So begins the IBM X-Force Cyber Security Intelligence Index (registration required for a free overview) and it does not get any cheerier! It continuously monitors billions of events per year, as reported by more than 8,000 client devices in over 100 countries.
Cyber security has to become a way of life – it is no longer adequate to sit back and say it won’t happen to me. Financial gain is still the most powerful motivator for cyber criminals but it is by no means the only one. Last year’s attackers branched out in a big way—inflicting physical damage, stealing intellectual property and lodging political protests. The most targeted industries included healthcare, manufacturing, and government organizations around the world.
The good news is that while the number of security incidents increased by 64% only 3% were of a severity high enough to cause a data breach. The good guys are catching up to the well-funded, well-organised, cybercriminals and with a little prevention most of the attacks can be prevented or harm minimised.
Read on for the top five industries targeted.
|
|
Healthcare - one
Five of the eight largest healthcare security breaches since the beginning of 2010 - those with more than one million records reportedly compromised—took place during the first six months of 2015. In fact, over 100 million healthcare records were reportedly compromised in 2015.
Packed with a wealth of exploitable information, electronic health records fetch a high price on the black market. They typically contain credit card data, email addresses, social security numbers, employment information and medical history records—much of which will remain valid for years, if not decades. Cyber thieves are using that data to launch spear phishing attacks, commit fraud and steal medical identities.
Manufacturing - two
Includes automotive, electronics, textile and pharmaceutical companies, moved into second place in 2015. Automotive manufacturers were the top targeted manufacturing sub-industry, accounting for almost 30% of the total attacks following security researchers’ disclosure that attackers could remotely hack a ‘connected’ car.
Cybercriminals are financially motivated and therefore more likely to go after corporate networks—where they could steal potentially valuable intellectual property or sensitive information that wreak havoc.
Financial Services - three
The industry has been making its own strides to bolster cybersecurity in reaction to major breaches over the past several years. On the consumer side of the financial services business, it’s important to recognize that some of the very conveniences that banks now routinely offer customers—including automated teller machines, credit cards and mobile banking apps—have introduced a level of accessibility that goes a long way toward making the financial system highly vulnerable to cyber attacks.
At the same time, many commercial banking clients fell victim to the Dyre and Dridex Trojans, which were responsible for a large number of multi-million dollar heists targeting enterprises last year.
Government - four
With news reports of a number of high-visibility breaches—including one in the US that exposed millions of employee records containing non-expiring data such as social security numbers, place of birth and even digitized fingerprints.
In early 2015, more than 50 million Turkish citizens found themselves at risk for identity theft when their national identity information was leaked from a government database. And more than a million Japanese citizens were exposed when employees at the pension service were tricked into opening a malicious email attachment that resulted in a data breach of sensitive, private information.
Transport - five
It includes everything from airlines, bus, subway and commuter rail lines to overland freight lines and overseas container ships that transport goods all around the globe. In many ways, this industry serves as the backbone of world trade, since without it, global economies could easily collapse. Politically motivated cyber criminals regularly attempt to bring the transportation industry to its knees in order to produce mass chaos scenarios.
And the causes
Unauthorized access is now the leading cause of incidents (45%) followed by malware (29%) and sustained probe/scan (16%). Business ‘insiders’ were responsible for 60% of attacks – 44.5% of those were malicious and 15.5% were ‘inadvertent actors’.
IBM says that organisations of all sizes are at risk – no exceptions. Business needs to set risk tolerances and put in place proactive security plans including supporting a culture of security awareness. And remember trust no one.
