There is an uncanny resemblance between data breaches and being robbed on the street- they both rip you off and are very real. Data breaches not only lead to financial losses, but loss of clients, their reputation, and of course customer data.
The most common stolen data is financial, health, and government information, which in hindsight determines the most vulnerable industries to data breaches. There is an ongoing worldwide argument about the top industries in the greatest danger of a #databreach, and most commonly include:
- Healthcare
- Travel & Tourism
- The Public Sector
- Retail
- Finance
Healthcare
Almost one in eight patients at some point in time have had their medical information exposed. Money is the driving force for hackers to breach healthcare and research institutions.
Stolen records can be used to gain unauthorized access to medical programs, research, or get prescription medications.
Healthcare organizations tend to suffer from insider threats more than organizations in any other sector. Most threat actors in healthcare organizations come from inside, and the most common cause of leaks is human error.
Inaccurate actions by employees can lead to data leaking seven times more often than in other industries at risk of cyber-attacks.
Travel & Tourism
The tourism industry is huge. Hotels collect payment information and private data from customers. Yet they tend to invest a limited amount of resources in computer security and user-based risk mitigation systems.
Sensitive data ends up being easily accessible to hotel employees and third-party vendors. Another disturbing fact is that 96% of all accommodation breaches are not discovered for months after the incident.
Usually, a hotel becomes aware of an incident due to a law enforcement investigation. The most typical source of this threat is a third-party organization with access to a hotel’s database.
These insiders tend to have complete access to the information stored in a hotel system. Unprotected credit card data, potential financial gain, and absence of monitoring are alluring.
Public Sector
Government data ends up stolen because of espionage or financial gain. Some people attack government databases just for fun – we have all heard stories about that. The situation is getting worse because of the lack of investment in cybersecurity.
Complex security and monitoring systems are not budgeted for, are not prioritized, or are seen to slow down the system.
Retail
Trade has always been subject to fraud. Retailers often suffer from DoS attacks on their websites and card skimmers in their stores. This industry is similar to accommodation – the root cause of data breaches are low-security standards. Retailers rely on third-party organizations to provide security services or don’t bother with it at all.
During the past year, 50% of US retailers experienced a data breach. Often, retailers don’t give due regard to storing and monitoring payment data.
That’s why hackers have no problem obtaining customer credit card data. And thanks to fast payment procedures, they can skim stolen money from bank accounts.
This makes detecting incidents and cutting losses harder.
One of the most famous data breaches in retail happened because safety rules were disregard. The Target retail chain was attacked on Thanksgiving 2013 – the busiest time for any retailer.
Hackers accessed a third-party vendor’s payment card readers, acquiring contact and credit card data of 110 million customers.
Finance
Financial organizations focus extensively on implementing security best practices, which are required by numerous industry standards. Banks are constantly under threat: financial services companies are breached 300 times more frequently than companies in any other industry.
And in order to penetrate a bank security system, hackers use much more elaborate methods.
Most breach attempts include web application attacks. It’s especially hard to detect and neutralize these attacks because millions of clients use these apps simultaneously.
Data breach threats pursue financial organizations in the real world as well: crooks install skimmers and card traps on ATMs or simply steal machines.
One of the most alarming data breaches in the financial sector happened to Dow Jones. More than 2.4 million records of this company were exposed in March 2019.
A third party leaked the data to a public server. The records contained Dow Jones watchlist of risky individuals and businesses. A lot of companies used it for risk assessment and work planning.
Conclusion
Any company possessing sensitive data is under threat of being breached. The risk is especially high if your company belongs to one of the industries most exposed to data breaches.
A good part of data breaches can be traced to insider activity. Whether it’s human error, privilege misuse, or credential theft, you can control such risks.
*Sources: Verizon 2019 Data Breach Investigations Report. 2018 Thales Data Threat Report.
