It’s not easy to run a secure business in the modern world. In our technologically connected global community, no industry is immune to potential data breach vulnerabilities, regardless of size or complexity. These vulnerabilities have cost the U.S. economy hundreds of billions of dollars and put the personal information of a great many Americans at risk.
With so many threats out there, how do you know where your organization should focus security efforts? The answer depends on which industry you’re in.
Each industry has unique risk factors, with some being more susceptible than others (especially those in the financial sectors). The Verizon 2016 Data Breach Investigations Report has highlighted where those vulnerabilities are most prevalent for each type of business.
Here are the highly targeted avenues for attack within each industry – so you can better identify where to ramp up your business’ security:
Highest Numbers of Data Breaches
The highest numbers of data breaches (unsurprisingly) occur in industries that rely heavily on the internet, and these trends haven’t changed much over the last two years. As more finance and retail business is conducted online, the risk of data breaches continues to increase.
For these internet-immersed companies, it’s wise to focus efforts on web app security. Here are the industries with the most data breaches:
It’s no surprise that with so much financial information managed online, web apps carry 82% of all financial vulnerabilities – and are the most heavily targeted. The remaining 18% of vulnerabilities in the finance space are split between privilege misuse, card skimmers, and other miscellaneous attacks and errors.
More than any other industry, retail suffers frequently from point of sale data breaches. The point of sale exposures is responsible for over half of all recorded retail vulnerabilities. The remaining 26% can be attributed to web apps. Vulnerabilities in these two facets – web apps and point of sale systems – tend to be the most prevalent susceptibilities across industries.
Accommodation and Education
Industries focused on accommodation are subject to a high percentage of data breaches at the point of sale (95%). Other avenues for cyber threats – like card skimmers, privilege misuse, stolen assets, web apps, errors, and more – account for less than 1% each of all attacks on accommodation businesses.
Data breaches within educational organizations are much more dispersed. In educational organizations, the majority of cyber attacks are focused on web apps (30%), followed by an impressive 27% resulting from miscellaneous errors. The industry sees 17% of cyber attacks in stolen assets, 7% in cyber espionage, and only a small percentage (3%) in privilege misuse.
While only a mere 3% of breaches are attributed to stolen assets, a full 50% of data breaches in entertainment occur via web apps. This is almost matched by the 47% of breaches which occur at the point of sale.
The information sector leans towards web app vulnerabilities, with 57% of cyber attacks attributed to web app related data breaches. Another quarter is attributed to miscellaneous errors. The rest of the industry’s vulnerabilities fall within privilege misuse, espionage, crimeware, and point of sale breaches.
Healthcare has become a hot topic when it comes to information breaches and data security. As for data vulnerabilities, the healthcare industry strays from the common web app focus seen in other industries. In healthcare, 32% of breaches are the result of privilege misuse. After that, 22% come in the form of errors, and 19% of stolen assets. Only 3% of breaches are attributed to vulnerabilities as a result of web apps (which is not to say that you should ignore your mobile app security).
Manufacturing is another sector that doesn’t follow the common web app vulnerability statistics. In this industry, almost half of all data breaches come in the form of cyber-espionage. Other cyber attacks are split almost evenly between web apps and privilege misuse, with a small percentage attributed to point of sale vulnerabilities and crimeware.
The professional industry is subject to a wide and varied array of vulnerabilities, with the majority split between fairly comparable percentages of cyber-espionage, privilege misuse, web apps, and miscellaneous errors.
The public sector suffers from a large number of data breach vulnerabilities (a full 37%) that can be attributed to miscellaneous errors. Other notable vulnerabilities are attributed to crimeware, stolen assets, cyber-espionage, privilege misuse, and web apps.
Prevention is a large part of the equation in keeping your business safe – and knowing where vulnerabilities stem from is half the battle. No organization, large or small, is excluded from the risk of cyber attack. Don’t ignore the seemingly small, general preventative measures; they go a long way towards keeping a business – and its data – secure.
The following practices can help your business prevent potential vulnerabilities:
- Implement a Firewall – A firewall is the first line of defense. Create strong passwords, and disable remote management, to prevent unauthorized attempts to log into the router from the internet.
- Use Strong Unique Passwords – Avoid using common words, or passwords that include the names of family members, pets, teams, relatives, or demographics.
- Restrict Access to Resources – Disable accounts when employees leave the business (as quickly as you can), and change passwords for shared online resources. Ensure any unnecessary access to sensitive business data is immediately removed.
- Configure or Turn Off Remote Desktop Services – Limit remote access to computers, and disable any unnecessary RDP on computers. Only allow remote desktop access to specified IP addresses.
- Educate Staff Members – Train staff on best practices, and educate all employees on how to keep data secure, avoid risky applications and e-mails, and create secure passwords.
- Use Email, SPAM, and Web Filters – Use filters to help spot malicious e-mail. Restrict websites that are not business related, and block access to sites that commonly host malware.
- Perform Updates – Keep applications up to date, and perform all security patches without delay. This is an extremely important part of removing security vulnerabilities.
- Use Antivirus on All Computers – Antivirus keeps networks secure, and checks viruses at the door. Make sure antivirus software is installed on every computer within the organization.
With the right knowledge and data, you can identify the most common, or most probable, cyber threats and boost your data protection in those areas. Industries such as finance and healthcare are at special risk these days, as much of their information is held online, but the numbers show that no industry is excluded from the risk of cyber attack.
In order to run your business successfully, you need to know your industry inside and out – and that includes knowing the most pervasive and relevant threats. Staying aware of where (and how) breaches are most likely to occur, and implementing preventative measures, is critical to keeping your sensitive data safe and secure.