10 Likely (and Vulnerable) Targets for Cyberattacks
Cyber breaches are expected to increase nearly 70% during the next five years.
Shutterstock
Whether a big city like Atlanta or 22 small towns in Texas, cybercriminals are heavily targeting the public sector. In Texas, a mayor of one of the towns hit by ransomware said the attackers are asking for $2.5 million to unlock the files.
“As evidenced by the recent breach in Texas, the public sector is increasingly vulnerable,” said Angelo Rodriguez, Infocyte’s director of sales engineering. “If you speak to the agencies, you will find out that despite formal and growing cybersecurity programs, they are undermanned and outgunned. And the prospects aren’t good. The commercial sector, especially vendors and visible sectors like finance and services, gobble up all the best resources and pay them two to three times or more, typically with a better, more challenging environment or location, benefits [and so on].The public sector has trouble attracting folks and retaining them once they become more valuable. This is a key focus for us as we can provide the most value where the environment is a greenfield (new security program) or an established program can’t support the mission due to lack of resources or constrained hiring.”
From New York to Oklahoma, Louisiana to New Mexico, school districts have become a major ransomware target.
“If you consider what schools often ask of parents, yes, there is data that can be monetized,” said Terry Ray, senior vice president and fellow at Imperva. “My children’s schools know my name, address and phone number at a minimum, which can be sold to spammers and bulk marketers. I have also provided a credit card for recurring school lunch payments, as well as all of my children’s social security numbers. So yes, not only is this data monetizable, it’s also regulated, at least in the State of California with their new California Consumer Privacy Act. I expect to see more states and possibly the federal government enacting privacy laws in the future, making such breaches very expensive for anyone choosing to store private data.”
Last month, Capital One confirmed that a malicious hacker gained access to more than 100 million of its customers’ accounts and credit card applications earlier this year. The data breach affected about 100 million individuals in the United States and about 6 million in Canada.
When it comes to financial services, a lack of security isn’t necessarily the culprit, Rodriguez said.
“A better description might be over-adequate security,” he said. “Vendors have done a good job of proliferating tools and organizations [that] even the most resource rich can’t consume. “Evidenced by the recent Capital One breach – they owned a tool that could have prevented the breach, but did not deploy it. Likely because they have so many other tools and were overwhelmed. Especially in mid-market and below, where resources are thin or non-existent, what security you do have has to be easy to consume and effective in the existing and developing environment: cloud, SaaS, borderless, etc. The still largely existing deployment of disjointed network security, end-point and security intelligence solutions don’t seem to be addressing this issue, nor can everyone adopt a zero-trust model immediately, or even at all.”
Health care almost always dominates lists of breached organizations, which is partly due to strict regulations that require public notice reporting, but also because their businesses rely so heavily on technology, Ray said. An attacker that can disrupt health care businesses with an ability to turn the business back on again when desired stands a reasonable chance of financial gain from the attack.
This isn’t the case for every business, but when targeting victims some of the key elements an attacker looks for are:
● Does the target utilize large amounts of technology?
● Is the technology critical to the business?
● Will an impact to the technology create an urgency and cost to the victim?
● Is there a time or date where the impact is more impactful or less impactful?
● Is the target’s security well funded? How difficult will the target be to attack?
● Can the business proceed without restoring data? What is the cost of losing it altogether?
“Patient data is highly valuable to hackers, who often use the stolen information to commit further crimes like identity theft,” said Matt Aldridge, Webroot’s senior solutions architect. “Health data is incredibly important to people and is far more personal than other information.
Some attacks go unnoticed because even though an attack would be catastrophic, significant attacks are harder to pull off, and therefore are rare, said Anand Kashyap, Fortanix’s co-founder and CTO. Examples of this are attacks on utilities, the power supply or other critical public infrastructure.
“MSSPs are ideally positioned to help,” Rodriguez said. “They can remove the complexity, provide proactive monitoring and respond to security threats on behalf of organizations that are either not equipped or don’t have the skill or resources to adequately protect themselves. From a customer perspective, you want to be protected. From an MSSP perspective, you want to do it the most efficient way possible, with the fastest time to value, and best use of capital.”
