It’s hard to miss the trends that affect the digital threat landscape as a whole. In its 2020 Threat Intelligence Index, for instance, IBM X-Force revealed that they had tracked 8.5 billion breached records in 2019—an increase of 200% over the previous year. The research team placed the blame for the majority of these exposures on misconfiguration events that breached greater numbers of records than incidents in the past. The report’s authors also revealed that phishing was the most frequently used attack vector for initial access attempts and that ransomware preyed upon organizations in 13 industries spread across 12 different countries and five continents in 2019.
That being said, not every organization experienced these threat trends the same way (if at all). Some had vastly different experiences depending upon what industry they’re in. IBM’s report confirmed this fact, as demonstrated by its findings presented below.
The finance sector was the most attacked industry in 2019, thereby marking the fourth year that it’s held the top spot. Overall, it accounted for 17% of all attacks tracked by IBM throughout the year. The majority of these incidents likely traced back to financially motivated actors who were hoping to use a successful attack to steal money. It’s therefore not surprising that this sector saw its fair share of Magecart attacks and banking trojan campaigns.
Not far behind finance was the retail industry as the second most-targeted sector in 2019. Retail organizations were the victims in 16% of all attacks analyzed by IBM X-Force—an increase from 11% a year earlier. As with the finance sector, many attacks in the retail industry involved financially motivated actors. Unlike finance, however, those malicious individuals commonly used point-of-sale (POS) malware and payment card skimming to intercept customers’ payment card credentials.
Transportation was the third most-targeted industry in 2019, according to IBM’s report. It accounted for just 10% of attacks analyzed by IBM X-Force in 2019—down from 13% a year earlier. This sector witnessed intrusion attempts from digital criminals and nation-state actors alike, with nefarious individuals going after PII, payment card details, and other data.
The fourth-most attacked industry in IBM’s report, the media industry climbed from 8% in 2018 to 10% a year later. This sector was similar to transportation in that it witnessed attacks from various types of malicious actors over the year. Indeed, nation-state actors targeted media organizations with the purpose of blunting the effect of negative media on their home countries’ national security, while digital criminals sought to profit off of pre-aired content.
Organizations in the professional services sector also saw 10% of the attacks analyzed by IBM X-Force in 2019. That’s down from 12% the previous year. To get what they wanted, malicious actors commonly leveraged malicious macros hidden within productivity files such as Microsoft Word and Excel. Doing so helped them slip past organizations’ defenses so that they could plant malicious scripts inside their targets’ networks.
The government industry came in as the sixth most-attacked industry in IBM’s report with 8% of the attacks. This industry registered no change in its share of attacks between 2018 and 2019. Nation-state actors, hacktivists and digital criminals all went after government entities in order to disrupt their operations, steal confidential data and state secrets, make off with extortion money and/or use website defacements to make a statement. They used numerous attack vectors in the process. In particular, the security community witnessed dozens of incidents in which malicious actors leveraged ransomware strains to encrypt government entities’ data and demand a ransom.
Education, like the government industry, also saw 8% of all attacks tracked by IBM in 2019. That was up from six percent a year earlier, and like the government sector, malicious actors attempted to target education organizations with ransomware and other types of sophisticated attack attempts. These campaigns were designed to profit from the education industry’s intellectual property, PII and other data.
Tied with government and education, manufacturing also experienced 8% of attacks—down from 10% in 2018. These attacks commonly originated from digital criminals or nation-state actors wishing to steal financial data or intellectual property from their targets. To get what they wanted, these nefarious individuals commonly used business email compromise (BEC) fraud. Malicious actors also leveraged supply chain attacks to prey upon manufacturing organizations.
Energy organizations witnessed just 6% of all attacks spotted by IBM in 2019. As such, this sector saw no change in the share of attacks it experienced a year earlier. While many of those security incidents involved information stealers designed to steal critical data, others resorted to destructive malware such as ZeroCleare for the purpose of disrupting operations by targeting industrial control systems and SCADA assets.
Rounding out the top10, healthcare organizations were the victims in 3% of the attacks analyzed by IBM. That’s down from 6% a year earlier. In this sector, attackers commonly sought to steal stored medical records so that they could monetize them on the dark web. They also sometimes attempted to disrupt medical devices using ransomware.
Resilience Guidelines for Organizations of Every Industry
The findings above highlight the need for organizations in every sector to strengthen their resilience against digital threats. Towards this end, IBM recommends that organizations use threat intelligence to stay on top of the latest threats and implement multi-factor authentication (MFA) to limit the types of attacks that can take hold. They should also build and regularly train on incident response plans.