According to a source recently published by Verizon, cyber threats are very different depending on the industry that they attack. Differences in attacks on the financial industry, health care, retail and intellectual property theft were examined. The data in the article came from Verizon’s annual Data Breach Investigations Report. Differences between different size organizations were also noted. Different tactics are used in different industries.
Attacks on large financial institutions tend to be aimed at stealing money from bank accounts. Security breaches in health care are more likely aimed at smaller doctor’s offices. These attacks are primarily motivated by insurance fraud. Cyber-attacks in the retail industry tend to target smaller stores.
Attacks on smaller stores and doctor’s offices tend to be precipitated by inadequately secured systems. Most of these industries tend to outsource their security so don’t have an understanding of their security systems in-house. Attacks can come from mistakes made by their security vendor. Often employees can inadvertently help attackers by poor online habits. Steps to educate employees about security threats can help avoid these types of attacks. Health care providers also need to be concerned about protecting medical devices and electronic medical records.
Half of all the cases analyzed by Verizon came from hotels and restaurants. Retail accounted for twenty percent and finance and insurance industries made up ten percent.
Intellectual property theft is a very unique type of attack. These attacks often take advantage of opportunity. These attacks often unfold over time and involve attackers gathering information about their targets over time. Often inside sources are used to help intellectual property theft. Recruiting insiders greatly minimizes the risk and effort for the attacker.
To protect themselves from cyber-attacks, it is suggested that firms are vigilant about using better passwords. It is suggested that firms continually study and reevaluate their risks of attack. Proper dedication to IT security training (Advanced Security) and understanding what your attackers are after can help you better protect yourself.