Attacks involving IP theft in the tech industry also are common, especially when companies use remote manufacturing or service facilities where the operating infrastructure itself can’t be trusted, Kashyap said. According to the FBI, IP theft is a growing threat, especially with the rise of digital technologies and internet file-sharing networks.
Newer technologies based on Blockchain, a time-stamped series record of data that is distributed and managed by a cluster of computers, are increasingly being targeted, and even though there have been incidents of attacks on private keys used for signing, the attacks have not been of a magnitude worth grabbing headlines, Kashyap said.
The Olympics, the World Cup, sports playoffs, massive new product releases, political events and conventions are almost always targeted as they have extremely high short-term value to the attacker, an incident against them requires urgent mitigation and has extreme public visibility, often leading to the victim having increased willingness to pay, Ray said.
“Additionally, these events often have short-term infrastructure and new staff (opportunities for mistakes by the victim),” he said. “Timing and cost are factors for the targets as well.”
Marriott is paying dearly for its massive data breach exposed last year. Earlier this month, the hospitality giant said it booked a $126 million charge in the latest quarter tied to the breach and lowered financial projections for the year. Also this month, Choice Hotels said it suffered a data breach in which records of 700,000 guests were stolen.
“MSSPs and other cybersecurity providers have a massive opportunity to provide security as a service to these targets, especially if they lack the security expertise required to protect them,” Kashyap said. “A SaaS offering can provide standardized and best-in-class security to several organizations and can protect them from being targeted.
Sekhar Sarukkai, McAfee’s fellow/vice president of engineering for cloud, tells us over the past two decades cloud computing has become almost universal, with roughly 95% of businesses reporting that they have a cloud strategy. Even though security is a top priority, there still are real and big risks to using any cloud service.
“Cloud computing presents many unique security issues and challenges,” he said. “In the cloud, data is stored with a third-party provider and accessed over the internet. This means visibility and control over that data is limited. It also raises the question of how it can be properly secured.”
Sekhar Sarukkai, McAfee’s fellow/vice president of engineering for cloud, tells us over the past two decades cloud computing has become almost universal, with roughly 95% of businesses reporting that they have a cloud strategy. Even though security is a top priority, there still are real and big risks to using any cloud service.
“Cloud computing presents many unique security issues and challenges,” he said. “In the cloud, data is stored with a third-party provider and accessed over the internet. This means visibility and control over that data is limited. It also raises the question of how it can be properly secured.”
Cyber breaches are taking a heavy toll on an increasing number of industries, sectors, organizations and others.
The cost of data breaches will increase from $3 trillion each year to more than $5 trillion in 2024, at an average annual growth rate of 11%, according to a new report from Juniper Research. This primarily will be driven by increasing fines for data breaches as regulation tightens, as well as a greater amount of business lost as enterprises become more digitally dependent.
And cyber breaches are expected to increase nearly 70% during the next five years, Juniper said.
Fortanix’s Anand Kashyap
So who’s being targeted and why?
Anand Kashyap, Fortanix’s co-founder and CTO, tells us a particular target may be attractive for cybercriminals for any of the following reasons: It may have inadequate security controls in place, thus increasing the likelihood of success for an attack; it may possess very sensitive and valuable information or data; it may be so large that the financial reward for even a small-scale attack may be large; or it may be part of critical infrastructure.
“Inadequate security plays a big factor in being targeted,” he said. “Cybercriminals will often go for an easier target. This encompasses everything from not following best security practices, using unpatched or unvetted software, improperly trained employees, and lack of use of adequate encryption and key management. Many targets are not high-tech companies and lack security expertise and even personnel to build a strong security solution.”
Infocyte’s Angelo Rodriguez
Angelo Rodriguez, Infocyte’s director of sales engineering, tells us like any criminals, cyber thieves would be interested in the value of the target, but also driven by opportunity.
“Any organization that isn’t moving toward taking a proactive approach to security, meaning constant monitoring and closing of the attack surface, is going to provide an opportunity for someone to get in,” he said. “Some of this is basic IT hygiene — identify where you are vulnerable and close those gaps so that even if what you have is valuable, the opportunity to attack is closed down, or at least greatly reduced.”
In the slideshow above, we take a look at who cybercriminals are targeting most, including those making big headlines and others that tend to fly under the radar.
Read more about:
MSPsAbout the Author(s)
You May Also Like