Most business owners and managers in the United States are aware of the dangers of cyber attacks, and have some form of IT, whether it’s very basic 2FA services or advanced MSP monitoring. While all business should protect their data and store it smartly, it begs the question if all industries are at the same level of risk when it comes to cyber crime.
The answer to this question is actually fairly easy to answer; if your organization stores a high number of sensitive records, the more likely it is that you will face attempted cyber attacks. Historically, the most at risk industries are healthcare, government administration, education facilities, financial and insurance companies, and manufacturing businesses.
The reason that these industries are targeted frequently is because they typically store very high volumes of sensitive records and are often small to medium sized businesses that are more likely to not have the proper resources to prevent or mitigate a security breach compared to well-funded corporate enterprises.
Number of Breaches by Industry
In 2020, Verizon reported they found 228 breaches in education, 448 in finance, 521 in healthcare, 381 in manufacturing, and 146 in retail.
For Q1 of 2020 alone, Risk Based Security reported they found 106 breaches in healthcare, 84 in administration, 72 in finance and insurance, 61 in retail, 54 in manufacturing, and 54 in education.
Unfortunately, our most important industries are the ones that are hit the hardest. Many healthcare facilities have insufficient cyber security despite storing very detailed records of a large number of patients, which are then typically sold on the dark web. Far too many of these breaches occur due to misconfigured databases and outdated software and hardware.
The finance sector suffers as the 2nd highest cost per breach industry while also being one of the most commonly targeted, with healthcare being the 1st. It’s estimated that the average cost per record breached in the financial industry is $210, and $429 per record in the healthcare industry.
In addition to being the industry with the 2nd highest cost, the finance sector also loses a higher percentage of their clients after a breach. On average, businesses lose 3.9% of their customers after a data breach, however, since financial organizations rely heavily on their client’s trust in them they typically see a higher drop off rate of returning clients.
Breaches in Small Businesses
Despite holding smaller amounts of records, small businesses are targeted more frequently than large enterprises simply because many SMBs don’t have proper cyber security measures in place. For a cyber criminal, this makes it much easier to gain unauthorized access to a network either with stolen credentials or through system misconfigurations. It might also take an SMB a lot longer to notice there has been a breach, making it more lucrative for the hacker.
While enterprises suffer vastly more expensive data breaches, small business are often more devastated by their effects. Upwards of 60% of SMBs that experience a breach will close in 6 months or less. This fact is especially worrisome because SMBs suffered almost 30% of data breaches reported in 2020. This figure is significantly higher than SMB breaches reported in previous years, so many experts believe that Covid-19 phishing scams led to many SMB breaches.
Data Breach Prevention
The good news about data breaches is that the vast majority of them are preventable, even for small businesses. While having the proper hardware and software is a large piece of preventing cyber incidents, it’s not enough to keep cyber criminals at bay. Human behavior preventative methods are just as important as having the right equipment, and here are some great examples:
- Cyber Security Employee Training
- Your business is only as secure as your weakest link. Just because you know how to spot suspicious activity doesn’t mean everyone else in your organization does. Cyber security training for employees ensures that everyone gets exposure to possibly malicious content so they know how to react if they actually run into it on the job.
- Recognizing Suspicious Activity
- One of the key measures in preventing cyberattacks is recognizing patterns or indications that someone is trying to gain unauthorized access to the network. This may come in the form of someone attempting to log into an employee account repeatedly, or features and files changing mysteriously.
- Written Cyber Security Policies
- If someone in your organization spots suspicious activity but doesn’t know how or who to report it to, it may not reach the IT department in time. Having well documented protocols that employees know where to find in the event of a possible breach attempt is necessary for well-rounded cyber security prevention measures.
- Granting Only Necessary Privileges
- Privilege abuse is very common in cyberattacks. One of the best ways to avoid a breach of sensitive information is to only give privileges to the user accounts that absolutely need the privileges to get their work done. Keeping moderator controls in the hands of few accounts means a cyber criminal is less likely to compromise a database through just anyone’s account.
How KLH Prevents Breaches
KLH has over a decade in experience in industries such as legal, finance and insurance, manufacturing, retail, construction, and more. Our expert technicians know that different industries have different risks, and tailor their monitoring and prevention approach individually so business owners and managers can go back to focusing on business operations; that’s how KLH makes technology work for you. Contact us at 952-258-8200 or firstname.lastname@example.org to learn more about how we increase system efficiency and security.