Each week in October, as part of Cybersecurity Awareness Month, we’ll publish an article packed with facts and stats, to give you an in-depth look at the state of cybersecurity in today’s world. We’ll start with the basics, then cover vulnerabilities, risks, costs – and much more.
Following Part 1: Hacking Basics of our Hacking the World series, in Part 2 we’re focusing on what exactly is being hacked – from data to devices and applications. And, extending a nod to the impact the pandemic has had, we’ve also included several facts about hacking during times of COVID-19.
Need a refresher of key hacking terms and definitions? Here’s a link to our helpful cybersecurity glossary we published in Part 1.
Jump to a section below, or read on:
Risk Data, Devices & Applications
The data, devices, and applications that hackers target with cyberattacks, and the methods they use to conduct these attacks.
Financial Records Are Vulnerable
Companies collect a treasure trove of sensitive customer data: names, addresses, bank details, credit card information, even medical records. All of this information is readily available to employees and poorly protected more often than not.
This is music to the ears of your average hacker. Financial data is valuable and can allow criminals to carry out any number of fraudulent activities.
The vulnerability and value of financial records explain why finance companies were such a common target during COVID-19. As employees worked hard to soften the ensuing economic turmoil, cybercriminals were busy leveraging phishing attempts, hacking systems, and capitalizing on employee errors.
Globally, the financial sector experienced a 238% increase in cyberattacks from February 2020 to the end of April 2020. Altogether, nearly three-quarters of financial companies were attacked in 2020.
Losing financial records is costly. According to the Ponemon Institute, cyberattacks cost the average banking company $18.3 million in 2020.
Financial Data Leaks: Root Causes
Hackers exploit web applications, miscellaneous errors, and “everything else” (including phishing and social engineering) in 81% of financial data breaches.
According to Verizon data, financial industry breaches are caused by external actors 65% of the time and internal actors 35% of the time. Breaches are financially motivated in 91% of cases — that means hackers are, for the most part, targeting financial records.
There are loads of ways that hackers can steal your financial data. Processor breaches, hacked merchants, hacked eCommerce sites, insider threats, malware, phishing, hacked ATMs, and point of sale hacks (i.e. hacked online checkout portals).
In the financial industry, hackers are making off with customer credentials in 35% of successful hacks and bank details in 32% of cases. At the very least, hackers gain access to PII (77% of breaches).
Healthcare Records Are Valuable
Healthcare records are targeted by hackers because of their high value.
Medical records feature a long list of unchangeable customer PII: names, dates of birth, social security numbers, medical histories, and employment histories.
Hackers can supplement attacks for several years when they obtain medical records, as opposed to other records like payment card information. These records are usually no longer useful after a single fraudulent attempt.
Healthcare Record Exposure: Root Causes
Hacking is the number one cause of data breaches in the healthcare industry. Valuable medical records are the target of hacks in the majority of cases.
Hacking incidents caused 67% of OCR published healthcare breaches in 2020. Hacking was also responsible for 92% of breached records.
This is a prevalent issue that only seems to be getting worse. Verizon notes that healthcare data breaches increased by 58% in 2020. A year that saw 30 million healthcare records exposed in OCR published breaches alone.
So how are hackers stealing medical records? Tenable research notes ransomware is the biggest threat to healthcare data. In 2020, ransomware attacks cost US healthcare institutions $20.8 billion.
Record ID Theft and Fraud Complaints
Hackers can carry out an array of fraudulent activities and different types of identity theft with medical records and financial records. The FTC received a huge increase in complaints in 2020. In particular, 1.4 million complaints were noted as identity theft, while 2.2 million public complaints referenced fraud.
U.S. losses from identity theft increased 42%, rising from $502.5 billion in 2019 to $712.4 billion in 2020. Three types of identity theft were most prominent in 2020: Government benefits applications, credit card fraud, and miscellaneous ID theft (i.e. online shopping/payment account fraud, email/social media fraud, medical/insurance/securities account fraud) accounted for the vast majority of reports.
Which Components Are Vulnerable?
Now let’s take a look at the most vulnerable devices, applications, and systems that hackers can target.
Mobile devices and IoT devices have a high risk of suffering a cyberattack.
Mobile devices often have outdated cybersecurity technology (older versions of Android & IOS are particularly vulnerable). They can suffer malware attacks from malicious apps or smishing attempts. In a Verizon study, 90% of companies suffered a mobile device compromise in 2020 and rated the effect “moderate” or worse.
IoT devices (everyday devices with microchips) may even lack cybersecurity features completely.
IoT devices are another vulnerable technology. IoT describes the “internet of things” — networks of physical objects interconnected with microchips. This could be smart heart sensors, for example, which relay data back to doctors.
What’s more, these devices are wildly unprepared to defend against the threat of hackers. The vast majority of sectors rate their IoT devices as “inadequate” to some degree.
Palo Alto calculates that 57% of IoT devices are potentially vulnerable to hackers. In a Forrester survey, 84% of cybersecurity professionals believe computers are less vulnerable to hacking than IoT.
This explains why hackers are focusing on IoT devices regularly. IoT attacks rose by 35% in 2020 compared to 2H 2019.
IoT: Areas for Improvement
IoT devices lack basic cybersecurity elements that make them vulnerable to attack.
Authentication features are the primary area in need of improvement. It’s simply too easy for hackers to gain access.
Access control features need to be updated, too, while data encryption should be far better.
Top Mobile Malware
Mobile malware is a concern for mobile device users.
Mobile malware can be installed on the user’s device through phishing attempts, malicious ads, or even mobile apps. In fact, 99.9% of discovered types of mobile malware can be found in third-party app stores.
Hiddad malware is the number…