While nations still wage physical wars, people and organizations are more likely to become casualties of rising global cyberattack threats and digital warfare. Unlike declared physical conflicts, the battle lines of cyber wars aren’t always clear. Individuals or companies can be targets of cyberattacks if they have intelligence data that’s valuable to attackers. With the help of sophisticated cybersecurity tools, organizations can determine the true operations and motives of cybercriminals, but many times people are left wondering about the details of a cyberattack that isn’t strictly financially motivated. One thing is clear, some industries are targeted more than others. We will discuss targeted industries for cyberattacks and some key best practices that’ll keep your organization protected against the next big cyber threat.
As technology becomes more sophisticated, industries collect more data, and nations wage wars, cyberattacks hit businesses daily. While cyberattacks may be state-sponsored, often, the goal is ransom and according to Cisco, 53 percent of cyberattacks led to damages over $500,000.
Cybercrime can include everything from embezzlement and theft to data destruction and service interruption. During the 2020 pandemic crisis, the number of cyberattacks increased, forcing nearly every industry to adapt to rapidly-evolving environments and since the Ukraine war, cyberattacks have tripled. As a result, every company can benefit from being proactive and improving identity and access management.
Consequences of Cyberattacks
Cyberattacks impact organizations in several ways, including anything from minor operations disruptions to significant financial losses. Regardless of the type of attack, every consequence includes some monetary or temporal cost; the incident can impact your business weeks or even months after the fact.
Business can suffer in five main areas:
- Financial losses
- Loss of productivity
- Legal liability
- Damage to reputation
- Business continuity difficulties
Top Targeted Industries
Although all industries are vulnerable to cyberattacks, some are bigger targets due to the nature of their housed data. The most at-risk businesses are those closely involved in everyday lives.
Types of organizations most vulnerable to cybercrime include:
- Banks and financial institutions: Contain bank account information, personal customer data, and credit card information.
- Healthcare institutions: Repositories for patient records, including billing information and social security numbers, clinical research data, and health records, including insurance claims.
- Corporations: Inclusive product concepts, marketing strategy data, intellectual property information, contract deals, client pitches, and client and employee databases.
- Higher education: Academic research, enrollment data, financial records, and other personally identifiable information, including addresses and names.
Federal Agencies and Defense
The federal government and its military have always been the keepers of important state secrets that are paramount to national security. Within the last two decades, there has been a push to digitize records and move critical operations to computerized platforms. This makes government agencies tempting targets for cybercriminals of all types. There are bad actors who want to steal data to sell to the highest bidder. Other nations also employ hackers to breach computer systems in order to spy or to cause disruptions.
For example, cybersecurity experts believe that U.S. government systems were infiltrated through an infected Solarwinds IT update in March 2020. Solarwinds is a tool that monitors network traffic, but the malicious code was used to access a number of accounts that exposed large amounts of communication data to cybercriminals.
Here are the agencies that were impacted.
– Department of Energy
– National Nuclear Security Administration
– Department of State
– Department of Treasury
– Department of Homeland Security
In the incident investigation, cybersecurity specialists reverse-engineered the attack to find out the exact extent of the damage. The federal government has access to the most sophisticated cybersecurity solutions on the market. However, consultants warn that this type of software supply chain attack is hard to combat. They recommend that IT security monitors scheduled updates. If an unscheduled update is requested, IT security needs to flag it as a potential threat. Also, government cybersecurity specialists likely shored up Identity and Access Management (IAM) protocols to limit the people who are authorized to do unscheduled updates to vendor products. Remaining vigilant is key.
Energy and Utilities
Today’s society runs on fuel, which makes oil and gas companies prime targets for cyber thieves. On 29 April 2021, Colonial Pipeline shut down its entire gasoline pipeline system because of a cyberattack. The bad actor left a ransom note asking for payments in cryptocurrency.
Cybersecurity experts believe that the breach was caused by leaked account credentials that were used to access the company’s computer system remotely using a virtual private network. Investigators aren’t sure how hackers got the credentials, but there is evidence that the username and password were available on the dark web. They said that the credentials weren’t in use at the time of the attack but that they could still be used to gain network access.
