[BreachExchange] Top Targeted Industries for Cyber Fraud

Audrey McNeil audrey at riskbasedsecurity.com
Mon Nov 28 18:44:16 EST 2016


http://www.huffingtonpost.com/vicky-law/top-targeted-
industries-f_2_b_13151916.html

In the physical world, criminals are more likely to target a facility that
will give them a suitable reward for the risks they are taking. The same is
true for the digital world. Cyber criminals are drawn to industries that
give them the greatest potential to realize some value for their hacking
efforts.

The common thread that runs through the industries that are most targeted
for cyber fraud is that they are more likely to transact business with
repeat or regular customers, giving them greater access to their customers'
personal information. Industries that have adopted loyalty programs are
particularly vulnerable, and loyalty point theft has grown into a
significant cyber fraud problem.

Below are the top targeted industries for cyber fraud.

Banks and Financial Services Companies

The Society for Worldwide Interbank Financial Telecommunication ("SWIFT")
issued a warning of the high risks that banks face for cyber fraud problems
following an $81 million theft from a Bangladesh central bank account at
the New York Federal Reserve bank earlier in 2016.

SWIFT provides a global messaging platform that is used by 11,000 financial
institutions around the world. Banking assets and the large volume of
personal information regarding depositors will keep banks at the top of the
cyber fraud target list for the near and distant future.

Healthcare

The healthcare industry accounts for one-sixth of all economic activity n
the United States. The U.S Department of Health and Human Services has
estimated that the personal information of at least half of all United
States citizens has been compromised by cyber fraud in the health care
industry, and healthcare remains the number one target for cyber fraud
activity. Health care records include extremely valuable personal
information, including social security numbers, insurance IDs, and credit
card and other payment information.

On the black market, medical records are often an order of magnitude more
valuable than just credit card records alone. Industry efforts and new
regulations have established higher standards for protection of health care
records, but those standards have not yet produced measurable results.

Transportation

Airlines were an early adopter of loyalty point programs, and frequent
fliers have long enjoyed the extra benefits given to travelers who do
repeat business with the same carrier. The transportation industry will
continue to be a growing target as more of its operations are transitioned
into digital environments.

Travelers generally pay less attention to airline loyalty points than they
do to credit cards and bank accounts, making loyalty programs even more
attractive to cybercriminals.

Manufacturing

The complexity of large manufacturing operations creates many weak links
that leave them vulnerable to cyber fraud attacks. In early 2016, for
example, the Austrian airline parts supplier, FACC, reported that it had
lost more than €50 million in a cyber attack involving communication and
information technologies.

In many cases, the attacks on manufacturing companies are simple: busy
manufacturing employees receive requests from sources that appear to be
legitimate to transfer funds in payment for materials or services. Better
employee training may alleviate this problem.

Retailers

Retailing is rising on the list of industries of likely cyber fraud
targets. Retailers' implementation of loyalty programs and the volume of
information that they collect and retain about customers create a strong
motivation for cyber criminals to attack retailers' information systems
networks.

Companies that operate within these targeted industry sectors are focusing
on better employee education and on implementing next-generation loyalty
point theft solutions to control and limit the damage from cyber fraud.

Those solutions provide subscription SaaS programs and other customizable
tools and techniques to help organizations detect a cyber fraud incursion
before significant damage occurs. These solutions are the current
industry-best response to a problem that shows no sign going away any time
soon.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20161128/dfa754c0/attachment.html>


More information about the BreachExchange mailing list