The many and varied cyber attacks that have thrown the global online universe into a tizzy bring light to the fact that advanced cyber security is now a necessity rather than a consideration. These attacks moved the discussion for the need of cyber security in a company from the offices of the IT department to the board room.
The number of security incidents in India have also been increasing gradually year-on-year. According to data from CERT-In, there were 50,362 cyber security incidents in 2016. In comparison, there were 27,482 incidents in 2017 until June 2017. We have seen several cyber security incidents in 2017 like the Mirai botnet Malware, Petya, data breaches and WannaCry.
Like most things, not all cyber attacks are equal. There are a few industries that are the more vulnerable than others.
Hackers look to gain two things from cyber attacks – political advantage (threats towards a country) and financial fraud, the latter of these being the most common motivation. Their access point then becomes PII. Personally Identifiable Information – PII – records are usually transacted on the dark web, where cyber criminals use the information to commit cyber theft. Bulk PII data is purchased and mined for valuable accounts.
Often, single purchases of PII lead to enhanced access of other personal accounts as passwords that are stolen from one PII data are often used for multiple accounts. Therefore, although it may seem too easy to be true, utilising strong and unique passwords is a must.
Let’s look at some of the industries that are most affected by cyber threats. If you happen to run businesses in any of these industries, you might want to use these measures to safeguard your cyber space.
Healthcare: Marked as a big target for cyber attacks in the last few years, this industry continues to remain the most targeted as the repercussions of a non-functioning network within hospitals and other healthcare facilities is humongous. The most worrisome of these is the potential affect of cyber attacks on internet connected medical devices that are life-sustaining for patients, like pacemakers. An attack could potential interfere with the working of these devices.
Financial Services: While the industry may seem like quite an obvious target – access to investment records, personal savings information, tax records etc – what needs to be kept in mind is that cyber attacks on financial services firms will get more sophisticated as more and more data is now being moved to the cloud. Security vulnerabilities in the financial sector have increased more than 400 percent from 2013, according to cyber security and risk mitigation expert NCC Group. Cyber criminals gaining access to PII data use it to file fraudulent tax returns, directly access funds and credit card information etc. With the entrance of the online wallet, this threat is now intensified as there are now multiple entry points for cyber attacks.
Government agencies: They form the widest reservoir of PII data, given the information they hold on its citizens. These include license records, healthcare information, tax records etc. The data these agencies hold also become a multiple access point to other PII for cyber criminals. Unfortunately, this is also the group that has the least funding for cyber security measures. This makes it a prime and easy target. The worrying aspect is often the intentions behind the cyber attacks on government bodies, given the threat they pose to the safety of a nation.
Businesses: More than ever, businesses are now at stake, as operations and commerce are now online. Credit card fraud has now become easier, as information has become accessible and users are often not educated on the basics of privacy and security online. E-commerce has opened a new and not so cryptic access to hackers looking to exploit both the ignorance of common shoppers and the un-advanced security measure taken by vendors online.
Transportation: The digitalization of the transportation industry has opened a gateway to hackers looking to extract PII data from the millions of consumers that access their services. The sheer volume of cross-industry data that is also accurate and time-relevant makes it an easy target for cyber crime, as this data is often passed along different platforms with not necessarily consistent levels of cyber security. These loop holes often form an access way for hackers.
Every day, the malicious software and hacking ecosystem grows by leaps and bounds. Although efforts to combat the threats are mostly reactionary, there are several steps one can take to mitigate the risk of exposing priceless company data, and safeguard your business in the process. It is important to have a foolproof security plan and meticulously follow up on security measures, to be equipped with both the knowledge and the tools to implement the correct actions to secure company and customer data.
(The writer is Managing Director and Vice President, GoDaddy)