The rapid digitalisation of enterprises and the increased adoption of the cloud to store large volumes of data are accompanied by challenges in ensuring data safety. Enterprises’ data is a prime target for cybercriminals, who are using increasingly more sophisticated malware and ransomware to either leak or block access to data in exchange for large and rapid financial gains. As per estimates by the Indian Computer Emergency Response Team (CERT-In), a total of 53,081 cybersecurity incidents were recorded in 2017, up from 50,362 in 2016. While the growth in the number of incidents is not big, the increasing sophistication of attacks in the context of an expanding connected world is a big area of concern.
Some industries are more vulnerable targets for cybercriminals than others, due to the sensitivity of their data, the business domain, etc. tele.net takes a look at the common threats and most targeted industries in the cybersecurity space.
Most common threats
A number of potential ways are used by cybercriminals to infiltrate or hack a organisation’s network. While the details may differ, they mostly conform to a set of highly effective methods used to gain access. A popular option for hackers is to install malware, which allows them to control the target’s machine, monitor its actions and transfer data. Phishing tactics, in which attackers engage in communication posing as someone else, are also common. Structured query language injection (SQLi) employs malicious code to communicate with servers to leak information. A denial of service (DoS) attack floods a website’s server with volumes of traffic, which it cannot handle, blocking access to the website or leading to a shutdown. Ransomeware is a malicious software that threatens to leak data or block access until a ransom is paid. Hackers also take advantage of the tendency of users to reuse the same password across websites. More often than not, people end up using the same password and login credentials on multiple websites, which makes it easy for hackers to expand their access to information.
Most targeted industries
According to the IBM X-Force Threat Intelligence Index 2018, the banking, financial services and insurance (BFSI) sector was the most targeted sector in 2017 and in 2016. As per the index, the sector accounted for 27 per cent of the total security incidents and 17 per cent of attacks. In terms of categories, more than 76 per cent of the attacks were injection attacks while close to 10 per cent involved reconnaissance activity. While the majority of attacks are targeted at theft from individuals using phishing, compromising credentials and intercepting online transactions, some sophisticated groups are also attempting to breach the entire network of organisations.
Rising to the challenge, enterprises in the BFSI industry are increasing their investments in network security and are adopting new technologies for the same. “In addition to the traditional layers of security at the network, perimeter and data centre levels, systems based on big data analytics and artificial intelligence are being deployed to monitor and safeguard the information of stakeholders,” says Gururaj Rao, chief information officer, Mahindra Finance, commenting on his organisation’s cybersecurity readiness.
The information and communications technology reporting (ICT) segment was the second most targeted industry in 2017, accounting for 18 per cent of the security incidents and 33 per cent of the attacks. Although this segment faced more attacks than the BFSI sector, security-related incidents were fewer. Owing to the hyperconnected nature of the ICT devices ecosystem, this segment is prone to recurring attacks and breaches. Further, the dependence on technologies and products developed by this segment widens the spectrum for attackers to infiltrate into the system and carry out breaches. Some of the most common and recurring attacks in this segment are malvertising, phishing and SQLi.
Enterprises in this space are attempting to keep pace with the latest technological advancements in order to strengthen their networks and ensure security. In this regard, Boudewijn Pesch, group vice-president, Japan and Asia Pacific, Oracle Communications, says, “We invest substantially in security and leverage it across most of our products. Security is our key priority, particularly when delivering products and solutions to the telecom industry. We have been running the networks for about 20 years now, so the stakes are high and security needs are addressed first in anything and everything we do.”
Companies in the manufacturing industry were the third most targeted by attackers in 2017. According to IBM, the manufacturing industry accounted for 13 per cent of the total security incidents in 2017 and about 18 per cent of the total attacks. Approximately 30 per cent of these involved SQLi tactics. This industry was also hit by a number of ransomware attacks in 2017, which caused downtime and affected companies’ production plans.
One of the key reasons for the manufacturing sector’s vulnerability to cyberattacks is its growing shift towards automation of processes and improvements in operational efficiency and productivity through the use of technologies such as the internet of things (IoT). Automation gives hackers multiple points of entry, which they tap to paralyse the system. As a result, in India, cyber insurance products, which were once mostly demanded by e-commerce and BFSI enterprises, are now increasing in popularity among manufacturing companies as well.
Retail was the fourth most-targeted industry in 2017, accounting for 9 per cent of the security incidents and 10 per cent of the total attacks. For retailers, the main risk pertains to the theft of customer data, which is available with them in abundance. With increasing competition, there is a growing need for retailers to digitise operations, and launch mobile applications and payment networks, all of which increases its vulnerability to cyberattacks. A unique threat for retailers is point-of-sale (POS) malware. Since these systems are placed in geographically dispersed locations, ensuring their security is more difficult. Distributed denial of service (DDoS) attacks are also a challenge that retailers have to face. These attacks aim to make websites and servers unavailable for users, impacting business.
Professional services accounted for 14 per cent of the security incidents and 1 per cent of the attacks. This industry hosts large volumes of consumer data. To put the volume into perspective, around 390 million records were compromised in 2017 in this industry, the third highest when compared to other industries. Unsecured databases can inadvertently compromise sensitive and often personally identifiable information of a large number of people. In light of the rising challenges to curb breaches and the growing sophistication of attacks, Ramesh T. Kumar, corporate information systems at Mindtree notes “Security has been of prime importance to Mindtree and the industry in general. Our organisation has grown multifold, which brings its own challenges in ensuring security. Some of our applications are on premises, while the rest are on the cloud, and integrating them in a secure way is a challenge.”
Cryptocurrencies and cybercrime
Cryptocurrencies are emerging as a major target area for financial theft by attackers to collect ransom. Extortion demands in return for control over enterprise networks have become so rampant that many enterprises have started holding cryptocurrency reserves to satisfy ransom demands in the event of being locked out from their own networks. Another band of attackers has shifted its focus on attacking cryptocurrency exchanges and managed to steal large volumes worth millions in a single attack. In January 2018, cryptocurrencies worth $530 million were stolen from the Japanese exchange, Coincheck.
The way forward
The incidence and sophistication of cybercrime are expected to increase in times to come. Successful assaults by ransomeware such as WannaCry and NotPetya are prime examples of what sophisticated and organised cybercriminals can achieve. Going forward, more forms of sophisticated malware are expected to surface and target both the private and the public sector. In 2017, attacks were largely carried out to appropriate quick financial gains. This trend is likely to continue with attackers focusing on businesses and banks that provide higher profits rather than on consumer accounts.
The dynamic cyberthreat landscape calls for enterprises across verticals to strengthen their security systems and make them as impenetrable as possible. Enterprises need to focus on preventive measures and undertake monitoring and patch management at regular intervals. In addition, they need to install real-time monitoring systems equipped with machine learning and artificial intelligence to analyse patterns and predict likely breaches. Investments on incident response, which will help in efficiently tackling the situation and limiting damages in the event of a cyberattack, will be crucial.