The motivation of threat actors largely determines why a certain industry is targeted, namely what a threat actor can gain from the attack. Whether it be money, prestige, or a public platform, understanding the motivation behind attacks shines a light on the industries most at risk for data breaches.
Curious as to which industries are most at risk for cyber threats? Find out now from the experts at RSI Security.
What are the High-Value Targets?
Types of targets vary in terms of type and value. The type can range from a physical building to a C-suite member to a data repository. Each target has value, but the worth and effort of the attack depend largely on what information is accessible via the target.
Top executives offer a fountain of knowledge from a hacker’s perspective. Wayne Lee, a cybersecurity expert at West Monroe Partners, told CIO magazine that “Executives are targeted for their access and influence within organizations, especially those whose purview includes sensitive financial data or personally identifiable information.” In recent years, threat actors increasingly target more susceptible individuals, like admin assistants or disgruntled employees, who can then provide access to high-level information or individuals. In particular, individuals that can grant access privileges are prime targets.
Targeting physical locations is less common for cybercriminals in terms of physically entering the building. But, depending on limited access, such a tactic may serve as the best way to gain system access and steal information. The reason physical attacks are less prevalent is simply that they are riskier. It’s preferable for a threat actor to remain anonymous behind a screen and, in many cases, involves fewer variables.
When it comes to the concept of a cyberattack, most people likely think of system attacks. Whether it be security systems (like intrusion detection software) or accounting systems, attackers have much to gain and, if done well, face few repercussions. Ransomware, viruses, worms, back-door attacks, supply chain attacks, and remote access attacks are just a few of the methods used to infiltrate systems and often gain media attention depending on the complexity of the attack.
Threat actors typically target systems to steal information, prevent access, or jeopardize information integrity. Many companies rely on systems for not only work but infrastructure functionality. Attacking systems can be one step in a security breach process. For example, threat actors may hinder the anti-virus detection software to enter another system undetected, or they may disable security cameras to assist with a physical attack. A system attack can initiate from something as simple as a malicious file downloaded by an unsuspecting employee or from a phishing campaign in play for months.
- Just for fun – Some hackers thrive on the adrenaline rush of hacking or they simply like to initiate chaos by disrupting systems or resting control from system administrators. By utilizing trojans and DDoS attacks, hackers can satisfy their need for a challenge and improve their bragging rights within their social circles.
- Ideological – Hacktivism uses cyberattacks to send a message, sometimes political and other times environmental. Regardless of the message, hacktivism isn’t motivated by monetary gain; it’s contingent on the reaction — the message’s impact. These messages are not always positive though. Disgruntled employees or citizens may use hacktivism to reveal a company’s failures and abuses.
- Espionage – State actors often have different motivations and resources for initiating attacks, with the gain being less monetary and more strategically focused. Their preferred target tends to be national defense or private sector technology companies. In the case of the private sector, threat actors stand to gain proprietary secrets. Attacking state entities exposes state, military, and technology secrets, potentially giving another country a tactical advantage.
- Prestige – Hackers are notoriously proud of their craft. Prestige as motivation means a threat actor wants to perpetrate an attack and then boast about their success. In some cases, this boasting can lead to the authorities catching the criminals, but in many cases, the anonymous handles of these hackers assist in concealing their real identity; however, they still gain notoriety within the dark web community.
- Financial – Cybercrime has become a lucrative business with less risk of being caught. According to Bromium’s The Web of Profit Report, highly-experienced cybercriminals can earn up to millions per year and lower-ranking hackers can earn an entry-level equivalent salary. Identity theft offers an easy means by which to open up fraudulent accounts.
Top At-Risk Industries
In mid-2019, Crowdstrike reported that 61 percent of malicious campaigns stemmed from cybercriminals and 39 percent from state actors. These statistics showed an uptick in independent, non-state related, threat actors. The report also noted that technology companies, telecommunication entities, financial services, healthcare providers, academic institutions, and non-governmental organizations remain top targets for threat actors.
Unlike other industries, financial companies give malicious attackers a direct line to profit. Institutions like banks, insurance com panies, and asset managers hold a wealth of PII, enabling phishing campaigns and direct account access. Consequently, financial institutions tend to be targeted more often than other entities. In 2019, the Boston Consulting Group (BCG) reported that cyberattacks affected financial firms 300 times more than other institutions. Additional research by F-Secure, a Finnish security firm, revealed three primary attack motivations within the financial sector: data theft, data integrity and sabotage, and direct financial theft.
Although banks typically implement robust cyber defenses, incident response training is lacking among employees. Since quick action mitigates the extent of an attack, such training is essential. Fintech payment data security is another emerging concern in financial services, for fintech startups and payment processors. The interesting nature of financial institutions is that everyone needs them, from individuals to companies to governments. As a result, state actors can monitor individuals or governments. That has been the case with North Korea, a known perpetrator of financial cybercrimes.
Telecom companies serve as the cornerstone of modern communication. Not only do they control how businesses operate, but they also determine productivity. Productivity, in turn, affects stock markets and overall economic health. For state-sponsored cyberattacks, targeting telecom companies is becoming popular through the implementation of advanced persistent threats (APTs). Furthermore, crippling a nation’s infrastructure, either physically or electronically, can severely limit a country’s ability to function.
