Hackers Are Aggressively Targeting these Industries—Are You Safe?

Each year cybersecurity experts rank the industries facing the greatest number of cyberattacks. But it’s important to remember that all businesses are viable targets. Matthew Hodson, CIO of Valeo Networks, discusses the threat and offers tips on how to prepare.

Whenever I read one of those news stories listing the industries under the highest levels of threats from cybercriminals, I have a concern that’s probably different from most readers. What’s happening to those industries is, of course, horrible. But my bigger fear is that businesses in industries that don’t appear on the hacker-favorite list—particularly smaller companies without much in-house IT experience—might view these stories as evidence that they can let down their cyber guard.

They shouldn’t. 

As a longtime cybersecurity professional whose company has worked with hundreds of organizations, I can tell you from firsthand experience that every business, of every size, in every industry, has something that cybercriminals want. I’ll explain what I mean below.

Then I’ll suggest a few steps your organization can take to fortify your digital infrastructure and protect your company data—whether you’re the top industry for hackers this year or not even on the list.

What Hackers’ Favorite Industries Have in Common

According to IBM Security’s 2022 X-Force Threat Intelligence IndexOpens a new window , these were the seven most-targeted industries of 2021:

1.     Manufacturing
2.     Finance and insurance
3.     Professional services
4.     Energy
5.     Retail and wholesale
6.     Healthcare
7.     Transportation

This list represents a lot of diversity in terms of the type of work, the sophistication levels of the organizations’ IT environments, and the contents of the data they all produce and store. But the common thread uniting all of these industries—as well as government, education, and media, which round out IBM’s top 10—is that cybercriminals have found ways to monetize all of these companies’ data after stealing it. Just a few examples:

• Finance and healthcare organizations maintain vast amounts of the most personal and sensitive data on their customers – data that hackers can reliably and quickly sell on the dark web.

• Manufacturers and transportation companies maintain relationships with numerous suppliers, subcontractors, and other vendors – and IBM says many of these hacks were designed to infiltrate the companies’ systems and redirect payments meant for partners into accounts under the cybercriminals’ control.

• And, of course, all of these organizations depend on their data and digital systems to maintain their daily operations, which is why ransomware remains one of hackers’ preferred strategies because they can simply lock a company out of its data and make a quick payout ransoming it back.

Cybercriminals Could Profit from Your Data 

Given how many innovative methods cybercriminals have found to monetize corporate data, you can see why the types of data you maintain really doesn’t matter. All that matters is whether cybercriminals can find a way to turn that data into cash (or crypto currency).

Ask yourself:

1. Does our company collect and maintain personal data on our customers? Addresses, phone numbers, dates of birth, or credit card information, for example?
2. Do we maintain mission-critical data that—regardless of its value to thieves in some underground criminal marketplace—we can’t afford to lose, even temporarily, because it would hurt our business operations?

If the answer to either question is yes—and of course it is—then you need to implement cybersecurity measures similar in principle (if not in scope) to those top-targeted businesses using.

But before we discuss those measures, I want to dispel another dangerous myth I hear repeatedly. Many companies think their small size will protect them from cyberattacks because the hackers are busy going after the big-fish Fortune 500 firms and other household-name corporations. Unfortunately, the opposite is true.

According to research reported in a 2022 Forbes story, small businesses are three times more likely to be targeted by cybercriminalsOpens a new window than larger organizations.

Now that we’ve discussed the bad news—neither your industry nor your company’s size will protect you from cybercriminals—let’s get to the good news. You can take steps to secure your data and make your digital infrastructure far more difficult to infiltrate.

Below are some suggestions.

See More: How To Stop Network Switches From Becoming a Gateway for Hackers

How to Fortify Your Data Against a Cyberattack

This list could include hundreds of individual steps, processes, tools, and best practices. So I’ll limit my advice to the very basic first few steps you’ll want to take. Think of this as a jumping-off point for your team’s broader cybersecurity initiative.

1. Educate your staff

One of cybercriminals’ favorite tactics for infiltrating a corporate system—because it has proven so successful—is to manipulate an unsuspecting employee into taking some action. 

Common examples include embedding malicious code into a link or attachment in an email message and convincing the recipient to click on it.

The many tactics like these, collectively known as “social engineering,” account for most cyberattacks. So it stands to reason that teaching your employees the basics—starting with not opening attachments from senders or domains they don’t recognize—will go a long way toward lowering your company’s vulnerability to successful data breaches.

2. Keep your digital systems up to date

Like all forms of crime, cybercrime plays out as a cat-and-mouse game between bad actors and their victims. Hackers find a way to exploit a digital network or application, and the makers of that solution update it to close the vulnerability. Then hackers sniff around until they find a new weakness in the system, and the process repeats.

If your company isn’t continuously monitoring for updates to every component of your digital environment—workflow apps, operating systems, servers, mobile devices, etc.—you could miss one of these updates, leaving open whatever hole the cybercriminals found.

This is just an entry-level cybersecurity-101 strategy. But many companies miss it—particularly because the typical organization might have employees using hundreds of applications every day to do their work. Keeping track of that massive digital infrastructure can seem overwhelming.

And yes, monitoring your entire IT environment for updates, fixes, and patches could be time-consuming. But failing to do so could be… well, the beginning of the story you later tell about how your company was hacked. 

3. Enlist a team of experts to watch your back 

As I noted above, this list of cybersecurity best practices could run hundreds of items long and include tips such as:

• Employ multifactor authentication
• Apply encryption to all of your corporate communications and data at rest
• Develop and implement a plan to oversee and protect all mobile devices
• Deploy firewall security for your corporate environment
• Roll out an offsite cloud backup and disaster recovery infrastructure
• Create and enforce rules regarding employees’ password strength and updates

And on and on.

Outsourcing Your Worries

But if your company doesn’t have the in-house expertise or IT resources for this complex project, just reviewing the vendors and solutions for each of these security tactics could take more time than you can afford to devote to it.

The simplest, most effective – and most affordable – way to fortify your company’s cyber defenses is to partner with an organization that builds and oversees these environments for businesses every day.

My advice: Find a Managed Security Service Provider (MSSP) with a proven reputation for securing the most at-risk organizations’ data – and turn this complicated cybersecurity project over to them.

Are you a top hacker target? Share your insights into how to build a smarter defense on FacebookOpens a new window , TwitterOpens a new window , and LinkedInOpens a new window .

MORE ON HACKING: 

• Top 10 Ethical Hacking Certifications in 2022
• How Hackers Hack and the Tools They Use
• An Ethical Hacker’s Guide to External Attack Surface Management

Image Source: Shutterstock