[BreachExchange] Where Data Breaches Happen the Most and Why

Destry Winant destry at riskbasedsecurity.com
Thu Jun 20 10:11:34 EDT 2019


http://complianceandethics.org/where-data-breaches-happen-the-most-and-why/

Data could very well be considered a currency in today’s world, as
various industries rely on cloud systems to store their assets and
clients’ information. This recent trend is one of the reasons why data
breaches are becoming more common. Companies which have yet to protect
themselves need to take utmost caution.

Now:

Although attackers no longer discriminate when it comes to the brands
they target, there are a few industries where data breaches are more
common. Obviously, these industries hold more valuable data than some
of the others. Firms that are a part of the industries below should
begin to take the necessary steps to protect themselves and, most
importantly, their clients.

Retail

It should come as no surprise that the retail industry is a major
target for hackers. Their databases are a treasure trove filled with
crucial information such as names, addresses, emails, and most
importantly, bank account numbers. Just last year, online retailing
giant Amazon was struck with a data breach a few days before the
highly anticipated Black Friday sale. The attack compromised the names
and emails of the company’s clients.

Luckily, the data breach was only a minor mishap caused by a technical
issue. Amazon later assured its customers they had nothing to be
worried about and did not even need to change their passwords. The
attack took a huge toll on Amazon’s reputation. At the time, the
company became subject to criticism despite the low-threat level of
the attack.

Financial Services

Another favorite among cybercriminals is the financial services sector
which includes banks, investment firms, and insurance companies. The
reason why cybercriminals favor the financial services industry is
pretty obvious. Their cloud systems and servers are chock-full of data
which could be directly used to steal money.

Now:

The attacks on the sector are steadily growing well into 2019.
According to a report by UK firm Financial Conduct Authority (CFA),
the frequency of attacks on the industry went up by a whopping 480% in
2018. For a clearer picture, there were 145 reported attacks last
year, compared to 25 in 2017.

The research adds that cybercriminals believe the financial services
sector has weaker defenses compared to other industries. To top it all
off, the payoff is significantly better if an attack is successful.

Healthcare

It may sound odd and unlikely, but attacks on the healthcare sector
are also very common. The main driving factor behind the frequency of
attacks is, of course, profit. Whenever we check into a hospital,
we’re asked to provide various crucial data, such as our addresses,
Social Security numbers, next of kin names and phone numbers, contact
details, and more. If we use the services of a healthcare firm, it’ll
have access to our financial details as well.

Check this out:

What makes the healthcare sector different from other industries is
the source of the attacks. According to recent data, 56% of data
breaches in the industry are caused by internal threats. To be
precise, they are commonly the result of human error. With that in
mind, healthcare firms should put more resources into proper training
for their employees.

Public Sector/Government Services

Whether for the purposes of financial gain, espionage, or something
else entirely, government services are a common target of attackers.
This sector holds various types of citizen information, including
Social Security numbers, Tax Identification Numbers, addresses,
contact details, and more.

The good thing is:

The government sector is taking greater precaution by investing in IT
security. In time, the valuable data of a nation’s citizens will be
behind impenetrable defenses.

Education

The allure of the education sector to cybercriminals is similar to how
attackers are attracted to the healthcare sector. Like the latter, the
education industry is a treasure trove of personal information that is
lucrative for cybercriminals in many ways. Apart from that, the
education industry is a gateway to identity theft.

Cybercriminals looking to start anew with a different identity could
use compromised data from the education sector. Job opportunities are
possible.

What’s more:

Hackers could easily steal the achievements and rewards of others when
looking for work.

Another reason why educational institutions are susceptible is that
the sector generates a lot of cyber activity. Computers and the
internet are regularly used by students and teachers alike, which
makes attacks easier to carry out.

The Value of Data

Cybercriminals wouldn’t put themselves at risk if the targeted data
was without any value.

In fact:

The private information stolen from firms and servers is often sold on
the black market for varying prices. According to CashShield CEO
Justin Lie, stolen credit cards are worth at least $1 a piece on the
black market. Any additional information that comes bundled with the
data would bump the price up further.

>From a broader perspective, an attack that leaked 1 million credit
cards could be sold on the black market for around $1 million. If
hackers are able to secure more information, they can make several
million more.

However:

It’s not just financial gain that cybercriminals are after. The data
they can gather from various industries could be used to commit
fraudulent crimes. Worse, it could put the lives of those affected in
grave danger.

Since cybercriminals work behind a computer, there’s basically no
chance of them getting hurt. If they are good enough, they’ll remain
undetected forever. Such high rewards and minimal risks will lure any
criminal into going digital. They are also taking advantage of the
fact that not every company is prepared for a data breach just yet, so
they are making their move before the security tightens.

Bottom line:

The time for firms to fully arm their servers and databases with the
proper security they need is now. Data breaches and cyber attacks are
showing no signs of stopping. Companies’ best bet at protecting their
clients and integrity is being prepared and vigilant at all times.


More information about the BreachExchange mailing list