Each year cybersecurity experts rank the industries facing the greatest number of cyberattacks. But it’s important to remember that all businesses are viable targets. Matthew Hodson, CIO of Valeo Networks, discusses the threat and offers tips on how to prepare.
Whenever I read one of those news stories listing the industries under the highest levels of threats from cybercriminals, I have a concern that’s probably different from most readers. What’s happening to those industries is, of course, horrible. But my bigger fear is that businesses in industries that don’t appear on the hacker-favorite listâ€”particularly smaller companies without much in-house IT experienceâ€”might view these stories as evidence that they can let down their cyber guard.
As a longtime cybersecurity professional whose company has worked with hundreds of organizations, I can tell you from firsthand experience that every business, of every size, in every industry, has something that cybercriminals want. I’ll explain what I mean below.
Then I’ll suggest a few steps your organization can take to fortify your digital infrastructure and protect your company dataâ€”whether you’re the top industry for hackers this year or not even on the list.
What Hackers’ Favorite Industries Have in Common
According to IBM Security’s 2022 X-Force Threat Intelligence IndexOpens a new window , these were the seven most-targeted industries of 2021:
- Â Â Manufacturing
- Â Â Finance and insurance
- Â Â Professional services
- Â Â Energy
- Â Â Retail and wholesale
- Â Â Healthcare
- Â Â Transportation
This list represents a lot of diversity in terms of the type of work, the sophistication levels of the organizations’ IT environments, and the contents of the data they all produce and store. But the common thread uniting all of these industriesâ€”as well as government, education, and media, which round out IBM’s top 10â€”is that cybercriminals have found ways to monetize all of these companies’ data after stealing it. Just a few examples:
- Finance and healthcare organizations maintain vast amounts of the most personal and sensitive data on their customers â€“ data that hackers can reliably and quickly sell on the dark web.
- Manufacturers and transportation companies maintain relationships with numerous suppliers, subcontractors, and other vendors â€“ and IBM says many of these hacks were designed to infiltrate the companies’ systems and redirect payments meant for partners into accounts under the cybercriminals’ control.
- And, of course, all of these organizations depend on their data and digital systems to maintain their daily operations, which is why ransomware remains one of hackers’ preferred strategies because they can simply lock a company out of its data and make a quick payout ransoming it back.
Cybercriminals Could Profit from Your DataÂ
Given how many innovative methods cybercriminals have found to monetize corporate data, you can see why the types of data you maintain really doesn’t matter. All that matters is whether cybercriminals can find a way to turn that data into cash (or crypto currency).
- Does our company collect and maintain personal data on our customers? Addresses, phone numbers, dates of birth, or credit card information, for example?
- Do we maintain mission-critical data thatâ€”regardless of its value to thieves in some underground criminal marketplaceâ€”we can’t afford to lose, even temporarily, because it would hurt our business operations?
If the answer to either question is yesâ€”and of course it isâ€”then you need to implement cybersecurity measures similar in principle (if not in scope) to those top-targeted businesses using.
But before we discuss those measures, I want to dispel another dangerous myth I hear repeatedly. Many companies think their small size will protect them from cyberattacks because the hackers are busy going after the big-fish Fortune 500 firms and other household-name corporations. Unfortunately, the opposite is true.
According to research reported in a 2022 Forbes story, small businesses are three times more likely to be targeted by cybercriminalsOpens a new window than larger organizations.
Now that we’ve discussed the bad newsâ€”neither your industry nor your company’s size will protect you from cybercriminalsâ€”let’s get to the good news. You can take steps to secure your data and make your digital infrastructure far more difficult to infiltrate.
Below are some suggestions.
How to Fortify Your Data Against a Cyberattack
This list could include hundreds of individual steps, processes, tools, and best practices. So I’ll limit my advice to the very basic first few steps you’ll want to take. Think of this as a jumping-off point for your team’s broader cybersecurity initiative.
1. Educate your staff
One of cybercriminals’ favorite tactics for infiltrating a corporate systemâ€”because it has proven so successfulâ€”is to manipulate an unsuspecting employee into taking some action.Â
Common examples include embedding malicious code into a link or attachment in an email message and convincing the recipient to click on it.
The many tactics like these, collectively known as â€œsocial engineering,â€ account for most cyberattacks. So it stands to reason that teaching your employees the basicsâ€”starting with not opening attachments from senders or domains they don’t recognizeâ€”will go a long way toward lowering your company’s vulnerability to successful data breaches.
2. Keep your digital systems up to date
Like all forms of crime, cybercrime plays out as a cat-and-mouse game between bad actors and their victims. Hackers find a way to exploit a digital network or application, and the makers of that solution update it to close the vulnerability. Then hackers sniff around until they find a new weakness in the system, and the process repeats.
If your company isn’t continuously monitoring for updates to every component of your digital environmentâ€”workflow apps, operating systems, servers, mobile devices, etc.â€”you could miss one of these updates, leaving open whatever hole the cybercriminals found.
This is just an entry-level cybersecurity-101 strategy. But many companies miss itâ€”particularly because the typical organization might have employees using hundreds of applications every day to do their work. Keeping track of that massive digital infrastructure can seem overwhelming.
And yes, monitoring your entire IT environment for updates, fixes, and patches could be time-consuming. But failing to do so could beâ€¦ well, the beginning of the story you later tell about how your company was hacked.Â
3. Enlist a team of experts to watch your backÂ
As I noted above, this list of cybersecurity best practices could run hundreds of items long and include tips such as:
- Employ multifactor authentication
- Apply encryption to all of your corporate communications and data at rest
- Develop and implement a plan to oversee and protect all mobile devices
- Deploy firewall security for your corporate environment
- Roll out an offsite cloud backup and disaster recovery infrastructure
- Create and enforce rules regarding employees’ password strength and updates
And on and on.
Outsourcing Your Worries
But if your company doesn’t have the in-house expertise or IT resources for this complex project, just reviewing the vendors and solutions for each of these security tactics could take more time than you can afford to devote to it.
The simplest, most effective â€“ and most affordable â€“ way to fortify your company’s cyber defenses is to partner with an organization that builds and oversees these environments for businesses every day.
My advice: Find a Managed Security Service Provider (MSSP) with a proven reputation for securing the most at-risk organizations’ data â€“ and turn this complicated cybersecurity project over to them.
MORE ON HACKING:Â
- Top 10 Ethical Hacking Certifications in 2022
- How Hackers Hack and the Tools They Use
- An Ethical Hacker’s Guide to External Attack Surface Management
Image Source: Shutterstock