Unfortunately cybercrime and Internet hacking are widespread, touching every business sector and reminding us how urgent the need is for Internet security. The likelihood of a particular industry being attacked is dependent on the type of attack and the nature of the business in each sector. However, we can easily spot some cyber threat trends among different industries that appear to be more susceptible to different types of attacks.
Below we’ve highlighted some of the cybersecurity and attack trends throughout business industries as a way to keep you knowledgeable and prepared.
Using the Inc.com website to obtain domain names and a free data-gathering service to find publicly available email addresses, an internet security awareness training firm known as KnowBe4 sent out a simulated phishing email to employees at more than 3,500 companies. Individuals who clicked the link were directed to a page that informed them they had just taken part in phishing research. The emails were successfully delivered to about 29,000 recipients at 3,037 businesses. In almost 500 of those companies, one or more employees clicked the link opening up the potential for Internet security breaches among these businesses.
The firm then took the results of the study and categorized the companies affected into 25 industry sectors. According to the results, these are the top 5 phish-prone industries:
- Travel – 25%
- Education – 22.92%
- Financial Services – 22.69%
- Government services – 21.23%
- IT Services – 20.44%
Users in the education sector are twice as likely to visit malicious or compromised websites than any other sector. In addition, they are twice as likely to be impacted by Spyware or Adware. An interesting point to note is that despite the education sectors risky behavior to access compromised websites, the threats they interact with are less likely to descend further down the attack chain. Users in the education sector are likely to visit websites on topics, such as cultural and religious institutions, political organizations, supplements and unregulated compounds, and this behavior also affects the threats they are impacted by. There are multiple factors that have a role to play in terms of which threats impact which victim, and organizations should be aware of the threats affecting other organizations in the same or similar industry to understand what threats their own industry will be faced with.
Financial services firms are hit by security attacks 300 times more frequently than businesses in other industries, with attack patterns changing frequently. The 2015 Industry Drill Down Report points out that attacks against the finance sector surpass those in adjacent industries by 3:1, as cyber-criminals focus on targets they believe will give them the biggest returns. The majority of attacks are focused on attacking data or stealing credentials, and large, low-volume attacks are sent to distract IT while the large, main target attack is prepared and sent.
While some are more vulnerable than others, every industry is prone to attacks. At least 1 billion records of personally identifiable information were released in 2014, which was an increase of 20% from the previous year. It is important for sectors to know the behaviors of their industry and which threats are the most commonly faced so they can be best prepared to handle and recover from attacks.