Summary Bullets:

• Not surprisingly, organizations often apply similar security protections and practices to those employed by their industry peers to safeguard what are often very comparable assets, leaving them equally vulnerable or well-protected depending upon the effectiveness of their controls.
• While cyber attackers target certain industry-specific, high-value assets such as a manufacturing company’s intellectual property (IP), many of the breaches involve the theft of less valuable resources that are more often left exposed to risk.

Just as enterprises in every industry tend to share some analogous traits in how they do or do not effectively leverage IT to advance their particular business agendas, organizations within the same vertical tend to use data security strategies similar to those their counterparts use to safeguard equivalent assets.  Thus, it is not all that surprising to see some vertically specific security breach trends that highlight gaps in industry-wide security practices.

Verizon’s recent breakout of data breach statistics along vertical lines highlights the vulnerabilities particular to organizations in specific verticals.  The statistics, culled from Verizon’s annual Data Breach Investigations Report published earlier this year, show that organizations in the accommodations and food industry are particularly exposed to attack.  This market segment has suffered more breaches than any other vertical for the last two years running.  The industry’s point of sale (POS) terminals are especially susceptible to attack.

Retail and healthcare entities also face a similar exposure at the POS terminal, as cyber attackers go after low-hanging fruit.  In many cases, the POS systems are managed by third parties that often fail to implement even basic controls necessary to protect data on the systems.  Thus, a cyber attacker can exploit openings such as the failure to change a default password to access a system.

Companies in the financial and insurance industry have a reputation for being better equipped to fortify their assets against attack.  However, the value of their assets makes these companies very attractive targets.  Hackers use sophisticated methods such as application-layer attacks to breach the financial services firms’ defenses.  Devices such as ATMs that are physically exposed are also vulnerable to attack.

How do you think your industry is positioned against potential threats as a whole?  Do you think your own organization’s security measures exceed those of your peers?