Data breaches have become as real as being robbed on the street. The main difference here is losing customer data will lead not only to monetary losses but also to the loss of clients and reputation.

The first step to a solid cybersecurity system is conducting research on possible threats you face. A list of the threats mainly depends on your industry and the types of data you store.

Financial, health, and government information are the most likely to be stolen. This determines which industries are most vulnerable to data breaches. There’s an ongoing argument about the ranking, but the top five industries in the greatest danger of a data breach include:

healthcare

accommodation

the public sector

retail

finance

In this article, you’ll find out what methods are most commonly used to steal data in these industries, what drives the attackers, and what data is most likely to be compromised. Let’s find out if your company is at risk of being breached.

Healthcare

At some point in time, almost one in eight Americans have had their medical information exposed. A key motivator for hackers to breach healthcare institutions is financial gain. Stolen records can be used to gain unauthorized access to medical programs or get prescription medications.

Healthcare organizations tend to suffer from insider threats more than organizations in any other sector. Fifty-six percent of all threat actors in healthcare organizations come from inside, as stated by the Verizon 2018 Data Breach Investigations Report.

Another surprising fact about the healthcare industry is that the most common cause of leaks is human error. Inaccurate actions by employees can lead to data leaking seven times more often than in other industries at risk of cyber attacks.

The Anthem medical data breach will no doubt make it into the history books as one of the most drastic breaches in healthcare. Disclosed in February 2015, this breach affected 78.8 million people. That’s more than the whole population of Germany.

Compromised data included contact information, names, social security numbers, emails, home addresses, and even income information. Hackers broke into Anthem’s database using stolen credentials. Fines and penalties for Anthem amounted to $115 million.





Accommodation

The tourism industry is growing. Hotels collect payment information and private data from customers. Yet they tend to invest a limited amount of resources in computer security and user-based risk mitigation systems. Sensitive data ends up being easily accessible to hotel employees and third-party vendors.

Another disturbing fact is that 96% of all accommodation breaches aren’t discovered for months after the incident. Usually, a hotel becomes aware of an incident due to a law enforcement investigation.

The most typical source of this threat is a third-party organization with access to a hotel’s database. These insiders tend to have complete access to the information stored in a hotel system. Unprotected credit card data, potential financial gain, and absence of monitoring are alluring.

A vacation at a hotel that doesn’t pay attention to its cybersecurity can have unexpected consequences. For example, the data provided by 500 million Marriott Hotels guests was stolen because of poor security practices. The company disclosed this breach in 2018. Hackers obtained unauthorized access to the guest reservation database of Marriott Hotels bought in 2016. The backdoor was undetected until 2018. The leaked information contained client names, emails, phone numbers, passport and credit card numbers, dates of birth.

Public sector



Some researchers put the public sector first on the list of industries affected by cyber attacks. Government data ends up stolen because of espionage or financial gain. Some people attack government databases just for fun – we’ve all heard stories about Russian hackers.

The situation is getting worse because of the lack of investment in cybersecurity. Complex security and monitoring systems aren’t budgeted for, aren’t prioritized, or are seen to slow down an agency.

On the other hand, the majority of agencies report increasing spending on IT security. Hopefully, this will help to solve the problem of data breaches in the public sector.

For now, sensitive and classified records may fall into the wrong hands. The Oregon Department of Human Services disclosed a massive data breach in 2019. DHS’s employee opened a phishing link and revealed his credentials to cyber criminals. Using it, hackers obtained emails and personally identifiable information of 645 thousand people.

Retail

Trade has always been subject to fraud. Our digital century brings digital fraud tools to this industry. Retailers often suffer from DoS attacks on their websites and card skimmers in their stores.

This industry is similar to accommodation – the root cause of data breaches are low security standards. Retailers rely on third-party organizations to provide security services or don’t bother with it at all.

During the past year, 50% of US retailers experienced a data breach. Often, retailers don’t give due regard to storing and monitoring payment data.

That’s why hackers have no problem obtaining customer credit card data. And thanks to fast payment procedures, they can skim stolen money from bank accounts. This makes detecting incidents and cutting losses harder.

One of the most famous data breaches in retail happened because safety rules were disregard. The Target retail chain was attacked on Thanksgiving 2013 – the busiest time for any retailer. Hackers accessed a third-party vendor’s payment card readers, acquiring contact and credit card data of 110 million customers.





Finance

Financial organizations focus extensively on implementing security best practices, which are required by numerous industry standards. Banks are constantly under threat: financial services companies are breached 300 times more frequently than companies in any other industry. And in order to penetrate a bank security system, hackers use much more elaborate methods.

Most breach attempts include web application attacks. It’s especially hard to detect and neutralize these attacks because millions of clients use these apps simultaneously.

Data breach threats pursue financial organizations in the real world as well: crooks install skimmers and card traps on ATMs or simply steal machines.

Financial security has a few alarming trends. Organizations tend to use third-party solutions for enhancing security, store information on cloud services, and use unprotected channels to communicate with customers.

One of the most alarming data breaches in the financial sector happened to Dow Jones. More than 2.4 million records of this company were exposed in March 2019. A third party leaked the data to a public server. The records contained Dow Jones watchlist of risky individuals and businesses. A lot of companies used it for risk assessment and work planning.





Conclusion

Any company possessing sensitive data is under threat of being breached. The risk is especially high if your company belongs to one of the industries most exposed to data breaches.

A good part of data breaches can be traced to insider activity. Whether it’s human error, privilege misuse, or credential theft, you can control such risks. User-based risk mitigation tools like Ekran System will allow you to detect and prevent insider threats in your network.

If an employee uses suspicious software or connects an unauthorized device, a security officer will be notified about it in real time. After the incident, you can analyze the employee’s actions or export records to a protected file for further investigation.

This system will make sure that your company’s procedures comply with the security requirements for your industry.