Cyberattack strategies like social engineering, ransomware, and phishing are more common and sophisticated than ever. While it’s clear that attackers don’t discriminate—targeting practically all organizations—cyber threats can vary by industry.
In fact, Verizon's 2023 Data Breach Investigation Report (DBIR) drills down into these variances with an industry-by-industry breakdown of how threat actors carry out attacks.
Knowing the current and emerging risks in your industry—and industries similar to yours—can help cybersecurity leaders, infosec teams, and entire organizations establish a better defense. Keep reading to learn the critical risks in healthcare, finance, retail, and other key industries.
Healthcare: A key ransomware target
Healthcare facilities are legally required to protect patients' medical and personal data, the majority of which is now stored digitally on-premise or in the cloud. Unfortunately, this data and the critical nature of the healthcare field have made the industry a lucrative target for attackers, particularly ransomware groups.
According to the 2023 DBIR, there were 525 reported cybersecurity incidents in the healthcare industry alone last year, with 436 confirmed data disclosures.
Cybersecurity has always been a concern in healthcare, but that concern has grown since the height of COVID-19. The industry’s focus on the global pandemic, unfortunately, impacted the time and effort institutions could put toward maintaining or improving their cybersecurity.
As a result, some institutions' cybersecurity is lagging a bit behind, presenting a golden opportunity for devious threat actors.
How and why ransomware has increased
Ransomware is one of the top cyberattack strategies facing healthcare today, making up 24% of all breach types in 2022. Comparatively, ransomware made up less than 5% of cybersecurity incidents before 2020.
This could be for a couple of reasons:
- First, healthcare institutions store personally identifiable information (PII) and medical records that cybercriminals see as valuable.
- Second is the nature of the healthcare industry. Between strict privacy regulations and time-sensitive needs, medical institutions may be more willing to pay a ransom to resume operations and minimize consequences.
When time is of the essence, it makes sense that healthcare institutions may choose to pay the ransom to get operations moving again—which could inspire and fund copycat attacks.
The alternative? Not paying the ransom inevitably leads to extra labor costs (to decrypt or otherwise restore essential data), lost business, and ongoing delays to essential functions, to name a few.
Other cyberattacks on the healthcare industry
Ransomware isn't the only type of cyberattack facing healthcare facilities today. Social engineering is also among the most prevalent attack types according to the report.
Internal mistakes, such as a receptionist sending private medical data to the wrong person, also increased as one of the top patterns for successful breaches within the healthcare sector.
The healthcare industry's other top cybersecurity threats include system intrusion, basic web application attacks, and miscellaneous errors.
Law firms are an ever-lucrative target
Law firms and the legal sector continue to be ever-lucrative targets for cybersecurity attacks. This is largely due to the variety of sensitive documents and communications the industry handles.
Depending on the type of practice, a law firm may collect and store countless types of data that attackers find valuable, including:
- Personal client/employee information
- Financial credentials
- Business transactions
- Intellectual property
- Confidential contracts
- Medical records
Unfortunately, both large and small security incidents can impact a law firm. Compromised or encrypted data can stop operations, upset trust and relationships, risk contempt of court, and create countless other potential consequences.
Most common cyberattacks in the legal industry
Currently, the most prevalent types of cyberattacks facing law firms are social engineering, phishing, and ransomware.
According to the 2023 DBIR, social engineering attacks as a whole have increased, with 74% of breaches including human elements. These attacks aren’t limited to phishing emails either—they may also include privilege misuse, business email compromise, and the use of stolen or falsified credentials.
As many law firms succeed based on personal relationships and the rapport built between clients and legal staff, it makes sense how social engineering could be an efficient attack strategy.
Many social engineering attacks target non-lawyer employees and associates, using common techniques like demanding or threatening language. If the target complies, it could result in compromised information or credentials.
These scams are also becoming more effective in the wake of hybrid work. According to a 2022 report, 49% of lawyers expressed the desire to work mostly from home, leading to increased text, email, and social media communication. As we know, these are key mediums for cyberattacks.
