Cyber threats are growing rapidly, and the opportunities malicious actors have to exploit vulnerabilities and the overall attack surface has increased over the last few years. Over the 2020-21 financial year the ACSC received over 67500 cybercrime reports, with them categorising a higher proportion of cybersecurity incidents as ‘substantial’ in impact.
As discovered by the ACSC, no sector or industry of the Australian economy was immune from the impacts of cybercrime. Criminals and state actors over the 2020-21 financial year targeted government agencies at all levels, large organisations, critical infrastructure providers, small to medium enterprises, and families and individuals. So how does your business prepare for cyber threats in your industry?
This article aims to explore the major cyber threats for three key industries and how organisations can go about safeguarding their information security.
The healthcare industry is a prime target for cybercriminals, due to factors like negligible cybersecurity measures, the storage of high amounts of personably identifiable information, and reliance on maintaining business continuity. To make matters worse the COVID-19 pandemic has made the healthcare industry even more vulnerable to data breaches and cyberattacks. According to IBM’s ‘Cost of a data breach report 2021’ for 11 consecutive years, the healthcare industry is paying the most for data breaches. The average cost increased by 29.3% from $7.13 million in 2020 to $9.23 million in 2021.
Below are three key cyber threats to look out for, for businesses in the healthcare industry:
Phishing is quickly becoming one of the biggest attack vectors in the healthcare industry, most phishing attacks are carried out when a malicious hacker infects an ordinary-looking email with links containing malicious code. Phishing attacks are designed to either gain access to valuable PHI or protected health information or as a means of delivering ransomware. PHI is extremely lucrative to cybercriminals as when obtained it can be used to create false identities or commit fraud.
Organisations in healthcare should invest in regular phishing simulations and other security training and awareness programs to ensure that their employees can easily identify and avoid phishing attempts. Web filters can also be used to protect healthcare data from phishing attacks through the use of blacklists, category filters and keyword filters.
Cybercriminals understand how critical it is for the healthcare sector to maintain business continuity. Ransomware can lockdown the entirety of a healthcare facility’s network, for example encrypting vital patient files containing their medical history needed for treatment. Once installed cybercriminals demand significant ransoms for the encrypted files to be unlocked, threatening to make the sensitive files public if a ransom isn’t paid within a certain time.
The best recovery method for a ransomware attack is a regular offline backup made to an external storage device and a backup in the cloud. Backing up and checking that backups restore your files offers peace of mind. Healthcare businesses can also protect themselves from ransomware by turning on automatic updates, and ensuring that their devices and software are up to date with the latest security patches. Cybercriminals tend to exploit known weaknesses to gain entry to critical infrastructure, by ensuring that your system is updated, these vulnerabilities can be patched.
3. Data breaches
The healthcare industry suffers a disproportionally large amount of data breaches compared to other industries, this can be attributed to poor implementation of security controls. Due to the high amount of valuable data being stored in the healthcare industry, cybercriminals take advantage of these gaps in security to gain access to systems and networks, before either encrypting or stealing sensitive data.
Along with upgrading their overall cybersecurity, organisations in healthcare should implement appropriate monitoring and detection, to ensure that any suspicious activity can be flagged and dealt with.
Organisations in the financial sector, fall prey to cybercriminals on a more frequent basis than businesses in other industries. For example, banks are where the money is and also contain large amounts of customer data, because of this malicious actors have several ways in which they can make a profit, whether that be through fraud, extortion or theft. According to a study by Varonis, financial breaches account for 10 percent of all attacks, with IBM reporting that the average cost of a financial services data breach is $5.85 million. Nation-states and hacktivists also choose to target the financial sector to gain political and ideological leverage.
Below are three main cyber threats that businesses in the finance industry need to be prepared for:
Like in healthcare, ransomware poses a great risk to businesses in the financial sector, the large amounts of valuable customer information and money they possess make them ideal targets for ransomware attacks. The threat of divulging this data on the dark web, and the associated reputational damage, forces many business in the financial sector to pay their ransoms. With business in the financial sector digitising their services their attack surface is steadily growing, hence providing malicious actors with multiple entry points into critical infrastructure. Cybercriminals who used to encrypt files and promise a decryption key in exchange for a ransom payment, have now started to also exfiltrate data, threatening to expose it if a ransom is not paid on time. Ransomware attacks can have a massive impact on financial firms, including business downtime, revenue loss, reputational loss, data loss, and public release of sensitive information.
One of the main ways criminals gain entry to an organisation’s network is through email. A combination of human error and lacklustre email technology creates a gap for a malicious actor to exploit. By using machine-intelligent programs to flag and block suspicious emails, financial services organizations can considerably bolster this key area of vulnerability.
