Even when it seems like cybersecurity can’t get any more dire, it continuously does. The most recent Cyberthreat Defense Report found that 77 percent of organizations were victimized by one or more successful cyber attacks in 2018, while “optimism” for avoiding a successful attack in the coming year plunged from 62 percent in 2014 to just 38 percent in 2018.
Breaches occur across industries, but there are a few particularly affected: finance, retail, and healthcare. If your organization is in one of these sectors, you especially need to amp up your data breach prevention and endpoint security in 2019. Here’s a look at the major threats facing these sectors—and how to protect against them.
Protect the financial sector
An Accenture survey revealed that banks experience an average of 85 serious attempted breaches each year, one third of which are successful. Banking institutions are targeted often, because they sit on actual wealth and a goldmine of sensitive, valuable data. Hackers who gain access to banking systems can wreak havoc and make a lot of money along the way.
Financial institutions looking to protect themselves should start by conducting a rigorous security risk assessment, because it’s not always clear where vulnerabilities lie. Additionally, advanced authentication—such as PINs, facial recognition, or biometric identification—is imperative for banks, because hackers are constantly coming up with new ways to steal confidential credentials. Employee education is another must for the sake of preventing the rampant phishing attempts your users will likely encounter.
Finally, you should also focus on endpoint security. All the effort that goes into securing the core network is for nothing if a hacker can get in via an internet-connected device. Financial institutions need to divest themselves from legacy technologies and invest in new ones designed for today’s cybersecurity environment.
Fortify retail organizations
The 2018 Thales Data Threat Report found that 50 percent of retailers have been breached in the past year, and according to Verizon’s 2018 Data Breach Investigations Report, attacks against retailers have gone sharply up.
Like banks, retailers store personal financial information. Moreover, retail in particular is plagued by a wide attack surface for hackers to exploit. Verizon found that most retail data theft came from web application attacks that leveraged poor validation of inputs or stolen credentials.
Social attacks, including financial pretexting and phishing, are also on the rise, with HR departments increasingly targeted by hackers to extract employee wage and tax data, enabling tax fraud and the diversion of tax rebates. These attack vectors highlight the importance of training employees in phishing prevention, as well as enforcement of secure password practices, such as the use of password managers.
As more retailers adapt to e-commerce, website security is key. Cybersecurity firm Shape Security found that 90 percent of online retailers’ login traffic stems from hackers deploying stolen login data. In 2017, 1.4 billion passwords were stolen and leaked, which enabled hackers to use a method called “credential stuffing” to gain access to other online systems. To protect your customers, ensure your websites have built-in protections against false login attempts.
Strengthen security in healthcare
In 2017, the Department of Health and Human Services released a report stating that healthcare cybersecurity is in “critical condition.” The Identity Theft Resource Center (ITRC) documented 374 healthcare breaches compromising 5,141,972 records in 2017. Healthcare organizations are a prime target for hackers, because they possess sensitive, and thus valuable, data. Furthermore, healthcare organizations have largely struggled to transition smoothly to digital systems and are not investing enough in data breach prevention, so they’re seen as low-hanging fruit.
A top issue ITRC identified was the lack of a capable security workforce—three out of four hospitals don’t have a designated security person. Adoption of the Internet of Things is another concern. As tools like telemedicine and smart monitors become more mainstream, endpoint security becomes more essential. One of the contradictions in the healthcare sector is the simultaneous interest in new technologies and reluctance to upgrade existing ones. If a smart monitor sends sensitive patient data to a legacy device, that data is at risk.
Printers are often overlooked as endpoints, but since they’re connected to the internet and store sensitive data, they’re just as vulnerable to attack as any other device. IT professionals can promote data breach prevention by upgrading legacy printer technology and other connected devices to more secure solutions with embedded security features.
As 2018 draws to a close, it’s time to start thinking about how to improve security in 2019. This upcoming year is the perfect opportunity for finance, retail, and healthcare organizations to fine-tune their security strategies, so they can be proactive, rather than reactive, when hackers inevitably come knocking.