Not all industries are created equal when it comes to cyber attacks.
Any company or organisation that uses the internet for any part of their operations is at risk of a cyber attack—and let’s face it, in this day and age, there are very few that aren’t online in one way or another. The internet is such a useful tool that many conduct their business entirely online, and this has enabled phenomena such as remote work.
While most people and businesses are confident that the risks of using the internet are outweighed by the benefits, there are very real risks to consider. From hefty fines for data breaches due to recent changes to the Privacy Act to enormous disruptions which can cost time, money, and reputation, cyber attacks are a real threat.
For some industries, they are even more real than for others. The following are a few of the high-risk industries, the reasons they are more vulnerable to cyber attacks and some examples of major or memorable data breaches.
Healthcare and medical
Globally, this is one of the most-targeted industries. It handles a lot of sensitive information, which is a carrot on a stick for hackers; data such as names, numbers, addresses, medical records, and financial details is often stolen.
In the United States in 2015, health insurance provider Anthem Inc experienced a major data breach that involved more than 70 million records, an enormous incident that led to several civil action lawsuits for the company costing them USD$115 million. Recently on our own shores, almost a million Kiwis faced the possibility of identity theft when Tū Ora Compass Health, Wellington, Kāpiti, and Wairarapa’s primary health organisation, underwent a cyber attack and personal information of enrolled patients was compromised.
With a lot of money involved, it’s no wonder that banks and other financial organisations are often targeted by hackers. Businesses handling large amounts of money tend to take just about all possible measures to keep it safe, but the temptation is great—and cyber criminals can be innovative. A common threat for banks is attacks on their web applications, which are difficult to deal with as these apps are constantly being used by thousands if not millions of customers. On a smaller scale, ATMS are commonly physically targeted.
One of the biggest financial data breaches was the Equifax breach in 2017, which exposed the private information of around 150 million accounts in the UK and North America. Some credit card numbers were also stolen. Although the attack began in mid-May, it was not discovered until July, and not made public until September. Equifax has faced many lawsuits and paid out hundreds of millions of dollars. The CEO, CSO, and CIO all stepped down as a result.
Government agencies/public sector
The public sector is hugely vulnerable to attack, for several reasons. Personal information is one (and it bears mentioning that in New Zealand, the healthcare industry is included in the public sector). Espionage is another—in the modern world, a spy can get more information online than they can by throwing on a disguise and hitting on a target in a bar. Some attacks are politically motivated, intended to discredit or cast doubt on an agency or government.
A recent example in New Zealand was the attack on the Ministry of Culture and Heritage, which saw passport, birth certificate and drivers’ license data exposed. In 2015 in the United States, the voter database was compromised and the information of 190 million people made vulnerable.
Keep your data safe
Cyber security has many moving parts, and methods used to protect data will vary not only between industries, but between countries and also companies. There’s cloud security to think about, application security, the human error element and education of employees, and network security. A robust system security plan is helpful for organisations to gain oversight of their security and all the different aspects of it.
For the most effective cyber security, the best course of action for businesses in any sector is to consult experts. CANDA are cyber security specialists helping an array of companies to manage their accreditation and certification, as well as offering quality and informed cyber security advice out of our wealth of industry knowledge. Ensuring the safety of data is top priority for most businesses, and for those listed above it is of extra concern. We understand this completely and can work with teams to design and implement systems and practices which will provide the best possible protection.