In February 2018, the Under Armour hack turned out to be one of the biggest data breaches in history, affecting over 150,000,000 users. The sheer number of victims made it, at the time, a record-breaking data theft, but what’s really disturbing about this incident? The type of private data was compromised as a result of that breach: private fitness records that include user’s health, performance, and location. It seems that the famous expression “information wants to be free” is taken by hackers too literally.
It’s hard to imagine that hacking a personal fitness company would make it into the hall of fame. But even if a user’s heart rate becomes vulnerable to a data breach, what about the more serious personal information that clients provide to various organizations?
There is not an industry sector safe from data breach nowadays. Let’s look if your company is within one of the most vulnerable industries.
The healthcare industry is being targeted at a higher rate than any other, suffering at least one incident a day. Electronic health records contain valuable information, as a patient’s file typically includes a credit card number, medical insurance number, biometric data, and other personal information. All these sensitive data can be abused to obtain health benefits like Medicare, Medicaid, or prescription medication. Healthcare is the only industry that is more vulnerable from inside than from outside. More than half of incidents happened involved insiders motivated either by financial gains, convenience (storing sensitive files on unapproved media), or curiosity (snooping on a family member or celebrity).
With hospitals accounting for approximately 30 percent of all healthcare data breaches, their computers continue to be easy targets because they contain a wealth of information, including patient charts, nursing reports, and referral letters.
With 24 percent of all 2018 data breaches happened in medical organizations, almost one in eight Americans have had their patient records compromised. Misconfigurations, disposal errors, omissions, programming errors, and data entry errors are among the top reasons for a data breach in healthcare.
The accommodation also has been consistently cited as being one of the most vulnerable to data breaches accounting for 15 percent of all breaches happened in 2018. This sector of the hospitality industry constantly collects information about their customers, when they book online, check-in, or get notifications. Coupled with public Wi-Fi networks and smartphone key cards, these interconnectivity places are vulnerable to serious data breaches.
In addition to credit card numbers that can only be used until they get expired, hotels gather other personal customer information that can be compromised by sophisticated intruders. This personal data can be abused to impersonate individuals or to break into their bank accounts.
Most of the breaches in accommodations happen because of third-party vendors. Third parties provide various services to hotels, but the hospitality is particularly reliant to check their cybersecurity policies. While subcontractors are better equipped to provide specialized services, in most cases, they gain unlimited access to information collected by hotels: credit card numbers, reservations, payroll, human resources, and so on. Unfortunately, many hotels in the accommodations industry haven’t fully recognized the need to monitor third parties yet.
Huazhu Hotels, the Chinese largest hotel chain that has several thousand properties, has recently suffered from a data breach that could be named the largest one so far in the hospitality industry, affecting 130 million customers. The breach is believed to have come from an insider who published an internal database on GitHub.
While highly publicized breaches of well-known corporations dominate in the news on a regular basis, the public sector also has its share of vulnerabilities in cybersecurity. In fact, the US government experiences the highest number of attacks compared to other countries. But lack of funding and budget cuts prevent the government from effectively defending itself against hackers. Not only are so many agencies open to attack, but very few of them have visibility into their systems to effectively detect data breach attempts. Thus, more than a third of incidents remain without a response, meaning that the relevant agency may never determine how the attack was perpetrated.
Cyber-espionage continues to be the biggest issue for the public sector, with nation-state related attackers accounting for over half of all incidents. Privilege misuse and insider error are responsible for a third of breaches. Phishing attacks, backdoors, or C2 channels are among the most commonly used in espionage-related attacks.
Personal information and state secrets are the two types of data that make the public sector so attractive to cybercriminals.
Larceny has always been an issue for retailers, but now digital thieves aim to steal retailers’ most valuable possession – their customer’s credit card data. It can be compromised anonymously, and because all financial transactions are now fast and convenient, the cash can be quickly skimmed out of bank accounts.
Several factors are driving the boost in data breaches. The retail sector often keeps customers’ data in the cloud in plain text. Increased reliance on outside third-party contractors, from software to infrastructure services, also contributes to the rise of breaches.
Companies whose business activity require their online presence continue to be targeted by DoS attacks, while payment card skimmers persist to be an issue for physical stores. Web application attacks continue to be the problem with some of well-known input validation vulnerabilities being the leading cause.
The last year’s breach at Equifax affected over 100 million people showing that the finance industry continues to be a prime target for hackers. Financial services companies are being hit mostly because that’s where the money is. And while they are getting better at defending against ordinary attacks, they face more sophisticated threats as a result.
Most of the incidents involve web app attacks that are difficult to detect since millions of legitimate users visit them every day. Besides, identifying malicious activity is hard in the noise especially if attacks are carried out over time and done through multiple proxy servers.
A possible attack surface in the financial industry increases significantly as more financial organizations turn to third parties to handle internal processes, move to the cloud, and use more channels to interact with customers.
With ATM jackpotting being the leading form of physical access tampering, the web application authentication tools, malware, and privilege misuse count among the top 5 attack patterns.
Every day, the threats to expose the company data continue to evolve by leaps and bounds. Irrespective of industry, the large portion of data breaches occurred in 2018 can be traced to insiders one way or another. Despite the fact that attempts to combat the threats are mainly reactionary, there are few ways to mitigate an insider-related portion of security risks.
Continuous user activity monitoring and access management are some of the most effective ways to both protect your organization and minimize the potential impact of a data breach.