The Week in Breach: Every industry is at risk for cybercrime, but is YOUR business more at risk?

Make sure to add us or contact us for the latest news



Are You Prepared for Unexpected Risk Modifiers?


Cybersecurity isn’t a one size fits all proposition. Every organization has unique needs based on the way that they do business. In addition, those needs can be impacted by the prospect of third party and supply chain risk creating complications that must be addressed. Plus regulations regarding compliance, industry standards, legal requirements, general threat intelligence, workforce makeup and a host of other issues can impact the security calculus for companies. Not to mention the value of your data or potential profitability as a ransomware target. But are you certain that you’re taking every risk factor into account when determining the right way forward? There are also a few unexpected variables that add risk modifiers, presenting security obstacles that businesses need to overcome – and they can with a little expert help.


INDUSTRY VARIABLES


Every industry is at risk for cybercrime, but some are just a little bit more imperiled than others. A special focus or added stressor on an industry can cause threat to surge and recede fast as cybercriminals look for ways to maximize their profits. For example, risk increased dramatically for drug companies, laboratories, hospitals and other medical targets in turn during the initial COVID-19 pandemic and race for the vaccine. By the end of that road, even cold storage and transport companies had a turn in the spotlight. some industries are simply more likely targets for cybercrime, and that’s something that needs to be a focus for security planning.

Using the Verizon Data Breach Investigations Report, we gathered data on the 10 most common industries to experience a data breach in 2020 and then broke that down by company size to illustrate how industry variables can impact an organization’s cybersecurity needs.

Industry Total breaches 1 – 1000 1000+ unknown
Public​ 885​ 13​ 30​ 842​
Professional​ 630​  76 ​ 121​ 433​
Healthcare  ​ 472​   32​ 19 ​ 421​
Finance ​ 467 ​ 26 ​ 14 ​ 427​
Information   ​ 381 ​ 35​ 21 ​ 325​
Education   ​ 344​ 17 ​ 13  ​ 314​
Mining   ​ 335 ​ 2 ​ 3 ​ 330​
Manufacturing ​ 270​ 13​ 27​ 230​
Retail 165​ 10​ 19 ​ 136​
Entertainment  ​ 109​ 6​ 1​ 102​

LOCATION VARIABLES


Can a company’s geographic location impact its threat landscape? Yes. Geography is especially likely to impact the motivations of potential threat actors whether they’re internal or external. In these scenarios, we focused on malicious threats to organizations (the top non-malicious threat to cybersecurity is eternally human error). Using data drawn from the Verizon Data Breach Investigations Report, we plotted out the variables that can impact cybersecurity for companies including what types of data attackers want the most in three major regions.

APAC

  • Incidents Examined: 5,255 incidents, 1,495 with confirmed data disclosure ​
  • Top Threats: Social Engineering, Basic Web Application Attacks and Miscellaneous Errors represent 98% of breaches ​
  • Types of Threat Actors: External (95%), Internal (6%)
  • Threat Actor Motives: Financial (96%), Espionage (3%), Fun/Personal (1%)
  • Most Commonly Stolen Data: Credentials (96%), Personal (3%), Other (2%), Corporate Secrets (1%) ​

EMEA

  • Incidents Examined: 5,379 incidents, 293 with confirmed data disclosure ​
  • Top Threats: Basic Web Application Attacks, System Intrusion and Social Engineering patterns represent 83% of breaches ​
  • Types of Threat Actors: External (83%), Internal (18%) ​
  • Threat Actor Motives: Financial (89%), Espionage (8%), Fun/Personal (1%), Grudge (1%)
  • Most Commonly Stolen Data: Credentials (70%), Corporate/Business Internal (52%), Personal (22%), Other (16%)​

North America (US & Canada)

  • Incidents Examined: 13,256 incidents, 1,080 with confirmed data disclosure ​
  • Top Threats: Social Engineering, System Intrusion and Basic Web Application Attacks represent 92% of breaches ​
  • Types of Threat Actors: External (82%), Internal (19%), Multiple (2%), Partner (1%)  ​
  • Threat Actor Motives: Financial (96%), Espionage (3%), Grudge (2%), Fun/Personal (1%)
  • Most Commonly Stolen Data: Credentials (58%), Personal (34%), Other (27%), Internal (11%) ​

Regional differences have a noticeable impact on the threat landscape in different parts of the world. Social engineering continues to be a leader, emerging as the top general threat category faced by companies in North America, Asia and Australia, but for European firms, social engineering clocks in third and the top threat type is actually web application attacks. In North America and the Asia Pacific region including Australia, 96% of the bad actors involved in data breach incidents are looking for just one thing: money. While that is still the largest motivator for bad actors in Europe, that figure drops to 89%. Interestingly, a grudge against the company is the motive behind 2% of the actions of threat actors in data breaches in North America and Europe, but it doesn’t even make the list in Asia.

