The 3 Sectors Most Prone to Cyber Attacks
Just like regular crime, cybercrime follows a simple agenda: to reach its goal. If money, fame or influence is the goal, it will always go back to the central purpose of why someone engages with it. Criminals always love to search for “easy targets”, the low hanging fruits on the Internet, the ignorant and gullible users and their practices. Why bother, let alone attempt a crime against a security conscious entity, as there are easier targets waiting for intrusion?
The bottom line, if the sector has more money or holds a lot of personally identifiable user record, but practices ancient security procedures — the better target it will be. In this article, we will discuss some business sectors of our global society today that are frequent targets of cybercriminals and why. This is in the hopes that people will get more educated, and start practicing modern cybersecurity practices without being too conscious, let alone being paranoid about the cost of maintaining credible IT security.
- The Healthcare sector
The healthcare sector suffered a massive blow last year with the WannaCry ransomware and its eventual derivatives. Hospitals are the last business entities that we can consider as IT security-conscious, the policy of “if it ain’t broke, don’t fix it” is how many of the healthcare institution treat their electronic equipment. Proving to this is the fact that many hospitals continue using outdated and highly insecure operating systems for their computer, which include the highly outdated Windows XP. As Windows XP was last officially updated in 2014, its use is highly discouraged by security professionals. Severe bugs in Windows 7 and later probably affects Windows XP too, but Microsoft already stopped issuing updates to the old XP operating system. In this case, all the attacks developed to attack unpatched systems will always be effective against the XP operating system due to its discontinued status.
- The Insurance sector
There is always be money with Insurance sector-entities, and their business operations dictate that money from their covered customers will always recur. As hackers also use the “follow the money” principle, the Insurance sector is a very lucrative target. Phishing attacks through clever social engineering can easily extract information from Insurance firms and in the world of computing today: data = money.
Just like the health sector above, the Insurance sector’s goal is to make money to fund its business operation. Any expenses that deal with acquiring newer computer equipment of upgrading network setup is really an expense that lessens their “money in the bank.” As such, targeting an Insurance firm is a good lead for cybercriminals. They know there is an abundance of money and user records being held by outdated systems, which they can attack for profit.
- Airline and other forms of the transportation sector
The importance of travel is a no-brainer for anybody. People will try to travel, even if they are not earning enough to sustain a high-level lifestyle. And as long as the transportation procedure, equipment and manpower are working as expected, there is nothing more an Airline or transportation company has to wish for. However, such relax stance makes them attractive targets of data breaches. Take a look at the recent data breaches that happened in Cathay Pacific and British Airways, two internally recognized airlines that were recent victims of security breaches. It is not good to be at their situation, as it will take a while to recover consumer confidence.
It is highly recommended that these three business sectors must change their culture in order to become more security-resistant business sectors. A massive change of stance of acquiring a credible cybersecurity defense strategy must happen, to consider it as a long-term investment instead of just being a cost that everyone should get over with. This can never happen overnight, and it requires leadership from the top: the stubbornness of the board of directors and the miscalculated leadership of CEO’s and COO’s.
Kevin Jones951 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others.