On the other hand, attacking telecom companies for information gives threat actors access to names, financial credentials, and enough information to commit identity theft or blackmail customers. According to Deloitte, leased infrastructure equipment, like ISP home routers, pose a unique threat to telecom companies due to the interconnected nature of such equipment. Similarly, it is likely only a matter of time before TV plug-ins become a major threat to home networks as well.
Lower education institutions, such as primary and secondary public schools, tend to have small IT departments and old equipment. As a result, malicious actors can access student and teacher PII, disable systems, or modify grades. SecurityBoulevard notes that these institutions serve as the “low hanging fruit” ripe for exploitation.
On the other end of the academic spectrum are higher educational institutions. Colleges and universities often have larger budgets, but the money is funneled into expanding and renovating facilities or attracting potential students. As more and more universities fall prey to cyber attacks, they will have to start implementing more robust IT programs to maintain their reputation and protect research/PII. Ransomware, in particular, poses a significant risk to both lower and upper educational institutions because threat actors know how desperate schools are to maintain operations and not fall behind schedule.
Cybersecurity attacks continuously morph and adapt to threat actors learning from past mistakes and capitalizing on new technological weaknesses. Consequently, it falls to cybersecurity teams to stay informed on the latest attack trends. Looking back on 2019, experts have noted an increase in sophistication when it comes to attacks. Reverse tracking has become increasingly difficult due to VPNs and encryption. Likewise, new payment forms offer enticing new territory for identity thieves. Below are six trends to be aware of in 2020 that will help in updating or formulating new cybersecurity strategies.
Social Engineering – As always, targeting employees through phishing campaigns remains a top security weakness for companies. Downloading malicious software can be as easy as clicking on a supposedly innocent email about a fun work outing that, in reality, installs a worm on your computer. One of the best ways to combat social engineering is simply training. Train employees on how to recognize suspicious emails, what devices can and cannot be used in the work environment, etc.
IoT devices – New IoT devices launch every day and pose new security risks to all industries. As companies become more reliant on IoT devices, IT/cybersecurity departments need to make sure endpoints are secured and policies are in place to mitigate risks. Employees increasingly use IoT wearables and appliances in the work-place, in addition to standard laptops, tablets, and phones. One problem lies in the fact that, unlike company machines, employers cannot manage the patches for all these personal devices. Additionally, once introduced to a company’s network, IoT devices can be hacked or stolen/lost, further endangering your company’s systems. Having an onboarding policy detailing network connection limitations and proper device configuration will help mitigate the threat these new devices pose.
Foam Jacking – Form Jacking is quickly becoming the new way to steal payment information. According to Experian, form-jacking simulates skimming but in a digital format. Skimming involves a physical machine that when a person inserts a card, the information on the magnetic strip is skimmed and sent to a threat actor. Similarly, form-jacking involves inserting a virus into online retail websites that then allows criminals to steal customer information when consumers enter their information on the payment/checkout webpage.
Data Collection – Data collection is the name of the game for many companies today. In order to have a competitive edge, companies amass massive data lakes and warehouses. However, those data repositories cannot be constructed haphazardly or the information will be at risk. Considering functionality, growth potential, speed, and redundancy will help when building and securing data storage platforms.
Combating Cybercrime Trends
Limit Access – Cloud-based databases continue to grow in popularity because of the ease of collaboration they provide. However, if one desktop or laptop is compromised, the whole database is at risk, even more so if all desktops have unlimited access regardless of necessity. When possible, limit system access based on priorities and need-to-know status.
Managed Security Service Provider (MSSP) – For low budget/small businesses, and MSSP can offer much needed cyber monitoring support. Without hiring full-time employees, companies and schools can save money, while increasing the overall integrity of their systems.
Insurance/proper funding – According to Nationwide, cybersecurity insurance generally covers your business’ liability for a data breach involving sensitive customer information, such as Social Security numbers, credit card numbers, account numbers, driver’s license numbers, and health records. This type of insurance provides assistance with the “clean up” after an attack occurs including notifying customers, restoring personal identities, recovering data, and repairing systems.
Redundancy – Implement backup systems. Having data and programs stored in more than one location helps companies and educational institutions reduce the impact of ransomware attacks. Moreover, redundancy can be a case of life and death when it comes to healthcare providers.
Communication – Having a chain of communication reduces the response time when an attack occurs. Likewise, companies should know the industry regulations regarding how quickly they must disclose a security breach. A good communication policy should encompass employee responsibilities when a breach occurs, such as which team leads take point and who they must contact. In many cases, a communication chain will be laid out in an incident response plan.
Does your company fall into any of the most at-risk categories? If yes, it is important to evaluate your current cybersecurity policies and the performance of current security controls. Even companies that fall outside the high-target sectors should remain vigilant and strive to constantly improve security systems due to the evolving threat landscape. If you need help evaluating system vulnerabilities or industry compliance, contact RSI security today.