As more nation-state actors get into the hacking game, businesses and governments become more interested in which industries are the most vulnerable. To answer that question, you have to ask which are inherently the most vulnerable, which are the most desirable for hackers, and where do the two meet?
A lot of hacking is devoted to making money, communicating a message, or just making a mess. Cyberwarfare, however, has only ever really happened if you count the Stuxnet attack on Iran’s nuclear program, which actually succeeded in creating physical damage. But it seems safe to say nation-states—your own and others, both friendly and not—are going to be as interested in cyberwarfare as they are in cyber-espionage.
With the miniaturization of computing and the development of microservices, the Internet of Things—computerizing individual elements of our everyday physical lives—has made more and more things as vulnerable as they are effective. This tendency toward automation in our critical infrastructure and toward more streamlined and efficient automation has a flipside. And it’s that which hackers, criminals and nation-state actors alike target.
Some of those targets are obvious, but others less so.
The Chemical Industry
Although none have been hit in a way that has created physical danger, chemical plants are full of dangerous substances. The industrial controllers made by Siemens and used in the Stuxnet attacks are similar and sometimes identical to the ones controlling chemical processes. Also, there might be a chemical factory somewhere that isn’t run by computers, but if there is, it would be quite an anomaly.
The Healthcare Industry
Health data is, by far, the most vulnerable sector. The industry is very large, running the gamut from hospitals to drug companies to insurers. It produces information that is highly desirable to hackers for a variety of reasons. Just in the first half of this year, 21.1% of all the data breaches were at healthcare companies and 34% of all the private records of U.S. patients were made breached.
The Mining Industry
Even mining companies are vulnerable. Yes, those giant, old-fashioned companies that tunnel down into the ground with huge machines and use the sweat and muscle of individual laborers are as vulnerable to hacking as electrical companies or the automotive industry. And the reason is the same. Mines have centralized the gathering, analysis, and storage of operational, employment, and financial data. Centralization means quicker and cheaper processes, but it also means hack one, hack all.
Experts Exchange’s report on IT spending gives us a hint of which other areas of the economy are suffering the most cyberattacks. At or near the top are the banking industry, the retail sector, IT, and the oil industry.
The Energy Industry
The U.S. energy grid is increasingly automated. A man-in-the-middle attack could send the wrong data to the wrong recipient, causing the bulk of power creators and shippers’ traffic to seize up. This would deprive users of the energy they need to do everything -- from phoning 911 to keeping the streetlights on. Malware can be used to send bogus instructions to physical infrastructure, such as dam turbines, both stopping the creation of energy and even causing the dam to break, flooding towns, and putting people at risk.
Regardless of your business, hacking is picking up across industries to the point that President Obama has proposed a $14 billion increase in national cybersecurity spending for the 2016 fiscal year.
The time to protect and prevent is now. Should you need additional counsel on security processes and systems to make your business safer against breaches, you can turn to Cygilant to augment your defenses and consult experts in the field. Cygilant’s SOCVue security as a service, combined security monitoring, vulnerability and patch technology and managed services ensure sure a security breach can be avoided.
Top photo credit: Frank van de Velde