Institutions More Vulnerable to Cyber Security Risks
Like the majority people, you may think that financial institutions like banks would top the list of industries most at risk of cyber attacks. The reality is that healthcare, and not financial sector, stands at the peak of the industries at greater risk of cyber attacks, according to the 2016 IBM X-Force Cyber Security Intelligence Index. In 2015 alone, more than 100 million cyber breaches occurred in the healthcare sector.
So, the top 5 industries at greater risk of cyber attack are:
- Healthcare
- Financial Services
- Manufacturing
- Government
- Legal
Healthcare
In 2015, 3 of the 7 largest cyber breaches occurred in the healthcare sector. The Anthem incident was the largest cyber security breach in the healthcare industry in 2015.
And according to the PwC Health Research Institute analysis, the likely cost of a serious cyber security breach in the healthcare industry is two hundred dollars for every patient’s record. This includes the overall cost of the breach, including the business downtime, reputational damages, litigations, and business loss.
On the other hand, the cost to thwart a cyber attack is only eight dollars for every patient’s record. This figure alone is enough for healthcare facilities to get protection against cyber attacks.
Financial Services
The financial sector is at the second slot on the list of the industries at greater risk of cyber attacks. It was at number one position in 2015. The good news is that this sector has done far better in 2015 and 2016. Financial institutions have injected more money in cyber security over the last couple of years. This has helped thwart or prevent majority cyber attacks.
According to Forbes, J.P. Morgan, Bank of America, Citibank and Wells Fargo alone spent $1.5 billion to battle cyber attacks. However, there is still a long way to go for other financial institutions. Cyber crimes are on the rise and hackers are sharpening their methods and techniques.
Financial institutions must have foolproof cyber defenses in place, including:
- GLBA assessment, gap analysis, and preparation
- Security program development and review
- Data loss prevention
- Identification, authentication and authorization systems
- Network security
- Technology-based security solutions
The Manufacturing Sector
The manufacturing industry is steadily budging up the list of the industries at higher risk of cyber crimes. Hackers are now realizing the attractiveness, value, vulnerability, and sensitivity of the manufacturing sector. This sector is more susceptible to cyber crimes because companies in manufacturing have not fully realized the importance of cyber security yet. They are not fully ready and equipped to cope with an attack. And now cyber criminals know this.
The manufacturing sector players like FMCGs, locomotive, textile, pharmaceutical, chemical, and defense good producers hold critical data and information. They conduct researches and developments. They have a cache of patent and IP related information and business secrets. This makes them an attractive niche for cyber criminals. The risks are greater in that the manufacturers depend mostly on systems and networks that lack robust cyber defenses.
For example, the Critical Manufacturing Sector virtually amplified to a record 97 events, becoming the leading sector for ICS-CERT in FY 2015. Also, a 2016 report by Sikich revealed an increase in cyber attacks in the manufacturing sector. Intellectual property information is the primary driving force behind the attacks, experts say.
Government Agencies
Government agencies are a hot target for cyber criminals. Remember the 2015 attack on the State Department email system by Russian hackers? It was the most severe attack ever launched against a government agency. The hackers managed to steal the fingerprints of more than 5.5. million Americans.
The government’s cyber security protection is weaker. In 2016, the US government tasked a team of hackers with identifying cyber security flaws on the Pentagon’s websites. The hackers identified 138 cyber security loopholes in 5 websites. What is more shocking is that since 2006, the number of cyber attacks against the US government has increased by 1,300 percent, according to a survey.
Moreover, 11 of the 18 agencies that are considered as possessing high-impact systems experienced 2,267 events of cyber attacks in 2014 alone. In about 500 cases, malicious codes were found in the affected systems.
In light of the aforementioned, it is important for the government agencies to identify and address the weaknesses and loopholes in their cyber security. Here are some recommendations for government agencies to enhance their cyber defense:
- Implement each and every element of your cyber security programs in their entirety
- Have additional layers of protections for systems having sensitive data and those at risk of disruptions
- Implement FISMA based security management program development, Documentation, and Implementation
- Implement FedRAMP based cloud security assessment
- NIST 800-53, FIPS 199 and FIPS 200 based system security plan development
- NIST 800-37 based information security risk management framework Development
- NIST 800-53A based security risk assessment
The Legal Sector
The legal sector is a soft target for cyber criminals. Hackers have realized the importance of law firms and the critical data and information they hold about their clients, which may range from small to large organizations. There is no doubt that law firms hold sensitive information about their clients, such as patent and litigation information, financial data, and upcoming merger and acquisition documents.
Unfortunately, most law firms lack robust cyber security. And cyber criminals are capitalizing on this. For example, the cyber defense of a company may stop an attack launched by hackers, so the criminals may divert their attention toward the law firm serving that company. Hackers know they can easily get the information they are looking for from a law firm that is serving their target company than spending their time targeting the company directly.
Takeaway
There is no doubt that cybercrime is on the rise across the world and hitting all industries. While advancements in technologies have boosted the productivity and efficiency of businesses, they have made organizations vulnerable to cyber attacks. Today, no organization is completely immune to cyber attacks. The 5 industries that top the hit list of cyber criminals have been explained above. The institutions in these sectors are wise to have robust cyber security in place or the breaches will become worse.