Safety is a business issue and should be a top priority for all organizations, especially in the light of technological developments and rapid dissemination of information. In reality, regardless of the size of your company and the market, the possibility of a security breach is not a danger to be overlooked. Poorly managed security risks will contribute to effects that vary from mild to severe, as in the case of small sanctions imposed on the company, such as loss of personal records, job losses, and environmental hazards for government agencies. It should be remembered that various security programs are accessible for the use of organizations, as well as workshops for workers and broad-based personnel to educate them about the importance of protecting private information, the dangers of mismanagement of information, and the know-how to interact with such information in a secure manner.
That being mentioned. Not all companies are dedicated to institutionalizing risk management and health education in their respective workplaces. In fact, certain business organizations may have organizational risk management in their records, but the application of this and their security mechanisms are obsolete and incompetent. It can even be claimed that the discussions on health at work, in particular government departments, are off-limits or at least uncomfortable, and therefore people do not really have the opportunity to know more about it.
As stated above, considering that no government or company is free from security breaches and the cases of cybercrime are on the rise, more and more organizations are becoming aware of the risks and measures they should take to avoid such risks. The following industries are considered the biggest targets of cybercrime and security breaches.
Healthcare:
Healthcare seems to be an odd target for cybercriminals, but actually, it’s not. Over the years, the healthcare industry has faced a myriad of cybersecurity-related issues. These issues range from ransomware, malware, insider threat, data breaches, and DDoS attacks.
The healthcare industry is on the radar of cybercriminals because of its extensive stores of data. These sets of data often include healthcare records, sensitive patient information, and financial details. The WannaCry ransomware attack, for example, undermined operations at Britain’s National Health Service and affected patient care. The 2015 cyber-attack on Anthem witnessed the leak of 78.8 million patient records, including highly sensitive data, social security numbers, home addresses, and data of birth.
Coming to Singapore, hackers targeted the Singapore government’s health database, stealing the data of 1.5 million patients.
According to IBM, cybercriminals are after the hospital’s databases because of their outdated security systems. Besides, these databases store vulnerable information like email addresses and contact details. Even worse, the information is left unencrypted. Adding to this, the critical nature of healthcare environments means patients need immediate access to healthcare data with their devices and application, requiring removing certain security banners.
Banking/Financial:
This industry has always been the prime target for evident reasons. After all, these organizations have what the cybercriminals are after—money and personal info. Singapore has a strong banking industry, making her a favorite zone for cybercriminals.
According to a report issued by the Russian cyber-security company, Group—IB claimed that Singapore was one of the most attacked regions in the cyber landscape. Thanks to the nation’s reputation as finance and crypto-currency hub. The report claimed that nearly 19,928 Singapore bank cards were stolen and put up on sale in illicit sites and underground forums in 2018.
In a 2016 study, Accentuate revealed that 78% of organizations were confident in their cybersecurity practices, yet 1 of every 3 was attacked. In February 2016, hackers stole nearly $100 from Bangladesh’s central bank. This incident was followed by the stealing of $31 million from the central bank in Russia.
Historically, email phishing has been a general method to target banks’ customers. Now, emerging technologies, such as mobile and online banking, are creating new opportunities for cybercriminals. Hackers often send fake emails using @mas.gov.sg to pose as an authentic organization. They also sued subjects like “Fund Transmittal” and “Singapore Compliance Information” to trick the users into opening the email and clicking the phishing link inside. In fact, hackers have started new phishing emails that come with subjects like “Secure your account from unauthorized users” to prompt the users to open the email.
To minimize the effects of such attacks, banks are spreading cybersecurity education among their customers, as well as rapidly responding in an even of attack. But today’s sophisticated criminals are equipped with advanced tools to target online bank accounts and know-how to comprise the servers and software.
“Cyber threats in the financial sector are growing because of increased digital footprint and pervasive use of the internet. The financial sector must remain vigilant and ensure that defenses are able to counter varied and evolving threats. Good cyber hygiene can go a long way in protecting financial institutions from common types of cyber incursions as the proposed fundamental and essential measures can be implemented by all financial institutions regardless of size or system complexity.”
n Tan Yeow Seng, Chief Cybersecurity Officer At Monetary Authority of Singapore (MAS) |
Manufacturing:
The manufacturing industry, which is comprised of electronics, pharmaceutical companies, and automatic, has always been prone to cybercrime and security breaches.
Cybercriminals are after the “trade secret” or “intelligence” on any new product, technology, or process that a manufacturer creates, which can be anything from getting secret designs, blueprints, or specific assembly processes.