As an added bonus, We thought you’d enjoy seeing what the top actions were in all the threats that were in the pool for consideration. It’s not a list that packs great surprises. Every one of these actions packs a punch that can send businesses reeling. There may be more than one action that leads to a breach, a fact reflected in the percentages quoted here. This information is also culled from the Verizon Data Breach Investigations Report.

Top Action Types

  1. Phishing (social engineering)                                         40%​
  2. Use of stolen credentials (hacking)                                30%​
  3. Ransomware (malware)                                                  30%​
  4. Misconfiguration (error)                                                 20%​
  5. Brute force (hacking)                                                    >10%

Cybercriminals Are Subject to Location Variables Too


Regional threat probabilities aren’t a one-way street. The industry that a business is in can dramatically impact its risk for phishing. In a recent study on the geographic factors in phishing-based cybercrime conducted by Columbia University, researchers were able to pinpoint the most likely locales in which phishing emails originate. The countries that generate a higher volume of phishing emails (more than 1,000 emails in the dataset) are clustered in just a few regions.

However, some countries had a much higher probability of being the birthplace of a phishing message. Email that had a higher probability of phishing originated from these locales (in descending order):

  • Lithuania
  • Latvia
  • Serbia
  • Ukraine
  • Russia
  • Bahamas
  • Puerto Rico
  • Colombia
  • Iran
  • Palestine
  • Kazakhstan

Very few of the emails that the researchers studied originated in the United States or Canada. The study cited an example that showed that even though 129,369 phishing emails in the dataset were sent from the US, there’s still only a 0.02% probability of receiving a phishing email sent from the US or Canada. The researchers also noted that Great Britain and most of the EU were also unlikely points of origin for phishing messages. Worldwide, most countries had a phishing origin probability of 10% or less.  Further illustrating the necessity of security awareness training that emphasizes phishing resistance, an estimated 1 in 99 emails that a business receives are phishing messages.


How Can You Use This Data to Sell More Security?


Data like this is valuable for several reasons. When planning a cybersecurity strategy, this data can help make sure that unique risks like an abundance of social engineering threats delivered via phishing are figured into the equation in order to tailor defensive measures appropriately and allocate funds accurately. This information is useful when considering a security overhaul, an incident response plan or changes to a security stack. It’s also a great way to start conversations around security and the need for security adjustments while making that need relatable and easy to quantify. Plus, having this knowledge at hand is a great way to boost client and prospect confidence in your expertise.

Put Protection in Place That Never Varies for a Strong Universal Defense

  • Multifactor authentication (MFA)  stops 99% of password-based cybercrime and teamed up with single sign-on (SSO), this dynamic duo provides strong access control.
  • Simple remote management and secure shared password vaults make it easy for IT teams to respond quickly in an emergency to isolate a compromised account.
  • Automated password resets eliminate the constant wave of reset tickets, saving time, money and stress.
  • We’re here to help if you would like to learn more about ways that you can protect your business and from today’s nastiest cybersecurity nightmares. Let’s get together and talk about it:  SCHEDULE A CONSULTATION>>

Dark Web ID’s Top Threats This Week


 


United States iConstituent

https://www.nbcnews.com/politics/congress/house-communications-vendor-compromised-ransomware-attack-n1269934

Exploit: Ransomware

IConstituent: Communications Services

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.655= Severe

A major service provider to members of the US House of Representatives is recovering from a ransomware incident that has left Members scrambling. iConstituent provides constituent communications services for House offices including facilitating Member emails and newsletters. The House Chief Administrative Officer (CAO) is coordinating a response with iConstituent, and the CAO has announced that no other House data or systems have been compromised.

Customers Impacted: Unknown

How It Could Affect Your  Business: Ransomware against service providers has been a hot profit center for cybercriminals and they’re not letting up on potentially vulnerable targets.

