It’s crucial for security teams to know which industries are being targeted by active adversaries and why. For instance, while the financial services industry holds vast amounts of capital and is a juicy target for cybercriminals, it suffers relatively fewer successful incidents than other industries.
There are notable explanations for this. The first is that financial institutions allocate significant resources to their defenses. After all, banks are where the money is. Trust is also crucial to this industry. And that's also a reason why financial services are so heavily regulated, with a good deal of regulations concerning cybersecurity. Financial services firms, whether banks, credit card companies, brokerages, and others, invest in appropriate security technologies, including robust and multifactor authentication, anomaly detection technologies, encryption for data at motion and rest, and more. These are robust cybersecurity programs, and they can also afford to hire specialized and experienced professionals.
"Financial services firms have been doing things like multifactor authentication long before it was cool," says John Shier, Field CTO at Sophos. "And the regulated nature of that industry means they have been doing security for a long time."
Not all industries fare so well.
The Sophos X-Ops Incident Response team analyzed cases they had responded to over the past two years to gather insights, evaluating incidents spanning vertical industries, from architecture to transportation, geographically located within North and South America, Europe, Africa, and Asia. Most organizations that engage with the X-Ops services have 250 or fewer employees, and the vast number of organizations in the 232 they evaluated had less than 1,000 employees.
Manufacturing increasingly targeted
According to the X-Ops Incident Response team, the manufacturing industry consistently trends among the most heavily targeted by active adversaries. Last year, the manufacturing industry invested roughly $308 billion into digital transformation efforts. This year, that number is expected to grow to $368 billion and reach $876 billion by 2029. That's a blistering 20% annual growth.
Digitalization includes investments into artificial intelligence, the Industrial Internet of Things (IIoT), cloud computing, 3D printing, and increased operational technologies (OT) and industrial control systems (ICS). There will also be investments in augmented and virtual reality, wearable devices, and collaborative robots. Couple this with the networking of these devices and ever more automation, and you see the potential for a hacker playground.
Additionally, OT/ICS systems are designed and deployed to run for decades, which means older devices were not built to be remotely updateable securely. This makes patching difficult.
Unsurprisingly, these environments are very challenging to defend. "Despite the attempts to segregate these systems from business networks and the Internet, or air gap them, there always seems to be some way for threat actors to get into the OT network," says Shier.
Healthcare remains a big target
Healthcare is another industry that is among the historically most targeted. There are many reasons, most notably the value of protected health information. PHI is often more valuable on the underground markets than other forms of data — thereby a target.
Healthcare organizations are also particularly susceptible to ransomware attacks, which can cripple their operations because of the potential for great harm and even death; when ransomware attacks deny the use of connected medical equipment, it's common for extortion payouts to be delivered swiftly to attackers.
Additionally, healthcare is challenged by some of the same issues that plague manufacturing technology environments. The growing complexity of healthcare IT networks, with a mix of legacy and modern systems, provides multiple potential attack vectors for cybercriminals. Many healthcare organizations also use outdated technology and systems not equipped to defend against current cyber threats. This makes them easy targets for cyberattacks, and security teams within healthcare organizations often struggle to monitor and protect these systems effectively.
Wim Remes, operations manager at Belgium-based cybersecurity advisory firm Spotit, notes that attacks on manufacturing and healthcare get noticed because of the high visibility of both vertical industries. "Attacks on these organizations are very visible. If a hospital gets ransomed, it's tough to hide. The same goes for an offline manufacturing plant," he says.
Critical infrastructure in the crosshairs
As critical infrastructure industries, in addition to manufacturing and healthcare, continue to digitally transform their operations, such as utilities and the automotive industry, it's reasonable to expect attacks to rise. The digital platforms, increased use of Internet-based services, and the collection of sensitive data will make them industries that are irresistible to active adversaries.
Finally, another interesting finding from the Sophos Ops-X Incident Response analysis is that nearly all-sized organizations find themselves targeted.
"You expect large corporations to be more resilient to attacks than smaller businesses. But all sized companies are susceptible to attacks. And attackers will go after organizations they can succeed against," Shier says. "Everyone is a target."
