How Vulnerable Is Your Company to Cybersecurity Risks?
The recent statement by President Biden on cybersecurity in the United States forced many organizations to ask about the state of their own cybersecurity. Although President Biden assured his administration will continue to use every tool to prevent, disrupt, and if needed, respond to cyberattacks against critical infrastructure, we know one thing: the federal government cannot defend against this growing threat alone.
How can we, as individuals and companies, protect our businesses from cyberattacks, especially the red alert security threats from Russia amid sanctions? Which industries are at the greatest risk and what can we do to tackle those risks? In this post, we will discuss everything you need to know about the current cybersecurity situation to help you make informed business decisions.
The 4 Industries at the Greatest Risk for Cyberattacks
With more sensitive, private data kept in the cloud than ever before, cybersecurity should be prioritized by any modern business. The industries most vulnerable to cyberattacks are:
1. Critical Infrastructure
According to the Cybersecurity & Infrastructure Security Agency (CISA), there are 16 critical infrastructure sectors whose resources, systems, and networks are considered so vital to the U.S. that their breakdown or destruction would have a devastating effect on national economic security and public health and safety.
One such sector is the energy industry. Energy networks are particularly vulnerable to cyberattacks. Cybercriminals can cause extensive power outages, undermine critical security and defense infrastructure, and threaten millions of citizens. As cyberattackers can gain control, even remotely, they have the ability to access nuclear facilities, power grids, and power generation facilities across the globe.
For example, in 2021, Russian hackers breached computerized equipment operating the largest fuel pipeline in the U.S., causing the Colonial Pipeline Company to shut down its pipeline for six days to contain the attack. The breach triggered fuel shortages and a spike in gas prices on the east coast.
2. High Tech
According to Upguard, technology is the industry most targeted in distributed denial-of-service (DDoS) attacks between 2020 and 2021.
The high-tech sector is often ground zero for cyberattacks. That is because these organizations have very valuable data to be pilfered. Another more subtle reason is the nature of high-tech organizations.
High-tech businesses and their workforces generally have a higher risk appetite than their counterparts in other industries. They tend to be early adopters of new technologies still maturing and are therefore particularly susceptible to attacks and exploits. For instance, employees in high tech are more likely to use cutting-edge mobile devices and the latest apps, which might not be as secure.
Many high-tech organizations have open environments and corporate cultures intentionally encouraging creativity and collaboration, but are more difficult to protect. So high-tech organizations usually have a very large attack surface to defend.
3. Financial
The first half of 2020 saw a 238% increase in cyberattacks targeting financial institutions. In 2021, IBM and the Ponemon Institute reported the average cost of a data breach in the financial sector was $5.72 million. Based on these statistics, if you are in the financial services sector, there is a high chance you will eventually fall victim to a very costly cyberattack.
The biggest cybersecurity threat in the financial industry is malware, which is responsible for almost 75% of all data breaches in this sector. Insider threats have also grown from 2.9% in 2018 to 5.5% today, while accidental disclosures have increased from 14.7% to 18.2%.
4. Healthcare
According to statistics, 17% of cyberattacks in the healthcare sector result in serious patient injury or harm, while nearly 30% disrupt emergency services.
Phishing is the most commonly experienced kind of cyberattack, accounting for an overwhelming 60% of all cases in the healthcare industry. This usually occurs in the form of unsuspicious employees who, by clicking on a harmless-looking email link, give hackers access to their organization’s confidential information.
After network servers, emails are the second-largest source of all healthcare data breaches in the U.S.
Most Common Security Weaknesses and How to Combat
Several incidents prove the human factor is the primary point of attack for cybercriminals. People tend to use one password for everything, which is usually easily discernible to hackers. Authentication is key to securing the workforce. It is important to validate the user’s identity by asking: Are you really you?
The most widely adopted method companies use to verify the user is multi-factor authentication (MFA). It can be either a one-time password (OTP), smart card, biometrics, PIN, SMS, tokens, or FIDO security key.
The National Institute of Security and Technology (NIST) outlines three authentication assurance levels (AAL), which include:
- AAL1 is any single factor authentication.
- AAL2 is any MFA with both “knowledge” and “possession” factors. The possession factor should use a cryptographic technique and can be a software solution, e.g. a smartphone app.
- AAL3 is also MFA, but only a cryptographic hardware authenticator is allowed, such as FIDO.
While most companies today are at AAL1, your company should target to reach AAL3, which is easy to do with a FIDO security key. AAL3 requirements mean the code is within a tamper-proof container so that keys used in the cryptography are destroyed if the device is physically compromised.
Top 3 Most Important Things You Should Know About Cybersecurity
There are three critical things you should know about the current situation of cybersecurity in the U.S.
1. Seriousness of the Threat
There are over 2,200 cyberattacks every day, easily equating to over 800,000 people falling victim to hacking per year. The near-constant rate of hacker attacks on computers with web access is every 39 seconds on average, and the non-secure usernames and passwords most people use give attackers more chance of success.
According to IBM, the year 2021 had the highest average cost of a data breach in 17 years, rising from $3.86 million to $4.24 million.
The bottom line is that cyberattacks are a big deal. They can cause electrical blackouts, failure of military equipment, and breaches of national security secrets. They can also result in the theft of valuable, confidential information, like medical records. These attacks can disrupt phone and computer networks or paralyze systems, making data inaccessible.
2. What Is at Risk
The most vulnerable cyberattack surface is the intellectual property (IP) of a company. IP is the lifeblood of many organizations as it fuels innovation, growth, and differentiation. According to a Deloitte report, IP loss is among the hidden or less visible costs of an attack, along with lost contract revenue, potential devaluation of your company’s trade name, and damaged or lost customer relationships.
The next top risk factor is the personal information of your employees and customers. This includes names, social security numbers, credit cards, or other account data identifying customers or employees. For example, in 2018, over 50,000 people became victims of personal data breaches, depriving them of $2.7 billion.
The third most vulnerable asset is financial and bank information. According to Juniper Research, cybercriminals are expected to steal 33 billion financial records in 2023 alone, an increase of 175% over the 12 billion records compromised in 2018. About 80% of attacks against mobile devices happen via apps, giving hackers direct access to your device. As a result, they can easily access your mobile banking app and initiate multiple levels of cybercrime.
3. Cybersecurity Solutions
The situation is serious and it can cause significant harm to your business. What comes next? It is time to choose the right cybersecurity system for your company. You need to ensure the solution offers the highest level of security available. It should be cost-effective, easy to deploy, and easy to use.
Get Unphishable, Passwordless Cybersecurity
Data breaches are increasing exponentially year after year and they do not appear to be slowing anytime soon. It is important for businesses of any size to take steps to safeguard their systems, either protecting against external threats posed by hackers and cybercriminals or securing against internal threats from in-house user access abuse.
Eliminate the risk of data breaches, phishing, password theft, and replay attacks with hardened multi-factor authentication cybersecurity. Identiv’s unphishable uTrust FIDO2 Security Keys provide a simple, strong authentication experience that eliminates the need for passwords. For more information, call +1 888.809.8880, contact sales@identiv.com, or book a demo.