2021 has been especially challenging for the world of Cybersecurity. One of the main catalysts for this has been the unprecedented explosion in the number of Cyberattacks. What makes this situation so hard to keep up with is that there are new variants of these attacks emerging virtually every day. Cyberattackers have even devised new ways to keep their breaches and digital footprints covert.
In this article, we cover the industries that are popular targets for Cyberattackers and the reasons they are so vulnerable.
Who and What Are the Prime Targets of Cyberattacks?
This is a common question. The bottom line is that just about any business or individual can become a victim of a Cyberattack. Even the targeted device can vary; it might be your hard-wired computer, your smartphone or other type of wireless device. If you have multiple devices, they could all be hit simultaneously, or even individually at various intervals.
But there are certain industries that Cyberattackers like to go after, and they include the following:
- Our own Federal Government: The US Federal Government is infamously known for using extremely outdated technology. Many federal agencies still use unsupported software products, such as Windows 7 and 8. Also, some agencies (such as the Internal Revenue Service) still use mainframe-based components. Because of this, deploying and applying the latest software patches and upgrades has become an impossible task. Worse yet, you simply cannot rip out such legacy systems and install new ones, as there would then be interoperability problems. Because of this, one of the prime directives of President’s Biden Executive Order on Cybersecurity is that the government must, over a period of time, start to replace these aging systems. Also, many of the agencies within the Federal Government have not deployed any sort of endpoint protection, making them highly favored targets in which to deploy malicious payloads.
- The Healthcare Industry: Healthcare is one of the few market sectors that is implementing controls and keeping devices up-to-date, and the driving force behind this is the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Even so, Cyberattackers have managed to hit this industry hard. One reason for this is that there is much more at stake to be captured besides credit card numbers and passwords. HIPPA covers the medical history and other data of individual patients. When this data is hijacked, it is quite possible that the Cyberattacker can gain access to a patient’s medical device (such as a pacemaker) and launch covert attacks upon it. The effects of this can be devastating, such as possible loss of life of the individual if his or her particular device has been remotely tampered with.
- Colleges and Universities: Before Cyberattacks became common in our society, many higher-level educational institutions believed that they would never become prime targets. As a result, they made very little effort to ramp up the level of security on campus servers and the workstations in their computer labs. Consequently, this segment has become a favored target for Cyberattackers. One reason for this is that younger students tend to be much more impressionable, making it is quite easy for them to fall victim to just about any type of threat variant. For example, Phishing emails are often used to lure students into getting low interest loans, or even getting expensive textbooks for free. Also, a newer technique that has evolved are Cyberattackers who claim to be freelancers who promise to writie term papers for literally pennies on the dollar.
- The Recruiting Industry: Of all the segments reviewed in this article, the recruiting industry is probably the easiest one for a Cyberattacker to launch an attack against. One of the main reasons for this is that, even to a trained eye, it is very difficult to tell what is real and what is fake. For example, during the COVID-19 pandemic, many phony and fictitious recruiting websites have been launched, using heisted domain names that make them look like the real thing. Social Engineering tactics are also used quite heavily against this sector, through Robocalls that mimic genuine recruiters. Another technique used more commonly today is “Smishing.” This is when fake, illegitimate text messages with clickable links are sent to mobile devices. If a recipient clicks the link, then his or her wireless device will likely be used in a Cyberattack.
Supply Chain attacks across multiple industries
Another trend that is occurring in the world of Cyberattackers is that of Supply Chain attacks. This is where the Cyberattacker uses one weak spot to infiltrate thousands of devices all at once. This was exemplified by the SolarWinds breach, in which the hacking group deployed their malicious payload onto a single software package that was used by hundreds of businesses, across all industries.