Once they get their hands on such things, a victim organization is often asked to pay ransom to get back their assets or the information is sold to their competitors. Intellectual assets are also valuable, and so cybercriminals might also try to steal them.
Carbon Black, a US-based cyber-security firm, showed that over 90 percent of organizations in Singapore had faced at least one breach in 2019 due to cyber-attacks. And manufacturing was one of those industries. The study also revealed that nearly 2/3rds of businesses in Singapore’s manufacturing and engineering industries had been attacked three to five times from Apr 2018 to Apr 2019.
Despite that fact, the manufacturing sector has not strong cybersecurity tools and practices as compared to financial services, making the industry a soft target for malware and hacking. Threat actors are also aware of the vulnerabilities in a large and complex supply chain of the manufacturers. Most manufacturers are small businesses that lack sophisticated IT security practices to deal with a data incident. If that isn’t alarming enough, it’s worth keeping in mind that if production halts even for the shortest time, the impact can be devastating—with millions in revenue potentially lost.
Even worse, the manufacturer can have his reputation at stack as investors or customers may consider their decisions to buy from them in the event of cyber-attack.
Let’s talk about the common threats risking manufacturing industry:
Identity Theft:
Hackers get into a customer database through malware and steal customer data, which can potentially be used to do identity theft. Basically, identity theft is used to steal someone’s personal information.
Phishing:
Phishing is a popular cybercrime being used to trick recipients into providing sensitive information such as passwords. For example, an employee can respond to a phishing mail from a threat actor posing as the company’s CEO.
Spear Phishing:
Spear phishing is aimed at one employee at a manufacturing company or people with a particular department. Compared to phishing attacks, these messages are more specialized and particular to the recipient. For example, a person working in the accounting department might get a spear-phishing email regarding invoice or tax form.
Some spear-phishing emails seem to come from a CEO and might ask the recipient about the credentials or confidential information.
Spam:
Although spam message is not that harmful, they can affect productivity at manufacturing plants. For example, a Dunlop Industrial plant in South Africa has to deploy its IT team to remove nearly 12,000 spam messages a day manually. This task ate up nearly 90 minutes and hindered the productivity of the team.
Misleading Web Content:
Sometimes hackers target the websites to make them inefficient or fill them with confusing content. Even worse, the dangerous files can be installed on the visitor’s computers as they visit the compromised site. Such scenarios can damage the reputations of victim manufacturers.
Supply Chain Attacks:
Data is often shared between manufacturers and their vendors/suppliers. But this can make them vulnerable if a threat actor gets into the network.
Higher Education:
Higher education is another most targeted industry by cybercriminals. This is because educational institutions are an easy source of personal information, password information to loan, and bank credentials. Above all, many universities have government-funded research facilities that store an intellectual property or valuable scientific insights.
Hackers often leverage network vulnerabilities across colleges. For example, the school of business might have entirely different software than the school of healthcare. It is challenging to monitor and manage the diverse system, delaying or slowing down the response to security concerns.
Government Agencies:
High-profile data breaches are probably the most widely reported media-wise and do not in any way reduce the number of offenses committed against the government in terms of security lapses. 2015 saw an unprecedented spike in cyber-attacks against the government, especially in the United States and Turkey. Millions of employee papers, like digitized documents, were subjected to the assault in the former. As for the other, half a hundred million Turkish people were put at risk as community documents were set up for everyone’s use.
It could be said that other people and organizations will profit from breaching the government’s data system, including other nations, terrorist and criminal gangs, etc. It is in this respect that policymakers will take additional steps to ensure staff health, including the participation of workers in protection awareness training.
One of the first things to understand is that there is a risk. When you acknowledge this fact, it will be much easier to develop an effective plan around it. Spend time finding the flaws in your network that can allow hackers access to the network. Cybercriminals know very well about their position. Employees should be aware of the risks of malware emails, browsing dangerous websites, recent developments in cybersecurity and attacks, and other related risks. Continuing training sessions are a great help to companies when they address security breaches with their customers.
You need more than the basic steps to stay on top of cybersecurity. IT experts are required to improve the protection of your network. Cybersecurity practitioners practice critical thinking skills and critically evaluate problems to tackle the root cause of the problem and not just the signs. Threats are constantly evolving, so you need someone with the experience and ability to cope with them. Professionals view the computer network in such a manner that they recognize the magnitude of the danger to your enterprise.
1 Comment