10 Most Vulnerable Industries To Cyber Attacks

In a digitally connected world, all organizations are vulnerable to cyber attacks regardless of size. Some are just more attractive targets than others.

May 2022 marks the one year anniversary of the massive cyber attack on energy pipeline operator Colonial Pipeline. The attack subsequently led to widespread fuel shortages along the East Coast. The investigation by the US Department of Transportation’s Pipeline and Hazardous Materials Safety Administration (PHMSA) concluded that management failings at the company are ultimately responsible, resulting in a possible $1m civil penalty.

The Colonial Pipeline attack alerted the public to the destructive power of a single, well-targeted attack. The incident demonstrated how it can bring critical infrastructures, in government and business alike, to its knees.

While the attack has become a wake-up call for most organizations, there are still 29% of companies surveyed across the globe who believe “that won’t happen to us”. These days, your business does not have to be an industry giant like Colonial Pipeline to be a target of cyber criminals.

In a digitally connected world, all organizations are vulnerable to cyber attacks regardless of size. Some are just more attractive targets than others. Here are the top 10 industries that are most in danger from digital assaults according to the 2021 X-Force Threat Index Report.

1. Finance and Insurance

Roughly 28% of attacks on finance and insurance were server access attacks, and 10% of attacks involved ransomware.

Since 2016, the finance and insurance sector has been ranked as the most-attacked industry, a position it continued to hold in 2020. Financial institutions experienced 23% of all attacks IBM X-Force analyzed in 2020, up from the 17% of attacks the sector experienced in 2019.

2. Manufacturing

21% of ransomware attacks targeted the manufacturing sector. Remote access trojan and BEC (Business Email Compromise) attacks happen 4X more in manufacturing companies than in any other industry. BEC is an exploit in which an attacker obtains access to a business email account and imitates the owner’s identity, in order to defraud the company and its employees, customers or partners.

3. Energy

The 3rd most attacked industry suffered roughly 35% of attacks consisting mainly of attempted data theft and leaks. Server access attacks on the energy sector hit organizations hard in 2020, and this industry came in fourth place after health care for the highest number of such attacks.

4. Retail

36% of attacks on retail were credential theft; 18% of attacks on retail were ransomware. As the fourth most attacked sector, retail is a hub of credit card payments and other financial transactions, making it a lucrative target for malicious threat actors.

5. Professional Services

35% of attacks on professional services were ransomware attacks — a higher percentage than any other industry suffered; 13% of attacks on professional services were data theft and another 13% were server access attacks. Professional services holds the same rank as last year, maintaining its attractiveness to attackers because of the confidential data they typically hold on people.

6. Government

More than one-third (33%) of attacks on government were ransomware — the second highest percentage out of all industries; 25% of attacks on government were attempted data theft and leaks.

The public sector — including defense, public administration and government-provided services — receive 7.9% of all attacks on the top-10 industries. This places the government sector on the same spot as last year’s ranking, suffering 8% of attacks across the list of top 10 most vulnerable industries.

7. Healthcare

Healthcare saw 28% of ransomware attacks during an especially stressful year with 17% of the incidents involving CVE-2019-19781, a risky vulnerability in the Citrix Application Delivery Controller.

In terms of its ranking, healthcare is up three places from its former number ten spot for having absorbed 6.6% of all attacks on the list. This significant jump is attributed to the COVID19-related ransomware attacks targeting research and treatments. These types of threats continue to affect healthcare and health research organizations today and should signal heightened vigilance.

8. Media and Information Communications

90% of malicious domain name system (DNS) squatting targeted the media, the most spoofed industry. This sector includes telecommunications and mobile communications providers, as well as media and social media outlets that can play a critical role in political outcomes, especially during election years.

Media is targeted by 5.7% of all attacks on the top 10 industries — down from fourth place last year.

9. Transportation

The transportation sector experienced 5.1% of all attacks, down from 10% from the previous year. 25% of attacks against transportation in 2020 involved a malicious insider or misconfiguration. Transportation significantly dropped from its top 3 ranking and now placed ninth. The travel bans of the last two years could be attributed to the decrease in attacks.

10. Education

50% of the attacks on education in 2020 were spam or adware while 10% were ransomware. The education sector suffered 4% of all attacks on the list, moving down from seventh place when it previously received 8% of all attacks.

Although the education industry saw a smaller portion of attacks overall, it remains a vulnerable sector because security budgets are limited where risks are at the highest. This is due to its decentralized network of students and staff accounting for a large attack surface, making it an easy target for cyber criminals.

Does your industry belong to the Top 10 Most Targeted List?

Business operators must assume that in a digitally connected world, cyber attacks are no longer a matter of “if” but “when”. UDTSecure provides its security team and SOC capabilities to enable a 24/7 solution that is fully-integrated into your infrastructure and applications, all as a single service.

24/7 Monitoring & SOC

Threats never take a break, and neither should your security operations solution. UDTSecure provides continuous monitoring and immediate alert and response to security events, with SOC capabilities through a comprehensive interface.

Fully-Integrated Solution

Our managed services and SOC solutions are fully-integrated into your IT infrastructure and applications, giving you a single, comprehensive, centralized approach to security operations.

Accomplish More With UDT

Get your custom solution in cybersecurity, lifecycle management, digital transformation and managed IT services. Connect with our team today.

More to explore

2024 Will Test Cybersecurity Leaders: Is Your Company Ready?

Experts say new AI-driven threats and an election year will spell trouble for companies.

K12 Budgeting: Planning Your 1:1 Device Refresh Program Cost

As K12 education evolves, managing 1:1 device programs effectively is crucial. These programs, providing each student with a personal computing device, play a pivotal role in modern education. Success demands strategic planning, communication, foresight, and a holistic approach to device management. With digital learning on the rise, these devices are more than just tools for accessing information; they are platforms for interactive, core learning experiences. However, funding remains a significant hurdle, making effective budgeting for your device refresh program essential for optimizing ROI and device longevity.

Crafting a Futureproof 1:1 Device Strategy for School Districts

In the evolving landscape of Education Technology, crafting a futureproof 1:1 device strategy is crucial. This strategy should link every student, teacher, and administrator experience with specific device specifications. The integration of educational apps into the curriculum can significantly enhance the learning environment. These apps, tailored to the needs of students, can provide interactive content, fostering a dynamic learning experience.

Optimizing Your K12 Tech Investments: Funding 1:1 Device Programs

This blog will guide school districts grappling with the financial and resource demands of implementing a successful 1:1 device program amid ongoing challenges of budget constraints and competing priorities. Our guided workbook, created in partnership with Intel, provides further support with personalized roadmap on “Pathways to Innovation: Building a Sustainable Digital Learning Environment”.

K12 Cybersecurity: How to Secure 1:1 Devices in Your School District

This blog post delves into the importance of security, cybersecurity, and data privacy in school districts implementing 1:1 device initiatives. It offers basic steps for evaluating, planning, and executing a security strategy. Our guided workbook, created in partnership with Intel, provides a personalized roadmap on “Pathways to Innovation: Building a Sustainable Digital Learning Environment”.

Lost & Stolen Devices are a Serious Data Security Threat—Here’s Why

Since the pandemic, remote and hybrid work has become the norm. While mobile devices and remote workstations have empowered great flexibility, it has also led to an increase in data security problems due to lost, misplaced, or stolen devices. Find out how remote and hybrid setups are contributing to this problem and how to protect yourself and your organization.