You hear about these large scale data breaches where another big corporation becomes victim to a cyber-attack. While these news stories seem to be popping up more and more these days, the truth is cyber-attacks are happening all the time and have been for a long time. You may be wondering who these attackers are targeting and why? While the why may not always be clear, we can deduce from research data which industries are getting hit the most.
According to Cisco’s 2015 Annual Security Report, the pharmaceutical and chemical industry emerged as the highest risk industry for web malware encounters in 2014. Other verticals in the top five were media and publishing, manufacturing, transportation and shipping, and aviation.
You may be wondering why retail isn’t listed among the top five, given the number of high-profile incidents in recent years (eh hem, Target and Home Depot, to name a couple). A web malware encounter doesn’t mean that a data breach occurred, but rather that a piece of malware was detected and blocked. So, while it’s probably true that the retail industry was hit the hardest last year with actual data breaches, it doesn’t necessarily mean that it was the most targeted. There are a number of factors that make some industries more vulnerable to successful data breaches than others. So, using web malware encounters as a metric gives us a pretty good indication of which industries are being targeted by threats.
The interesting question is why are certain industries more susceptible to malware encounters than others? Is it really because hackers see the information that they can seize from these industries as more valuable than others, or could there be something else going on?
According the Cisco’s report, it seems to be a combination of targeted attacks and careless employee behavior. The way they are able to determine this is by examining the types of attack methods. They found that among the high risk industries, there were more cases of adware, clickfraud, scam, and iframe injections, which are considered to be non-targeted attack methods. Falling victim to these types of attacks is wholly dependent on user interaction.
This means that some of the higher frequency of web malware encounters in high risk industries is coming from their employees’ internet activity. So, it would make sense that certain industries that embrace new media and technologies would be more susceptible to attacks, where as traditional industries where change is slow and internet usage is highly controlled might experience less malicious activity.
That’s not to say that hackers aren’t targeting the high risk industries with sophisticated attack methods. They are, in fact, at a much higher rate than other industries. The key takeaway here is that the frequency of malicious encounters, and thus data breaches, can be significantly reduced with the proper tools and education in place. Mitigate the risk by educating your employees on safe internet behavior and protecting your data.
Find out if your company is at a high risk of experiencing a data breach using our Risk Grader.