8. Identify key sectors that are most vulnerable to a cyber-attack (AC 2.5)
The only truly secure system is one that is powered off..." - Gene Spafford (professor of computer science at Purdue University) Everyone's system is prone to be attacked. However there are some sectors that are more likely to be targeted. According to the 2024 X-Force Threat Intelligence Index by IBM Security the list of sectors that are most vulnerable to cybercrime is this: Manufacturing 25.7% Manufacturing has become the prime target due to digitisation of production of processes, which rely on Operational Technologies (OT is hardware and software that monitors and controls physical devices, processes and infrastructure) and Industrial control Systems (ICS are electronic systems that control industrial processes such as manufacturing) Theses systems are often connected to corporate IT networks, making it the perfect target for an attack. Manufacturing was the top attacked industry for the past 3 years. Credential harvesting and data theft and leak were both top impacts on manufacturing organisations. Next up is data destruction and extortion both at 16%. Malware was top choice for the final part of the attack (called the action on objective) at 45%, ransomware at 17% of the attacks. Asia-Pacific region records the most incidents in manufacturing at approximately 54% of cases. Europe at 26%, North America at 12%. Finance and insurance 18.2% In this sector, high value of data is handled, such as customer banking credentials and transaction records. This makes it an attractive target. Financial institutions manage real-time transactions that can be exploited for fraud or redirected through malicious attacks. This sector is Finance and insurance placed second most attacked industry. Same as manufacturing, malware and ransomware accounted for most of these attacks. Malware accounts for 38% of incidents and ransomware for 25%. Europe experience the highest percentage of incidents(UK was the most attacked country in Europe), while Latin America saw the second most at 17%, with North America, the Middle East and Africa, and the Asian-Pacific each experiencing 15% of attacks. Energy and utilities 11.1% This sector is considered one of the most critical. All the systems managed by these organisations are vital for society. Its vulnerability comes from the integration of digital monitoring systems, remote access tools and Internet of things (IoT). This all expands potential entry points for hackers. Energy organisations, including electric utilities and oil and gas companies. Again malware the the most used action on objective at 43% and ransomware accounting for 22% of the attacks. Data theft and leak were most impactful at 33% of the cases. Next is the digital currency mining and extortion at 22% each. Europe experience the highest percentage of incidents in the energy sector at 43%. Retail 10.7% Retail and wholesale, while consumer facing, are just as vulnerable to cyber-attacks, due to the vast amounts of sensitive customer data that flows through their systems. Online platforms and PoS system(Points of sale) are exploited for credit card skimming (Card skimming is when a physical device installed on a merchant's card reader is used to steal your card's information), data breaches and ransomware attack. But looking at the stats from the Xforce index 2024, Ransomware is taking the first spot yet again with 50% of action on objective. Taking the second place is ransomware with 26% of total cases. 38% of the attacks on retail were because of BEC (business email compromise). North America experienced the highest number of incidents in this industry at 56%, Latin America at 32%, Europe only 11%. Healthcare and pharmaceuticals 6.3% Sixth most attacked sector in 2024 Hospitals, clinics and other healthcare providers rely on digital systems to manage patient care, diagnostics and medical devices. These systems are often targeted which can halt critical healthcare services, putting lives at risk. Data breaches in this sector can compromise highly sensitive information, leading to identity theft or blackmail. The most observed action on objective accounting for 43% was the use of legitimate tools for malicious purposes (such as: Angry IP scanner, Wireshark, PuTTY, Nmap, Hiren's BootCD). Spam campaigns and malware cases tied for second representing 29% of attacks each. 59% of healthcare incidents involved valid account abuse. Email thread hijacking and server access cases each represented 14%. Most impactful was credential harvesting, reconnaissance, data leak and extortion. Government agencies and departments 4.3% Often targeted by cybercriminals and nation-states because of critical information they manage, ranging from classified information to citizen records. Many governments operate on outdated systems, leaving them open to modern cyber attacks. Successful attack poses risks such as identity theft, creation of forged documents, unauthorised access to organisations. The use of legitimate tools for malicious purposes and DDoS were the most observed actions on objective, each accounting for 33% of incidents. The top infection vector was phishing at 40% of incidents. The exploitation of public-facing application, replication through removable media and drive-by compromises were each observed in 20% of cases. The top impacts observed were credential harvesting, data leak, extortion and botnet activity, each representing 33% of the cases. Educational institutions 2.8% Educational institutions are increasingly more vulnerable due to their open networks and limited cybersecurity budgets. They store sensitive data on students, faculty and research, making them attractive targets. Both students and staff are often untrained in identifying cyber threats which increases the risk of phishing and ransomware attacks. Malware was the most commonly observed action on objective. Second one was the use of legitimate tools for malicious purposes.
Last updated