Due to the free availability of huge amounts of data on the internet, it has become easier for hackers to procure information, be it for identity thefts or for advanced targets over the Dark Web. Cyber criminals work tirelessly to breach systems in a variety of verticals, and it shows in a report tallied by the Identity Theft Resource Center with exposure of more than 169 million records. In reality, criminals are more likely to target a facility that will give them a suitable reward for the amount of risks they are taking.
This being said, there are certain industries and verticals that are more prone to be victimized by cyber attackers than others by nature of the potential value of the data and other digital assets in their protection. In general, any organization that collects personal information in high volume is a potentially high price target. Though, there can be seen a common thread that runs through the industries which are most targeted for cyber fraud is that they are more likely to transact business with repeat or regular customers, giving them greater access to their customer’s personal information. Below are the top targeted industries that are more susceptible to cyber-attack.
Banks and Financial Services Companies
If there is one reason any organization can get attacked, it is for money. Hence, financial sectors are highly targeted for obvious reasons. In addition to safeguarding money, financial institutions must also protect personally identifiable information. Lost portable devices and other insider threats were some of the main sources of data breaches. It highlights the need for stronger enforcement policies to keep sensitive information secure.
Common methods to hack through any financial institution is to use malware and phishing techniques. Phishing techniques are used to get leverage over a customer to unwittingly expose their login information for an online banking account. Alternatively, hackers might go straight for the source. With mounting risks of cyber threats against financial institutions, organizations in this industry must do everything they can, to eliminate the risk of internal problems that could lead to a data breach.
Educational records are the sought-after loot, especially at the college and university levels. Many of these records contain, personally identifiable information, including contact information, Social Security numbers and more.
The prominent type of cyber threat to education involves hacking and malware. Given the access to any number of websites to students, staff, and faculty, it is not surprising. They might access their personal emails, update social media, shop online and even download music and other files. This also explains unintentional exposure as the second most prominent cause of data breaches in education. A teacher or a billing officer can forget to terminate a session while logging out, which will render personally identifiable information of any student vulnerable to hacking.
Though, there is a likely decline in hacking activities in this sector, as hackers look forward to a hefty payday which is leading them towards more probable industry sectors.
It is one of the most highly targeted industry for data breaches. Hackers go after health care hard, and they will use a variety of tactics to plunder protected health information and other personally identifiable data. Health care records include extremely valuable personal information, including social security numbers, insurance IDs, and credit card and other payment information.
In 2015, a large scale data breach was executed against Anthem, a health insurance provider, which resulted in a theft of approximately 80 million customer’s personal information. It was later found out that criminals created a fake domain, mimicking that of Anthem’s web portal, and through which they managed to get employee passwords and login information. It was a very clever phishing scam that was the worst data breach of the year.
Nevertheless, when it comes to the theft of health care records, the loss of portable devices represents the biggest threat to sensitive information. As mobile devices are developing over time, health care organizations have their work cut out, ensuring an iron cloud cyber security.
It is understandable that there are plenty of parties that could benefit from breaching government cyber security – foreign nation-states, militant groups, crime rings and much more. Hence it is somewhat alarming that, unintended exposure and loss of portable devices are the major reasons behind government-related data breaches. According to a report, the Department of Homeland Security was guilty of running multiple unpatched databases because personnel had not been appointed to the task. Hence, it is vital that such incidents be prevented. Even the simplest mistake on the part of government officials can lead a hacker into the system.
Airlines were an early adopter of loyalty point programs. For frequent fliers, who do repeat business with the same carrier, have long enjoyed the extra benefits given to the travelers. As most of the transactions are into digital environments, transportation industry will be growing target for hackers.
Travellers generally pay less attention to these airline loyalty points, which makes them more attractive to cyber criminals.
Hacking and malware represent nearly 50 percent of the data breaches occurring in this sector. Hackers are going after the source of sales in order to capture credit card information, which can then be sold on the Dark Web. Many tactics and schemes are being used to this end, and two of the popular methods are memory-scraping malware and POS skimmers. The latter of which is used in the rigging of payment processing units to steal credit card information. This is problematic for small businesses as they tend to purchase payment processing systems from less reputable vendors.
As more payment card vendors implement EMV chip-card technology, and as retailers switch to EMV-enabled card readers, the cyber threats to the POS will hopefully become less prominent. Even though it isn’t necessarily a definitive protection, but it is a significant step up in cyber security from magnetic stripes.
Companies that operate within these targeted industry sectors are focusing on better employee education and on implementing next-generation loyalty point theft solutions to control and limit the damage from cyber fraud.
~ Masuk Siddik