With each passing year, cyber attacks are becoming more and more rampant. But since 2020, one type of virtual attack has been hitting the news more than others: ransomware.
From the U.S. JBS Meat Supplier attack that froze the operation of 13 major meat processing plants to the United Health Services breach that forced medical facility shutdowns, ransomware breaches are growing in frequency and complexity.
With attack after attack making the news, companies everywhere are wondering, “what’s next?” and questioning their own cybersecurity measures. And while there’s no single industry being exclusively targeted, there are some consistently caught behind cybercriminals’ bullseyes.
The Most Targeted Industries of 2021
Over the last few years, certain industries have proved time and time again to be the highest return on cybercriminals’ time investment.
While at-risk industries vary from study to study, some of the most common industries targeted in ransomware attacks are (in no particular order of significance):
- Government agencies
- Small businesses
- Healthcare institutions
- Energy/utility companies
- Higher education facilities
- Other supply chain structured businesses
Why Target These Industries?
There are a few notable things these industries have in common, making them the prime targets for bad actors.
1. They have the money.
In a ransomware attack, the bad actor demands a sum of money to unlock encrypted files or systems. But these types of attacks aren’t easy to strategize and execute. They can take countless hours of open-source intelligence research and digital digging to access the files the bad actors are trying to compromise. Cybercriminals want to make sure they’re getting their money’s worth for their time, so they often go after larger-scale companies who can afford the high-dollar ransoms they demand.
2. They store highly sensitive data.
Companies within the top targeted industries often store confidential data about their customer base or proprietary data about their products or services. Bad actors know that the last thing a government agency needs is a data leak of highly confidential information or an energy company leaking customer’s home addresses, as just two examples.
To these cybercriminals, data is power. Some of these corporations don’t have proper back-ups in place to recover their information without paying the ransom and, even if they did, would have severe financial and reputational repercussions if the data was leaked.
3. Halting their operations for any period of time is seriously problematic.
Oftentimes ransomware attackers target more than static data. They will compromise entire systems, preventing the company from accessing or using certain technology or specific functionality of said tech.
For instance, the 2020 Garmin navigation attack left many of their customers unable to access the features of their fitness application. In the recent United Health Services attack, medical providers couldn’t offer medical services without access to the compromised technology and were forced to stop seeing patients while the attack was being investigated.
Bad actors know that every minute a business can’t operate, it costs them valuable time, money, and reputation. As a result, the victims will often pay the ransom to unlock their systems, knowing the future loss could be far worse than the cybercriminal’s fee for release.
4. They have connections with other juicy targets.
Because cybercriminals want the most return on their time investment, they’ll often go after industries and companies with connections to others. They know breaching one corporation could lead to access to a handful of their subsidiaries or associated brands and partners.
The recent Kaseya ransomware breach is a prime example of how bad actors targeted a single managed service provider (MSP) and gained access to a downstream of up to 1,500 businesses’ information.
“That’s an amplification attack,” Kevin Mitnick said in his interview with CNBC, “What these bad actors are doing is, rather than targeting one company at a time, they’re targeting MSPs — because now these MSPs have customers, and so it amplifies the attack. They’re able to monetize this malware in a more expedient way.”
5. Some don’t have strong cybersecurity measures.
While some of the industries on the list have strong cybersecurity defenses, others could use more help. Small businesses, for instance, often don’t have the resources needed to afford full-time cybersecurity staff, while others don’t understand how to protect themselves. Other businesses may have outdated technology, like fax machines or unpatched software, that’s leaving them vulnerable to breach. This is often a problem for those within the higher education sector who don’t have adequate funding to put security first.
Additionally, some industries simply don’t have formal standards for how to best protect themselves, meaning their security measures are decided independently. The latest cyber attack on the Colonial Pipeline, for instance, now has the U.S. Transportation Security Administration (TSA) issuing mandatory cybersecurity rules for the owners and operators of pipelines. With energy and utilities all interconnected — and recently being targeted by international adversaries — it’s no surprise that the government is trying to standardize cybersecurity for this important industry.
Preventing Ransomware & Other Cyber Attacks
If your business falls into one of these high-risk industries for ransomware attacks, the time to strengthen your cybersecurity is now.
But ransomware isn’t the only way bad actors are targeting your business. In our 5-1/2 Easy Steps to Avoid Cyber Threats, we address threats like ransomware and more — giving you actionable advice for improving your security instantly. Download your copy of the ebook today.