A decade ago, many organizations might not have considered a data breach as something to cause worry. Now, the potential compromise of sensitive data is considered a consistent cost of doing business.
The 2017 Cost of Data Breach Report by Ponemon Institute and IBM Security clearly revealed that a data breach is a permanent risk for organizations of all sizes and industry backgrounds. The report further estimated the average cost paid for each stolen record containing confidential information is $141.
No Industry is Immune
There is not an industry or locale safe from cybercriminals with motivation. Organizations storing sensitive and personally identifiable information (PII) are the most susceptible and remain highly prized targets.
In 2016, the Online Trust Alliance reported that more than 90 percent of data breaches could have been prevented by having a solid plan in place—from adherence to basic compliance processes to using available technologies for proactive detection and response.
Is your business within one of the most susceptible markets? Regardless of industry, how do you keep yourself out of the headlines with a proactive data breach response plan?
What Industries are Highly Susceptible to Data Breaches?
With roughly 100 million healthcare records reportedly compromised in 2015, it's no surprise that healthcare tops the list of industries that are in most danger of a data breach.
In fact, the healthcare sector was attacked at a higher rate than any other sector in 2015. As the Intelligence Index points out, 5 of the 8 largest breaches since 2010 in healthcare took place in the first half of 2015.
Why healthcare? First, many argue this industry is almost always behind when it comes to information security. Second, electronic healthcare records contain a huge wealth of exploitable, sensitive information that fetches a high price on the Dark Web. In 2016, a Hollywood hospital was hit by ransomware and, according to an earlier article, hospital officials gave in and paid in bitcoins.
Despite the lack of reported large-scale breaches in the manufacturing industry, the rising trend of interest in hacking cars remotely has placed this industry next to the healthcare sector in terms of data breach vulnerability. According to IBM's report, the automotive sub-industry was the target of nearly 30 percent of the data breaches in manufacturing last year, closely followed by the chemical manufacturing sector.
In Sikich's 2017 Manufacturing Report, theft of intellectual property is identified as one of the top reason of data breaches in this industry. As Deloitte notes, the manufacturing sector may be targeted not only by hackers and cyber-criminals, but also by competing countries and companies engaged in corporate espionage, whose motivations can range from money and revenge to competitive advantage and strategic disruption.
3. Financial Services
Gone are the days of masked bank robbers barging in unannounced as the only method of thievery. Cybercriminals attacking financial companies now prefer extortion via ransomware or theft of currency—both of which rose by 80 percent in 2015.
Social engineering, Shellshock, and Denial-of-Service (DoS) attacks were the top 3 attack vectors last year for the financial sector. IBM threat researcher Scott Craig writes in this Security Intelligence article that these attacks resulted in the breach of roughly 20 million financial records, costing financial institutions an average of $215 per stolen record. These figures are lifted from IBM's research on security trends in the finance industry last year.
In the first half of 2016 alone, Threat Researcher and Editor for IBM Security Michelle Alvarez reported via Security Intelligence that 200 million government records were already compromised globally—60 million more than all the records breached from 2013 through 2015.
According to the FBI’s Internet Crime Complaint Center (IC3), faking government websites was a common modus operandi of cybercrooks for convincing users to give out confidential, sensitive information between 2012 and 2015. Outside the U.S., Reuters reported that 1.25 million records of personal information were lost to data thieves in Japan when the country's pension system was hacked in June of last year.
5. Transportation and Logistics
The industry's sub-sectors such as aviation, maritime, mass transit, and highway infrastructure have been targeted by nefarious online attackers for the past year.
According to the U.S Department of Transportation in last year's Transportation Systems Sector-Specific Plan, the transportation industry is becoming increasingly vulnerable to cyberattacks. The report states that this is due to “the growing reliance on cyber-based control, navigation, tracking, positioning and communications systems, as well as the ease with which malicious actors can exploit cyber systems serving transportation."
As an industry offering cybercriminals a host of targets on a global scale, a data breach incident in the transportation sector can potentially lead to the collapse of economies or mass chaos. The United Airlines hack is a good example. Besides billions of dollars lost, stolen data can be catalogued together with stolen medical and financial data, and serve as excellent avenues for future blackmails and more large-scale breaches.
A 5-Step Plan to Get Yourself Out of the Headlines
It's easy to assume that hackers are the ones behind large-scale data breaches in the aforementioned industries. However, Verizon's 2016 Verizon Data Breach Investigations Report (DBIR) revealed insider error and privilege misuse closely followed web app attacks (top on the list) in last year's confirmed data breach cases. In other words, someone you trust can possibly launch an attack or commit an error.
Whether insider abuse or hacktivism, the following 5-step plan may keep your business out of the headlines:
- Determine baseline levels within your network.
- Prevent and detect compromise in real-time.
- Insulate sensitive data and limit insider access.
- Empower your data breach experts with multiple platform support and easy integration with anti-virus/malware detection technologies.
- Extend protection to your entire IT infrastructure.
Implement Your 5-Step Plan With File Integrity Monitoring
File integrity monitoring (FIM) solutions such as CimTrak can help you implement your 5-step plan to keep your organization out of the headlines.
Continuous monitoring of files in real-time means you'll be alerted of unwanted or suspicious activity that could possibly lead to a breach. CimTrak file integrity monitoring software is the only file integrity monitoring solution that enables you to store “snapshots” of changed files and configurations and restore files and configurations back to a pre-change state in real-time.
With a reliable FIM tool like CimTrak, your entire IT infrastructure is protected, including servers, workstations, network devices, and databases.
Not sure which FIM solution to try? Download our free file integrity monitoring whitepaper now.
August 23, 2017