Security is a business issue and should be top priority for ALL organizations, especially given the developments in technology and the fast-paced information dissemination. In fact, regardless of your organization’s size and industry, the threat of a security breach is just not a risk to be ignored. This is because security risks, when poorly managed, can result in consequences that range from slight, as in small penalties levied against the organization, to grave, as in loss of personal information, ruin of jobs and danger to the community for government agencies. It must be noted that various systems that offer security are available for the use of organizations, as well as seminars for employees and broad-spectrum staff that teach them about the importance of protecting organizational information, the risks of information maladministration, and the know-how on what to do to handle said information securely.

That being said, not all organizations take it upon themselves to institutionalize risk management and security awareness in their respective workplaces. In addition, some business organizations may have enterprise risk management in their books but the implementation of this and their security mechanisms are outdated and negligent. It can even be argued that the talks of security in the workplace, especially government agencies, are off-limits or at least awkward, and thus, people do not really get an opportunity to know more about it.

Additionally, risk management and security awareness are both yet to be learned in the sense that the security industry itself is very vulnerable to capitalism and for-profit leanings. Yet vital to the organization’s progress and success is establishing and maintaining information security awareness. An institutionalized security awareness program can ensure the protection of important private information, as well as avoid huge risks in the long run. This involves daily trainings for relevant employees in the workplace, as security awareness is an on-going program for all organizations who wish to maintain a high level of security in their processes.

What industries are the most targeted?

 As aforementioned, considering that no government or corporation is safe from security breaches, and the likes of cybercrime are on the rise, more and more organizations are becoming aware of the risks and the steps they can take to avoid said risks. Listed below are just some of the industries that are considered big targets of security breaches and cybercrime:

Healthcare

It was reported in Healthcare IT News that the healthcare industry had experienced the highest level of breaches in 2015. From not even placing in the top five the previous year, the industry has fallen trap to new forms of cyberhacking due to the nature of customer information they handle, and the relative lack of knowledge on the industry’s end in terms of security awareness. IBM reported that cybercriminals are more likely to steal data from hospitals’ databases because their security systems are usually outdated, despite the fact that the data they handle are vulnerable (e.g., email addresses, social security system numbers, address and contact details). Even their employees’ private information are usually left unencrypted.

What could be a strong motivation for institutions in the healthcare industry to scale-up their systems is the fact that, according to the PwC Health Research Institute, the consequences of healthcare security breaches may cost up to $200 per patient record, including post-breach losses like organizational reputational damage and consequent business lost. This is shocking considering the average $8 per patient record fee to prevent said breaches. That being said, anticipate the healthcare industry to spend an incredible increase in preventing data system intrusion, as some healthcare organizations are now learning to take preventive cyber medicine to soften the blows of the hacks they receive.

Manufacturing

The manufacturing sector, which includes automotive, electronics, and pharmaceutical companies, have always been a vulnerable industry when it comes to cybercrime and security breaches. This is because many cyber attackers are financially motivated and therefore are more likely to hack corporations where they can demand a higher amount of money, as well as sell information to competitors. Intellectual property is also incredibly valuable and so attackers may also be after that.

Shockingly enough, the manufacturing sector has not been held to a high standard when it comes to security compliance and risk management as compared to financial services, which renders it more vulnerable to cyber hacking and malware.

Financial Services

Consider financial services, such as banks, a hacker favorite, given the nature of the private information these organizations handle on a daily basis. The most cyber-attacked industry of 2014, financial services have learned their lesson and have decided to invest heavily on cybercrime security awareness, especially big international banks like J.P. Morgan, Citibank, and Wells Fargo in the United States.

What is interesting about the attractiveness of financial services in terms of cybercrime is the method on how cybercriminals go about the act of hacking the systems. It has been learned that lost portable devices (e.g., cellular devices) and insider threats are the main reasons for security compromise in banks and other finance institutions. Of course, hacking and malware are considerable reasons for security breaches as well, especially given the changing times and shifting realities with regards to technological advancements. Lastly, it must also be noted that banks handle a ton of money – if that is not obvious already – so there is already the added temptation to steal data from them.

Government Agencies

High-profile security breaches are probably the most covered media-wise, and it does not lessen the number of crimes committed against the government in terms of security breaches in any way. In fact, 2015 saw an incredible rise in cyberattacks against government, notably in the United States and Turkey. An attack in the former saw millions of employee records exposed, including digitized prints. As for the latter, half a hundred million Turkish citizens were put at risk as communal records were put on blast for everyone’s consumption.

