Examining the Industries With the Most Data Breaches
Cybersecurity is becoming more of a pressing issue by the day. As reports of major data leaks keep pouring into the public eye, concerns over how safe industry-held information really is only seem to be getting worse.
In a world where 69 records are either lost or stolen every second, these concerns are definitely justified. But some might ought to be more worried than others. Not all industries are equally under fire by cyberattacks: certain sectors hold more appeal for hackers for one reason or another.
Here, we will examine the industries that experience the brunt of cyberthreats. We’ll look at data breaches by industry, as well as what makes these fields so susceptible to attacks.
Healthcare has been “enjoying” the spotlight for a good while now due to a spike in data breaches. The industry has spent an average of 329 days addressing information spillage, more than virtually any other industry.
The most common venue of attack has been ransomware, wherein hackers get their hands on data, encrypt it, and then demand money to refrain from publishing or erasing it. This method has enabled cyber criminals to steal or otherwise compromise an excess of 40 million records in healthcare.
As one can easily guess, this preponderance of hacking has resulted in severe costs for healthcare. The damage now easily accounts for billions of dollars, with some estimates placing the financial toll for 2020 at around $4 billion.
Despite such crushing consequences, the industry has not made much headway to bolster its cyber defences. A survey conducted by Black Book Market Research reveals the healthcare industry’s alarming unpreparedness to handle cyber threats.
Here are some of the survey’s most poignant stats:
- 96% of IT professionals believe that data attackers are outpacing medical enterprises’ attempts to shield their data
- Over 93% of healthcare organizations have experienced a data breach since the third quarter of 2016, of which 57% saw more than five data breaches in the same timeframe
- IT security budgets for hospitals have remained practically the same since 2016
- A third of hospital executives that purchased cybersecurity solutions between 2016 and 2018 did so without making a well-informed decision
- 5% of physician groups that employ over ten clinicians report having a dedicated CISO
The amount of data the healthcare industry handles is immense, from medical records to internet-connected medical devices and billing records. The size of these networks makes securing them very costly, and so many hospitals end up with lacklustre safety measures.
And it just so happens that the information that healthcare so meekly guards is extremely valuable for hackers. Personal info holds great worth on black markets and can be used in a wide array of ways, from blackmail to stalking, harassment, or identity theft.
Retail has been under serious fire from cyber threats in recent years. IntSight’s survey, Cyber(attack) Monday: Hackers Target the Retail Industry as E-Commerce Thrives, reveals that the industry suffers $30 billion a year due to hacking mischief.
Given the industry’s sheer size, it’s no surprise that so much money pours out from cyber vulnerabilities. But the fact that retail increasingly relies on hoarding customer data to perfect its services only exacerbates the risks of data breaches. The less-than-adequate protection of pay systems, which leaves major openings for hackers to snatch information, doesn’t help either.
The glaring holes in retail’s cyber defences left hackers with a multitude of attack points. The most beloved tactics used by cyber criminals include:
- Social engineering: using deception and manipulation to trick people into willingly handing over their personal data (phishing)
- Web skimming: sneaking malware into a website through a third-party script service (Magecart)
- RAM scraping: injecting malware into a point-of-sale terminal to siphon credit card info
- Near field communication (NFC): hackers accessing data through price scanners, card readers, and cell phones
- Credential stuffing: taking usernames and passwords and “stuffing” those credentials into the other digital services’ login pages.
The retail process involves several points that a cyber criminal can exploit. They may attack the point of sale, the supply chain, the customer’s endpoint, and more. Maintaining tight security on all of these fronts is more than a little demanding.
Online shops fare a little bit better than brick-and-mortar establishments in terms of data security. An estore can’t survive without customers knowing that it handles their information with care, so the internet-bound retailers make extra efforts to protect said information. It makes sense, then, that eCommerce would spend as much as $2 trillion to ward off hackers.
The manufacturing industry has its fair share of cyber attacks. This sector sees an average of 20,315 sensitive files exposed, putting it ahead of retail in that department.
However, data breaches in manufacturing aren’t all about stealing personal data of consumers. A great deal of hacking here is for the purposes of cyber-espionage. In those cases, the attackers’ goals are usually to attain insight into trade secrets, intellectual property, and other such sensitive information.