2. DDoS Attacks
Malicious actors make the use of Distributed Denial of Service attacks to overwhelm a target server or website to the point that it crashes, by flooding it with traffic. Cybercriminals generate attack traffic from various compromised computer systems, including computers and other network-connected devices.
As discovered by Akamai, DDoS attacks in the financial sector increased by 93 per cent between 2018 and 2020. Similar to ransomware, but more effective, DDoS attacks interrupt operations of a business, which for businesses in the financial sector can lead to significant financial loss. For example, customers who rely on a financial institution’s website or mobile application to get their access their account, may not be able to during a successful DDoS attack. The obvious reputational damage in the event that this happens can be irreversible.
Network security is a key method to safeguarding your business from a DDoS attack. As an attack only has an impact if a hacker has enough time to pile up requests, the ability to identify and put a stop to a DDoS attack early is crucial in mitigating it’s impact. Firewalls and intrusion detection systems are examples of network security that when implemented can heighten your defenses against DDoS attacks.
According to Akamai's 2019 State of the Internet report, almost 50% of observed phishing attacks were linked to the financial services sector. Phishing, a variant of social engineering, is a method of tricking users into divulging login credentials to gain access to an internal network. Phishing is typically carried out via email, however in the financial industry, we see cyber criminals creating fake versions of official bank websites and log in pages to trick unsuspecting individuals into divulging their credentials. Cybercriminals cause significant financial and reputational damage after acquiring user credentials in this method.
An effective method to prevent phishing attacks from being effective is by using multi factor authentication, Implementing multi-factor authentication such as two-factor authentication, which needs another factor other than username and password to enable access, can increase the chances of preventing a cyber attack.
Cybercriminals do not discriminate, regardless of size, type or industry, businesses in Australia and around the world are under threat from cybercriminals. For the more than 2 million Australian small businesses the actions of cyber criminals can be devastating, leaving their businesses unable to recover. Small to medium businesses operate in a different environment compared to larger enterprises, with 97% of Australian businesses having less than 20 staff. With limited resources, many of these businesses lack the resources, skills and experience to maintain a high level of cybersecurity.
Below are the main cyberthreats small businesses need to be on the lookout for:
1. Insider Threats
According to the IBM Cyber Security Intelligence Index Report, 95% of data breaches or cyber attacks are mainly caused by human error. Humans are the weakest link in your cybersecurity, although this is true amongst all sizes of businesses, small businesses typically overlook cybersecurity training and awareness programs as well strong policies around data encryption, password management and privileged access. There have been many instances where employees have unknowingly clicked on phishing links, left USB storage devices containing sensitive data in the open, or used simple and weak passwords across multiple accounts, which have lead to data breaches or cyber attacks.
Apart from negligence or carelessness Insider threats can also be a risk to an organization that is caused by the actions of employees, former employees, business contractors or associates. In small businesses a single employee usually has access to multiple accounts that hold extensive amounts of data, if privileged access is not managed appropriately they can case harmful effects through greed or malice. Therefore it is essential that when offboarded, all of their access needs to be revoked.
Cybercriminals do not discriminate, they target all businesses regardless of size, type or industry, SME’s need to prioritise their cybersecurity to protect and safeguard their information security.
2. Social Engineering
Social Engineering is the process of hackers manipulating human psychology rather than utilising technical hacking tools to breach your organisation’s data and systems. Hackers psychologically manipulate employees to perform certain actions for them or divulge confidential information. For example: instead of exploiting a vulnerability in an organisation’s system to gain access to data, a hacker may pose as a technician trying to help, but instead is trying to trick a target into divulging his or her confidential data, such as login credentials. Phishing, whaling, business email compromise, tail gating and quid pro quo are all examples of types social engineering.
Social engineering attacks are getting more and more sophisticated, with the rise of social media it is becoming much easier for malicious hackers to gain personally identifiable information that makes their attacks more convincing. For example, cybercriminals can use the information they find to pose as your manager or boss, to trick you into divulging sensitive information or clicking on a link containing malicious code. As discovered by the ACSC, in the 2020–21 financial year, the average loss per successful Business Email Compromise (BEC) event increased to more than $50,600 (AUD) – over one-and-a-half times higher than the previous financial year.
Social engineering is a predominant way for cybercriminals to deliver malware or ransomware onto a system or network, allowing them to orchestrate additional cyberattacks or exfiltrate data while remaining hidden. It is vital that your organisation sensitises your teams to the different types of social engineering techniques used by cybercriminals so they can identify and prevent any social engineering attempts. Implementing 24/7 monitoring and detection can also help identify any suspicious activity on your network or systems, identifying a cyber threat before it eventuates can greatly reduce its impact.
How can StickmanCyber help?