We have heard the classic phrase “It’s not a matter of if, but when” when it comes to cyber incidents. There’s really no safe zone for anyone now, unless you have zero connectivity with outsiders, which is highly unlikely in this digital era where if you’re not connected, you’re out. Let’s also look into the minds of cyber criminals. What drives them to break into your accounts, systems, computers, website? Gone are the days where cyber criminals do what they do for fun. They have learned how to leverage on their expertise to make an income out it. Now, we see Ransomware making headlines in the news, indicating its significance and impact it makes on large organisations. It has become the most lucrative attack method for cyber criminals. Cyber crime pays.
Let’s look at which sectors make the top of a cyber criminal’s to-hack list.
The Singhealth Hack is neither NEW news nor the first of its kind in the world. In fact, the healthcare industry experience 32,000 intrusion attacks per day, compared to only over 14,300 intrusion attacks per day in other industries according to a 2017 report by FortiGuard Labs. The reason behind this could be healthcare’s cyber security being at its infancy since financial institutions and government agencies have always been in the spotlight. However, healthcare holds valuable and static information, such as identification number, date of birth, medical and hereditary conditions and disabilities. Criminals can use these information to fake medical bills to the victims’ families and purchase prescribed medication illegally. With cost per data stolen in healthcare costing as much as $408 per record (three times higher than industry average of $148), it’s obvious why healthcare is the way to go for cyber criminals.
- Logistics and Transport
We have seen a number of high profile cyber attacks in the past years, such as the Notpetya attack on TNT Express and Maersk, costing a significant hole in their numbers. What makes this industry an attractive target? First, the logistics and transport industry are heavily interconnected with third parties, from ports, exporters, customs, warehouse and forwarders. The interactions between these companies make it easy for an attacker to find an entry point to attack. Then, you have to look at the goods being transported. Cyber criminals are able to find out the content being transported and in the case of ships, it is an easier target. Most ships are using outdated systems, isolated in the sea and use USB sticks to transfer data. Cyber criminals take advantage of these gaps and are able take over their navigation control systems.
- Financial Services
There’s no doubt that the financial services sector will continue to be a top target for cyber criminals, and attacks will only get more sophisticated. However, this sector has been keeping their guards up with higher investment in securing their data (according to Forbes, J.P Morgan, Citibank, Bank of America and Wells Fargo spent $1.5 billion on cyber security), and compared to other industries, they are heavily regulated due to the nature of business. With that, the financial services industries are less susceptible to common cyber attacks and according to a report by Ponemon in 2017, the financial services sector experience slightly lesser cyber breaches compared to other industries. This however, is still a continuous battle as attackers are always trying to outsmart the defence system and the financial services simply cannot afford to experience an attack without making a hole in their numbers, reputation and possibly affecting the government.
The manufacturing industry, from pharmaceutical, chemical to fast moving consumer goods are easy targets for cyber criminals. These industries are not as advanced in cyber security and usually do not have strong focus on securing their IT systems. Compared to financial services and healthcare, they do not hold that many sensitive data that may affect their clients. However, the prize is on their intellectual property (IP). Stolen IP can be sold to their competitors to replicate products or for trade negotiation purposes. An example would be the Bronze Butler hacking group attacking various Japanese organisations in heavy industries and manufacturing since 2012, extracting IPs and other confidential data. Losing such critical assets can be damaging to these manufacturing industries, costing research efforts and losing out to competitors. To begin, these industries would be
- Government Agencies
According to a research by Malwarebytes, a software security firm, over 75% of UK local councils and agencies have been hit by cyber attacks in the past 12 months. Just earlier this year, the German government suffered a powerful cyber attack on their computer network. Government agencies holds plenty of sensitive data, making them an attractive target. These are just two of the many cyber attack cases affecting government agencies all over the world. Are they not taking appropriate measures? Could it be the use of legacy IT and software solutions making them a vulnerably target? Or could it be the lack of awareness by the leaders and decision makers? Cyber threats could possibly be the nuclear weapon of this era, where a war can be started without being discovered and causing serious consequences.
Truth is, cyber attacks can happen to any organisation, regardless of size and industry. Key to a resilient cyber security strategy is to constantly review and test your IT security. If you are unsure of where to start, a Cyber Security Assessment should be the first step as it reveals your current cyber security posture. With that, you will be able to know the ROI and effectiveness of your IT security expenditures before spending on more security solutions. Sometimes all you need could just be a simple upgrade to your existing software. Speak to us here if you wish to learn more about Cyber Security Assessments or solutions to protect your organisations.
Written by: Liwen Woon