IntegraMSP to the Rescue: Third-party and supply chain risks are growing exponentially. Learn strategies to fight back in our eBook Breaking Up with Third Party and Supply Chain RiskDOWNLOAD IT>>


United States – Cox Media Group

https://therecord.media/live-streams-go-down-across-cox-radio-tv-stations-in-apparent-ransomware-attack/

Exploit: Ransomware

Cox Media Group: TV & Radio Station Operator

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.227= Extreme

A number of TV and radio stations around the US went dark briefly after a suspected ransomware attack on parent company Cox Media Group. Stations impacted included News9, WSOC, WSB, WPXI, KOKI, and almost all Cox radio stations. The Cox Media Group owns 57 radio and TV stations across 20 US markets. Internal networks and live streaming capabilities for other Cox media properties, such as web streams and mobile apps, were also impacted in the June 35r event. Service was quickly restored and the event is under investigation.

Individual Impact: No sensitive personal or financial information has been declared compromised in this incident and the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Business Ransomware attacks against strategic targets like this are becoming all too common as ransomware gangs seek to cause maximum buzz for maximum profit.

IntegraMSP to the Rescue:  Find useful data to inform security decisions including our predictions for the biggest risks of 2021 in The Global Year in Breach 2021READ IT NOW>>

United States – Navistar International Corporation

https://www.reuters.com/technology/us-truck-maker-navistar-says-aware-it-breach-2021-06-07/

Exploit: Ransomware

Navistar International Corporation: Specialty Vehicle Manufacturer

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.812= Moderate

Truck manufacturer Navistar International has notified the Securities and Exchange Commission (SEC) that they’ve fallen prey to a ransomware attack. Navistar makes trucks, buses and diesel engines, while its Navistar Defense subsidiary produces several US military vehicles. The company confirmed that there was data exfiltration in the suspected ransomware attack, but no details have been made available regarding the nature of that data.

Individual Impact: No sensitive personal or financial information has been declared compromised in this incident and the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Business Ransomware is evolving, meaning every incident stands a chance of containing an even harder to stop new variant that could do lasting damage.

IntegraMSP to the Rescue:  Secure your data and systems against today’s nastiest threat with Ransomware 101, our most popular eBook, to guide you through how to secure your clients effectively. READ IT>>

United States – New York Metropolitan Transit Authority (M.T.A.)

https://www.nytimes.com/2021/06/02/nyregion/mta-cyber-attack.html

Exploit: Nation-State hacking

New York Metropolitan Transit Authority (M.T.A.): Regional Transport Operator

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.812= Moderate

Officials at NY M.T.A released information that their system had been the target of a cyberattack by a hacking group believed to have links to the Chinese government. According to the report, nation-state actors penetrated the Metropolitan Transportation Authority’s computer systems in April. The investigation has concluded and NY M.T.A. was able to confirm that no sensitive data or rider data was impacted.

Individual Impact: No sensitive personal or financial information has been declared compromised in this incident and the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Business Ransomware is evolving, meaning every incident stands a chance of containing an even harder to stop new variant that could do lasting damage.

IntegraMSP to the Rescue:  Secure your data and systems against today’s nastiest threat with Ransomware 101, our most popular eBook, to guide you through how to secure your clients effectively. READ IT>>


United States – LineStar Integrity Services

https://www.wired.com/story/linestar-pipeline-ransomware-leak/

Exploit: Ransomware

LineStar Integrity Services: Pipeline Technology Services

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.522= Severe

Cybersecurity researchers discovered that pipeline technology provider LineStar Integrity was hit in a ransomware incident at approximately the same time as Colonial Pipeline resulting in 70+GB of company data finding a new home on the dark web. LineStar Integrity Services sells auditing, compliance, maintenance, and technology services to pipeline customers and is based in Houston, TX.

Individual Impact: No sensitive personal or financial information has been confirmed as compromised in this incident although some sources are reporting that human resources data is in the mix.

Customers Impacted: Unknown

How it Could Affect Your Business Increasing frequency off cyberattacks on service providers show that cybercriminals are taking every chance to strike against linchpins of business services.

IntegraMSP to the Rescue: Increase the chance of speeding past pitfalls to victory when you boost cyber resilience for every customer using the tips in our eBook The Road to Cyber ResilienceDOWNLOAD IT NOW>

 



1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.