found that the demand for cybersecurity experts doubled between 2013 to 2019. Moreover, the industry is growing three times faster than any other IT role on the market—and it will only keep growing as more companies take their businesses online.
Even though all companies can be at risk of a breach, hackers like to target certain industries more than others. These are usually ones that involve finances and personal information, such as banking and healthcare.
So what exactly is the state of cybersecurity in this day and age? Let's take a look at these five key industries.
While the utility sector isn't the first thing to come to mind when you think of cyber attacks, it shouldn't be overlooked. In fact, just last September, a group of hackers was reported to have breached a US energy company as they attempted to sell access to ransomware operators. The ruse was stopped before it could escalate, but it shows how some attackers don't just want to steal data but cause maximum disruption. After all, energy grids, pipes, and power lines are literally the backbone of any neighborhood, which means a lot of people will suffer in the event of a hack.
The Government Accountability Office (GAO) released a report last year that detailed the current state of cybersecurity in the utility sector, with extra focus on the energy grid since it's the most susceptible. Part of the report talks about how hackers usually sneak into electricity mainframes, through pathways like the Internet of Things (IoT)-connected devices and GPS.
While it's possible to mask access to energy grids from these systems, it's not feasible to completely remove them. Therefore, the GAO simply recommends that utility providers remain vigilant by monitoring access to the systems in real-time. Doing so could help them spot malicious IP addresses, for instance, so that they can trace the anomalies before they can do real damage.
Anyone who wants big money knows to target the source of it. Because of this, banks have become a popular target of spyware throughout the years, one of the most recent—and arguably the biggest—incident being the attack on Capital One last year. Paige Thompson, a former Amazon software engineer, infiltrated the bank servers and managed to steal data from 100 million clients in the United States alone.
Among all industries, nobody has embraced cloud migration more than banks. In fact, a survey conducted by Accenture found that 97% of banks have considered or are using public cloud services to support their day-to-day operations. After all, by moving the front-end system to the cloud, financial institutions will have the opportunity to scale at a moment’s notice. Plus, they will have access to the cloud's many in-house services. However, this also means that they're the most susceptible to cloud attacks, similar to what happened to Capital One. Again, the cloud itself is safe—institutions just need to be able to regulate who has access to it. This includes monitoring the people who work for the bank's cloud service (which was the case of Thompson) and restricting the number of people who have access to them.
From the moment of birth, every registered citizen has a record stored in one or more medical institutions. Unfortunately, information has become a valuable asset on the black market, which makes healthcare organizations a primary victim of ransomware. Last year, there were two notable cases of ransomware in the industry: the breach on the Columbia Surgical Specialist of Spokane (which involved over 400,000 patient information), and the attack on the Wolverine Solutions Group (which affected more than 600,000 clients).
In response, the Department of Health and Human Services and Office for Civil Rights urged institutions to periodically test their security incident procedures to ensure its effectiveness, as well as maintain cloud and offline backups of patient records. That way, healthcare companies are nott obligated to pay the ransomer. Hackers get smarter with their malware every year, so it's vital for healthcare institutions to stay on top of the latest security tactics.
Schools didn't use to be common targets, but that was before hackers discovered how easy it was to breach them. Sadly, a study by EdTech lists educational institutions as one of the least secure industries in the world. After all, they're mandated to disseminate information to their faculty, staff, and students—so there are plenty of backdoors that potential attackers can sneak into. A prime example of this is last year's security breach at Florida Keys Community College when hackers managed to enter the system via an unprotected employee email. Now, a counter-method being imposed is to limit individuals' access to just the data they need to do their job.
Still, this does nott resolve the cybersecurity issue the entire sector is facing. And with so many devices that need access to its mainframe, schools simply don’t have the means to deal with so many backdoors. Instead of patching the overall security infrastructure, schools should focus on the security of the devices connected to it. One way to do this is by installing a virtual private network on every device or replacing critical applications that are no longer being updated for security.
Retail has always been a huge target for money laundering and theft, simply because of the sheer amount of card transactions people do every day. BriansClub, one of the largest organizations that buy stolen credit card data, was found to have received more than 8 million card records in 2019 alone—all from online and brick-and-mortar retailers. In December 2019, convenience store chain Wawa also admitted to a security breach, which potentially exposed over 30 million sets of payment records. The investigation is still ongoing but an article on CBS News claims that it could potentially be the biggest credit card breach of all time if proven true.
We're slowly moving into an era of cashless transactions, so it's impossible to just stop retailers from offering card payments altogether. Now, retailers like Louis Vuitton are combatting this by outsourcing their payments. This way, they don't have to store the card holder’s information. Even if there was a breach, hackers would come out empty-handed. While there's still the risk of having to trust a third-party service provider with sensitive information, that's what regulatory boards like the International Organization for Standardization and the National Institute for Standards in Technology are for. So long as the payment provider has certifications from reputable institutions, the chances of becoming a target are slim.
No industry is truly safe from these attacks, but making the necessary precautions can lessen your chances of becoming another statistic. On top of this, taking advantage of technological developments (like Artificial Intelligence and security software) and employing the proper talent are necessary investments.