Vertical-specialized attacks: how to stay safe when your industry is under attack
Cybersecurity has always been complex. These unique security challenges come from many places — your products, your digital architecture, or even your industry vertical. In this article, we will address this last point — how to handle the unique security challenges you face because of the specific vertical you operate within.
To do so, we will explore:
- What specialized vertical attacks are.
- Three examples of how cybercriminals target verticals.
- How you can defend your organization against these attacks with a few simple steps.
Vertical-specialized attacks: what they are and why they matter
In the past, most vertical specialized attacks only targeted financial institutions.
But in recent years, two changes have changed this dynamic and caused cybercriminals to expand the reach of their targeted attacks.
- Financial institutions have dramatically improved their cybersecurity and become much better equipped to combat cyberattacks.
- Personal data has become a commodity, and organizations in every industry now perform online payment transactions.
The result: Every vertical has now become a rich target for cybercriminals, including manufacturing, retail, healthcare, transportation, government, and even the world of charities and non-profits. And cybercriminals are now developing customized attack patterns that exploit the unique security challenges of each specific industry.
What’s more, cybercriminals are now creating highly targeted attacks that only focus on verticals in specific geographies. For example, cybercriminals might create specialized attacks that target enterprise-scale retail organizations in the United States only. By doing so, they adapt their attacks to incorporate the unique language requirements and business process knowledge relevant in the US, but don’t apply to a retail organization in France, Germany, or elsewhere.
The trend here is clear to see. Cybercriminals will continue to create more specialized and highly targeted attacks that consider the unique characteristics of your industry. To defend against these attack patterns, you must better understand why cybercriminals might target you, how these attacks work, and how to stop them.
Dissecting this attack pattern: three examples
Let’s take a moment to break down why cybercriminals are currently targeting three verticals and what those attacks broadly look like. We will look at manufacturing, retail and healthcare. While you may operate in a different vertical, you can still gain valuable perspective on these patterns and how to stop them.
- Manufacturing specialized attacks. Manufacturing has become a massive target for cybercriminals. Forrester projects that manufacturing (and retail) will experience the most breaches in 2021. In addition, Verizon’s 2021 DBIR report — which we contributed to — notes that manufacturing has already seen a significant increase in ransomware breaches and malware incidents.These specialized attacks are increasing in frequency and sophistication. They are targeting Operating Technology (OT) — a hallmark of modern manufacturing — to first establish a foothold in the victim’s network, scout their surroundings, gain access to proprietary data, and then sell that IP to competing organizations or nation-states.
- Retail specialized attacks. As noted, Forrester projects retail will see a considerable uptick in breaches this year. The reason is simple — retail has rapidly moved online over the last 18 months. Every brand has made its move, even those that used to only sell through brick-and-mortar stores or distributors.This rapid move to online shopping has significantly expanded the retail landscape, but it has also created many security gaps in many retailers’ digital infrastructure. For example, according to Finder’s personal finance site, online shopping fraud increased by 37% in the first half of 2020, for a total of 40,900 cases (compared to 29,9000 during the same period in 2019).The security gaps that have allowed this fraud and outright breaches will take months or years to fix, during which cybercriminals will continue to target this vertical.
- Healthcare specialized attacks. Cybercriminals showed no mercy in 2020. The pandemic struck. Healthcare institutions began to get overwhelmed with COVID cases. And then, cybercriminals began to target healthcare providers en masse with ransomware attacks. Unfortunately, it does not seem like it’s going to stop anytime soon. Black Book Market Research predicts that cybersecurity attacks against healthcare will triple in 2021.These attacks hit healthcare providers hard. Healthcare collects a massive amount of rich, personally identifiable information, putting this industry at greater risk for a successful data breach than any other vertical. At the same time, healthcare pays the most when they do suffer a data breach. Black Book notes that the average healthcare data breach costs $612 per record — the highest for any vertical for nine years.
Overall, we can expect to see increase in attacks in coming years in industries such as energy, utilities, the public sector & charities. we believe it is due to two primary reasons
- Operational security is moving slower than IT due to its unique challenges and, therefore, a gap to overcome.
- Lack of budget in addressing security measures.
How to stop vertical specialized attacks: few initial steps
While these attacks are highly targeted and customized, they can still be stopped with a few relatively simple actions.
First, you must understand what kind of specialized attacks are targeting your specific industry. You will be able to find data on these attacks through Industry Information Sharing and Analysis Centers (ISACs) or through any credible cybersecurity provider that has ongoing experience within your vertical.
Second, you must evaluate the environment based on risk assessment and understand the crown jewels to be protected. Adoption of a Zero Trust mindset and implementing security strategies using preventive & detective controls to cover people, technology, and operations.
Key pillars of defense in depth strategy include:
- Host security
- Protect privileged access
- Network Perimeter security
- Enable adaptive multifactor authentication
- Usage of secret management tools
- Physical security
- Vendor Management
- Human element.
Third, you must continue to maintain a broad understanding of cyber adversary Tactics, Techniques, and Procedures (TTPs) and continue to perform and maintain the fundamental best practices of IT hygiene and cybersecurity. While vertical-specific attacks are on the rise, general-purpose attacks remain the primary cause of most cybersecurity incidents, and you can’t abandon the basics. Vertically specialized defenses must only be layered on a solid foundation of cybersecurity fundamentals.
Vertical specialized attacks are on the rise, but they can still be stopped with the right information and a few best practices.