Manufacturing, healthcare industries biggest targets of security attacks

Verizon's annual data breach report revealed manufacturing and healthcare were the biggest targets of hackers and over half of the data breaches were aimed at small- and medium-sized enterprises (SMEs).
By Chris Middleton, Vinelake May 9, 2018

Small- and medium-sized enterprises (SMEs) and healthcare organizations are the biggest targets of hackers and organized criminals, according to Verizon, with personal, medical, and financial data firmly in their sights.

Verizon published its 11th annual data breach investigations report details all of the different types of data security incidents and breaches that took place last year. The report found that 73% of breaches were perpetuated by outsiders, with 50% carried out by criminal groups, 28% by internal actors, and 12% by hostile states or affiliated organizations. Two percent originated at partner organizations, according to the report.

Personal data was the biggest target of attacks, followed by payment details, private medical records, and personal or business credentials. Nearly 50% of all incidents involved hacking; 30% included malware; 17% were triggered by errors; and 17% were social attacks. In addition, 12% of breaches or incidents involved privilege misuse, and 11% were caused by physical actions.

Seventy-six percent of all incidents were financially motivated, says Verizon, with 13% motivated by the potential gain of strategic advantage (espionage). The report also revealed 24% of breaches affected healthcare organizations, 15% involved accommodation or food services, and 14% hit public sector organizations.

The biggest targets by far—58% of all breaches—were SMEs. Alongside the troubling focus on healthcare organizations—and private medical data—and the overwhelming impact on smaller businesses, the report reveals that 68% of breaches took months, or even longer, to discover.

The largest type of incident—including attempted breaches—remains denial of service (DoS): Verizon logged over 21,400 such attacks last year. In terms of successful breaches, 399 involved stolen (hacked) credentials, while over 300 involved RAM-scraping malware, with phishing and privilege abuse not far behind.

Within organizations, the biggest targets were databases, followed by POS servers, POS controllers, and Web apps.

Chris Middleton is the editor of Internet of Business (IoB), a CFE Media content partner. This article originally appeared here. Edited by Chris Vavra, production editor, Control Engineering, CFE Media, cvavra@cfemedia.com.

ONLINE extra

See additional stories about the IIoT linked below.