These problems will likely only worsen in time. Pursuing efficiency is pivotal in staying competitive in the manufacturing industry. As such, factories and companies that refuse to embrace proven methodologies often find themselves lagging behind the competition. And this effort to keep abreast on trends can lead to trouble.
Many additions to workflow effectiveness are technology-based, and they add a host of new security problems. For example, new data analysis protocols or the integration of IoT typically come with unique safety challenges. Addressing those problems adequately is quite difficult, so many businesses lack the cyber shielding necessary to fend off all threats.
Gaming has come far from its somewhat recent roots of a quaint pastime provider. The industry is predicted to have a networth of $300 billion by 2025, with millions of people regularly engaged in video games. That kind of traffic inevitably draws in criminal intent.
Gaming experienced a total of 12 billion attacks between 2018 and the first half of 2019. Credential stuffing comprised the most of these attacks, taking customers’ stolen passwords and reapplying them to different sites to see if they used the same ones there.
The obvious reason why the gaming niche struggles with so much cyber crime is its massive customer base. But the public’s perception of gaming as an activity plays just as vital a role in the story. Most fail to recognize it as something through which their real lives might come into risk through data theft. It’s just a game, as many would reason.
Gaming forums also represent a notable hazard for gamers’ data. Many of these websites are created and maintained by individuals, and their cybersecurity doesn’t measure up to recommended standards. Furthermore, most people simply visit forums for tips and advice on how to play certain games, rarely thinking of the dangers therein.
The way we learn and teach has remained more or less the same until a few decades ago. But, nowadays, various technological solutions have cropped up to facilitate virtual learning, shared learning applications, and much more.
With the arrival of all these technologies, safety holes were bound to be found in spades. CyberEdge Group’s 2019 Cyberthreat Defense Report discovered that 80% of education-related organizations underwent at least one successful data breach.
The quality of education data protection leaves much to be desired overall. For example, some districts forbid the changing of a student’s ID, while certain learning platforms allow placing the same phrase for both the username and the password. A lack of staff and funding for cybersecurity contributes much to the issue as well.
The education system handles a treasure trove of student data, holding information like emails, SAT scores, point averages, addresses, and more. This information frequently lies in the hands of ed-tech platforms with less-than-stellar cybersecurity. That leads to all kinds of mishaps, such as students hacking a school website to help them win a water fight.
Ransomware causes the most problems in education, however. Since many schools can more easily afford to pay ransom than to temporarily shut down, oftentimes they will simply pony up the money. While attempts to change grades or sell data create problems of their own, ransomware proves to be the most destructive.
One can easily see why cybercriminals would find the financial sector so enticing. The industry regularly deals with some of the most valuable data possible. And, naturally, financial institutions are often under siege from hackers.
Interestingly enough, finance data breaches are more on the “quality over quantity” side. According to Bitglass’ The Financial Matrix: Bitglass’ 2019 Financial Breach Report, only 6% of all leaks came from this sector in 2019. However, it still accounted for a whopping 61% of all records stolen that year.
While cybersecurity here is definitely tight compared to the above entries, there are still issues begging to be solved. One such red flag is the industry’s rush to integrate cloud-based solutions to accommodate big data. The quality of third-party software security poses a potential risk, too.
The aforementioned Bitglass report puts financial data security into perspective quite well. Take a look at some key takeaways:
- The three biggest breaches of financial services firms in 2019 happened to Capital One Financial Corporation, Centerstone Insurance and Financial Services, and Nassau Educators Federal Credit Union, which affected 106 million, 111,589, and 86,773 individuals respectively.
- Capital One Financial Corporation faced four data breaches in 2019, showing an unwillingness to enact and enforce more stern measures.
- Hacking and Malware were the primary methods of data breaching in financial services, accounting for 5% of all cases. Insider threats grew to 5.5% in comparison to 2.9% in 2018, and accidental disclosures jumped from 14.7% to 18.2%.
- While healthcare takes the cake in terms of average cost per stolen record ($429), finance’s mega breaches are close behind at $388, though an average of all incidents stands at $210.