As I meet with customers, suppliers and peers this is a question that is becoming the most asked. “Who is at risk and why?”.
In the information security sector, the world has moved on from the through process of “if” an attack will happen to “when” it happens. So, what sector has the greatest target on its back?
A cyber event or an attack is; a malicious or accidental event to your IT systems, data or technology.
Before I get in to more detail, you need to get a little in to the mindset of the cybercriminal. Who are they, why are they attacking and what is the aim of their attack?
Who are they?
- state-sponsored threat actors – these are often funded by hostile foreign governments
- hacktivists – their purpose is to further social or political objectives
- individual or teams of cybercriminals out for their own gain
Why are they attacking?
- Financial gain
- Data theft
- Large scale service interruption
- Raise awareness of social and political issues
- Individual kudos and
Mostly they want your;
- Business or customers financial information
- Sensitive personal data
- Customers’ or staff email addresses and login credentials
- Customer databases and clients lists
- IT infrastructure
- IT services (e.g. the ability to accept online payments)
- intellectual property (e.g. trade secrets or product designs)
Current reporting is highlighting the following sectors remain at the greatest risk;
- Health, Wellbeing and Social Care
- IT & Telecommunications
- HR & Recruitment
- Manufacturing & Utilities
Emerging risks by sector
IBM Security recently reported that the energy sector has seen a huge surge in attacks, in 2021 24% of all cybersecurity incidents occurred in this sector. That is around 5% more than the other sectors on the common threat list.
The NCSC has recently raised concerns in the construction sector, as they are embracing new technology and digital ways of working they are seen as an easy target. Many have a complex supply chain, using multiple suppliers and contracts as well as handling a high volume of payments and cash-flows. Making this sector a valuable target.
In summary, no sector is safe! Even charities and not-for-profit are targets!
The good news, cyber and information security is not complex, not expensive despite what you might have heard. Preparation and prevention, are you best allies in this battle.
Prepare; preparing a Business Continuity Plan (BCP) and a Disaster Recovery Plan, will ensure will be ready to act if you suffer from an attack.
Prevent; risk assessments and action plans are the best way to identify risk and mitigate this. This can be done through Cyber Essentials Scheme and IASME Governance Certifications. These are government, GCHQ and NCSC backed schemes to protect organisations from the most common cyber threats and loss of IT.