It must be said that many people and organizations can benefit from a government’s information system being compromised, including other states, militant and crime groups, etc. It is in this regard that governments must take extra steps to ensure their security, including involving employees in security awareness training.

Education

Similar to the healthcare industry, the education industry is a chest full of gold, if you consider private contact information, credit card details, and government IDs as such. Additionally, educational records are sought after given their value to people looking to change identities, and trick into employment opportunities. Of course, some people hack their schools to change grades, delete records, and other measures to alter student information in the systems.

Hacking and malware are considered the most common cyber threats to education, which makes sense if one considers the sheer amount of computer activity in schools on a daily basis. Students, educators, and other employees access an array of websites and software, some more personal than others. If users are unable to terminate their sessions, their private identifiable data is public to anyone who can perform simple hack techniques. As a result, unintended exposure is an actual threat to anyone who decides to access their accounts through school computers.

Despite the fact that cybercrime has been declining in the education industry, it nonetheless has continued to happen and must be prevented. As the main research hub, universities and other institutions for higher education have been singled out for sophisticated knowledge and other relevant information in terms of advancements in technology, medicine and manufacturing – all of which are high-gain and very profitable sectors.

What industries are adopting security awareness the fastest?

 Security awareness is the knowledge and attitudes of employees, and the institutionalized organizational process regarding the protection of the assets – usually informational – of the organization. Most organizations that undergo the implementation of an effective security awareness program are able to at least control risks when they are experienced and at best, even prevent losses of this regard to occur. Risk awareness and knowledge of available safeguards are at the forefront of breach defense, especially with regards to information systems and other processes of this kind.

Security awareness training and implementation cover a variety of topics, including the nature of information and assets that employees get in contact with and have to proactively work toward protecting. Additionally, security awareness runs through the discussion of nondisclosure agreements, and the responsibility of administrative staff and contractors in terms of handling these sensitive information.

Specific to physical assets of an organization, employees have to learn the basic requirements of proper management of data, which means marking, storage, and destruction. On the other hand, with regards to computer data systems, members of the organization have to know password policies, methods in two-factor authentication and malware.

Lastly, security awareness in the workplace involves general workplace security (e.g., wearing IDs), and the grave consequences of compromising the organization’s security. Security awareness is all these things and more, as understood by those who have adopted the programs.

In other words, being security aware means that one understands the grave potential of losing data as some individuals or groups may deliberately attempt to steal, misuse and/or damage said organizational information in the databases and systems of the victim organization. In turn, one performs processes that involve the protection of database systems, as well as general support of the institutional assets (physical, informational and even personal) aimed at the prevention of security breaches. Security awareness is a shift not only in institutions but also in behavior; in fact, it can be said that security awareness programs target not only breach prevention, but also challenge the view that security measures are restrictive when they are in fact enablers of further success.

In terms of industries that are greatly affected by cybercrime yet follow through by adopting an efficient cybersecurity program, one can note that the large corporate industries are taking the lead in terms of taking high level measures to protect classified information and maintain a good level of security awareness in the workplace. More specifically, it has been known that retail corporations, financial services and the healthcare industry are spending hundreds of millions of dollars to ensure that their information is safe and intact, as well as immensely protected with various software and physical containments. Retail corporations have in and out fallen prey to hackers, and have since learned their lesson. Based on the infamous Target security breach, for-profit companies have since spent more on the get go to make sure they spend less on the long run.

Banks, on the other hand, handle sensitive information on a daily basis, including mergers and acquisitions, and other intellectual property. They then have to invest in security awareness programs that will ensure their customers’ privacy, as well as their own. It has been learned that the big banks have started to beef up their cyber security at all fronts, and this is evident in the further decline of cybercrime in finance-related cases.

The healthcare industry, as aforementioned, is 2015’s biggest cybercrime target. That being said, many corporations in this industry have since upgraded their systems to accommodate the rising threats. Given the sudden increase of theft in the data front of hospitals and other care facilities, industry leaders have started to pay for employees’ training in data encryption and protection. Furthermore, risks are also known to the customer base which allows every stakeholder to engage in more secure manners of sharing personal information.

Be Safe

Section Guide

Ryan
Fahey

View more articles from Ryan

SecurityIQ has published a number of videos on social engineering and phishing. You can sign up for a free account to browse their resources and test how phishing savvy you really are.

Section Guide

Ryan
Fahey

View more articles from Ryan