Colonial Pipeline resumed operations on 12 May 2021 after the East Coast experienced long lines at gas stations and higher fuel prices at the pump. IT security professionals at Colonial Pipeline have likely boosted their IAM solutions in response to the incident. IAM platforms give IT professionals a way to automatically shut off inactive accounts to mitigate the risk of unauthorized network access.
Technological advancements have revolutionized the retail sector. Consumers can now shop for products at any time of the day or night. They can buy products that are sold halfway around the world or just right around the corner. Social media also makes it possible for retailers to communicate their brands’ best features to a highly targeted audience. However, the same technologies that enable all of this growth are the same ones that leave retailers vulnerable to cyberattacks.
Besides the enormous amounts of personally identifiable information that retailers collect from customers, many retail stores have another cache of high-value targets that attract cybercriminals. If you haven’t guessed, it’s the products themselves. Luxury brands lose approximately $500 billion dollars to the global counterfeit and pirated goods industry. These fakes diminish the value of high-end brands, and they can cause harm to consumers when counterfeit personal care products are made with toxic ingredients. Luxury brands mitigate the risk of theft and counterfeiting by using QR coded packaging on their goods. However, some cybercriminals have learned how to hack QR codes. These unique cybersecurity problems require unique cybersecurity solutions that blockchain technology may solve.
Examples of Cyberattacks
- Banking: Two days after Ukraine’s government warned of plans for incoming cyberattacks, government websites and banks were targeted during the escalating conflict with Russia. In response, the country declared a 30-day state of emergency. According to the United States, this attack on Ukraine represented the beginning of the invasion.
- Healthcare: In Massachusetts, Trinity Home Care experienced a breach on February 1 and discovered it the next day. The institution launched an investigation and reported that the hackers hadn’t stolen any billing data or medical records. However, this type of attack still happens all the time.
- Corporations: A top Toyota supplier was recently affected by a ransomware attack by a group called Pandora. The group had threatened to disclose 1.4 terabytes of trade secrets, parts diagrams, and invoices on the dark web.
- Education: GEMS Education, located in Dubai, also experienced a disruption in recent days. Although the extent of the scope is still under investigation, schools remained open with minimal issues.
Securing Identity and Access Management (IAM)
According to IBM, it takes an average of 197 days to discover a breach and another 69 days to contain it. Companies that contain a breach in less than a month saved more than $1 million compared to others. Simply put, responding slowly to a data breach exacerbates the problem, leading to loss of customer trust and productivity.
Identity and Access Management Steps to Take
IT managers must develop strong IAM policies to protect their agencies and bolster security without undermining productivity.
1. Audit who has access to what data
It’s virtually impossible to do this task manually, but automated monitoring gives you a good perspective on who is using what applications to access various types of data. Analyzing this information can also provide insight into those who were inadvertently granted access to data beyond their purview, including employees who no longer work for the agency.
2. Set role-specific templates and a policy of least privilege
In anticipation of users getting promoted to different teams with new responsibilities, IT managers can incorporate a least-privilege policy that they can adjust on a case-by-case basis. For example, is it necessary for a particular employee to keep access to a specific app? Does that employee need access to every server or just a few that he’s responsible for maintaining?
Setting up role-specific templates can facilitate a least-privilege policy. For example, a CIO could have widespread access to a company’s full range of tools, but a senior manager might have significantly more restrictions. When a user’s role changes, so too must their access to the appropriate data type.
3. Keep an eye on shadow IT
Applications are also a cause for concern; it’s a good idea to disallow any apps with risks and closely monitor those deemed safe. Likewise, an IT manager could authorize an app that once seemed questionable but is considered harmless after an investigation. Regardless, it is impossible to secure the data you can’t see, so shining a light on applications in use can provide a greater understanding of the situation.
Cyberattacks are without the bloody realities of physical wars, but they can still cause a lot of damage. Making your employees and other stakeholders aware of the latest cyber threats to your industry is an important first step to securing your organization’s computer system and valuable data. Adopting proactive IAM solutions and other cybersecurity tools that help to automatically detect, isolate, and analyze threats is the perfect complement to a comprehensive cybersecurity strategy.