Threat actors continue to emphasize accessing and stealing valuable data from companies as the end goal of their cyberattacks. The methods for achieving this goal vary widely, and one of the most interesting ways they vary is across different industries. This article leverages information from the 2023 Verizon Data Breach Investigations Report (DBIR) to delve into data breaches by industry and uncover some valuable insights.
As a reminder, there are three common motivations for accessing or stealing sensitive data:
Financial gain is by far the most common of these motivations. The 2023 DBIR reflects this with its finding that economic motives drove 94.6% of reported breaches. Whatever the reason, each industry has unique nuances, attack surfaces and infrastructure that dictate the tactics deployed by data-grabbing cybercriminals. Here’s a closer examination of the different trends occurring among these data breaches by industry.
Data breaches keep plaguing the healthcare industry with greedy and morally repugnant threat actors prizing sensitive, protected health information (PHI). Early 2023 saw a severe data breach hit several California-based Regal Medical Groups with a ransomware attack that exposed PHI belonging to 3.3 million people. Demonstrating the extent hackers will go to when targeting healthcare, a U.S. cancer center was struck by ransomware in June 2023, which took systems offline and impacted patient care.
These incidents reflect the DBIR’s finding that the healthcare industry is under siege from ransomware attacks. Financial motives represent a whopping 98 percent of breaches in healthcare.
Another interesting trend was the prevalence of human error in causing healthcare data breaches. This trend points to healthcare facilities being slow to adopt digital transformation fully. There is a lack of training in how and where PHI should flow, indicating a pressing need for greater employee training and awareness around security and compliance with regulations like HIPAA.
The most significant data breach ever to hit an Australian financial institution occurred in 2023. Latitude Financial saw a ransomware gang steal 14 million customer records, including driver’s license numbers, passport numbers and financial statements. It’s perhaps unsurprising that the data held by financial institutions is also highly prized by adversaries.
Interestingly, it’s not ransomware or system intrusions that top the reasons for data breaches in the 2023 DBIR. That “accolade” goes to basic web application attacks, including credential stuffing, password brute-forcing and scanning for obvious vulnerabilities. This interesting finding may indicate poor password hygiene and ineffective patch management for web apps used in the financial sector.
In terms of mitigation, properly configured multifactor authentication goes a long way and should be mandatory for apps in the financial sector. Staying on top of user accounts and disabling accounts for inactive users is also imperative. Lastly, ensure continuous patch management and try to automate the web app patching process or have an external company manage it for you wherever possible.
Manufacturing is so vital that CISA regards manufacturing specific processes and products as a critical sector crucial to the economic prosperity and continuity of the United States. Financially motivated threat actors again play an outsized role in cyberattacks on this sector.
System intrusion, often via exploiting security weaknesses in operational technologies to install malware, remains dominant in manufacturing data breaches. Social engineering is also effective in this sector, with psychological manipulation being a proximal cause, comprising 23% of analyzed breaches. It’s essential to be extra cautious of denial of service (DoS) attacks in this industry because cybercriminals know manufacturers can’t afford operational downtime.
As for suggested security improvements, tightly controlling and restricting traffic between operational and information technology systems is crucial. Anomaly detection and redundancy in network resources are also helpful in reducing the risk of extended downtime from DoS attacks.
Professional services include law firms, accounting and other business services, many of which help other elements and sectors of the economy function. Basic web application attacks and social engineering also feature prominently in this sector’s breaches, with email- and desktop-sharing software hit hard.
Threat actors probably deploy these methods because it’s easy to conduct reconnaissance and find tons of useful information for social engineering attacks on professional services employees and owners. Professionals in these types of companies need a strong presence on websites and social networking platforms like LinkedIn.
Security training and awareness programs are likely less of a priority compared to large enterprises. People are then left vulnerable to the poor password practices many of us use by default. The basic nature of these attacks also leaves room for quick improvement with stronger authentication to mail apps and improve advance security awareness for staff via newsletters, flyers and noticeboards.
Nuspire’s team of experienced security professionals provides businesses with industry-specific knowledge for strengthening cyber defenses. Whether it’s 24x7x365 monitoring or threat response and remediation runbooks tailored to your sector, our managed security services protect companies in various industries.