Ongoing security threats to the finance sector
The financial sector is generally more likely to be targeted by cyberattacks than any other field, with over 1,832 reported incidents in the past year, according to the 2023 DBIR. Financial institutions, including banks, are regularly targeted because attackers see them as high-reward.
Fortunately, of the 1,832 reported incidents, only 480 resulted in confirmed data disclosures. This may be because, according to the 2023 DBIR, many cybercriminals who target financial institutions tend to be relatively inexperienced hackers looking to make quick cash.
What do attackers seek from financial institutions?
Financial gain was the motivation in 97% of attacks on the industry in the past year. Interestingly, the most desired data type wasn't financial credentials—it was personal data, including information from customers, clients, and employees.
In fact, personal information made up 74% of the sector's compromised data, while credentials were only 38%. This data still has value, though, as it can later be used for ransom, other attacks, or to breach the institution's funds in another way.
Beyond financial gain, other attack motivations included espionage, convenience, and ideology. We've seen nation-state actors target banks in the past, hoping to set off financial crises for political purposes.
Financial industry cyberattacks are often basic yet successful
The most common cyberattacks on financial institutions used basic web application attack strategies, such as finding repeatedly used passwords and credentials online, including answers to verification questions. Many attackers also use brute force attacks, which consist of trial and error to determine passwords, credentials, and other cybersecurity roadblocks.
According to the 2023 DBIR, one noticeable change is that ransomware attacks on financial institutions have actually decreased.
Retail companies' payment data at risk
Like many industries, retail is prone to ransomware and stolen credentials. However, what makes the retail industry different is that attackers now dominantly target payment card information, especially since COVID-19 and its lockdowns.
Payment information, such as credit card and banking numbers, comprised 37% of the industry's compromised data in 2022. Comparatively, credentials and personal information comprised 35% and 23%, respectively. Combined, these attacks pose serious security concerns for all retail companies.
Old and new attacks within the retail industry
The industry continues to be impacted by common attacks: system intrusion, social engineering, and basic web attacks. Like in many other industries, ransomware was also prevalent within these retail breaches.
For a real-world example, just look at the recent attack on the Canadian bookstore chain, Indigo. In early 2023, attackers deployed LockBit ransomware to steal staff’s personal data, including their names, birthdays, addresses, and direct deposit information.
But attackers have been coming up with new techniques, too.
One emerging strategy to steal payment data specifically is "Magecart" attacks, which now make up about 18% of retail breaches. Essentially, attackers embed e-commerce platforms' credit card processing pages with malicious code. This then allows them to quietly take credit card information and disappear, usually without affecting the website's functionality.
Manufacturers facing DoS attacks
The manufacturing industry endured nearly as many cyberattacks in the past year as the finance industry. However, of the 1,817 reported incidents, only 262 resulted in confirmed data disclosures. This may be because not all attacks are actually trying to steal data.
Denial of service (DoS) attacks are now the manufacturing sector's most common cybersecurity attack strategy, making up 67% of all incidents in the industry. In these attacks, hackers attempt to thwart victims from progressing with their services or projects, for example, by overloading and shutting down networks.
In the manufacturing industry, DoS attacks impair companies from meeting deadlines, which can negatively impact profits and the company's reputation. In some cases, especially those involving ransomware, this is done for financial gain. In other incidents, espionage is the motivating factor behind DoS attacks.
Hacking and malware are the two most used strategies for breaching manufacturers' data and launching DoS attacks. While these system intrusion incidents have decreased since 2022, they are still more common overall than before 2020.
Navigating emerging cyber threats
Getting cybersecurity right can be challenging, especially with a threat landscape that never stands still. However, there are proven steps you can take to improve your defense and protect your company against cyberattacks.
Stay vigilant and informed about the cyber threats facing your industry and, most importantly, share this information company-wide. This way, the next time someone incorrectly requests PII over email, the employee will know how to respond and nip the incident in the bud before it becomes a breach.
Our State of Cybersecurity eBook dives into all the information business owners and cybersecurity leaders need to understand about emerging cyber threats in 2023 and beyond. Check out The State of Cybersecurity today to ensure you and your organization are prepared for what comes next.
