The digital world has transformed almost every aspect of our lives — delivering unseen connectivity, productivity, and entertainment. This has become even more relevant with the COVID-19 pandemic that forced us to move many activities online.
While digital transformation is ubiquitous and has brought numerous advantages to the way we work, receive healthcare, manage our finances, and produce goods, it comes with its risks too.
As data in massive amounts gets digitized, it becomes vulnerable to cyber threats — data breaches, ransomware, double extortion ransomware, phishing, supply chain attacks, and more. This is especially problematic for private and sensitive information that, if stolen or locked away, can create serious problems for both companies and individuals.
Previously, there were business areas which traditionally suffered from cyber attacks more frequently than others. Nowadays, this is not the case anymore — any company in any industry can become prey to digital risks, losing valuable data, finances, and, ultimately, client base.
Below is a compilation of the major threats that some of the popular industries face, as well as the top breaches they have experienced in recent years.
Finance and FinTech
A natural contender for cyber attacks is the finance and fintech sector where cyber criminals can obtain sensitive information and extort companies and individuals for hefty ransoms.
In 2017, the American credit bureau Equifax was hit by a data breach that affected 147 million people. The impact on personal information was massive, which led to legal claims against the company. In 2020, Equifax agreed to a global settlement of up to $425 million with the Federal Trade Commission, the Consumer Financial Protection Bureau, and 50 U.S. states and territories.
Many different companies in the financial sector have been prey to cyber threats. Here are just a few examples from the beginning of 2021:
- The investment company Sequoia Capital suffered a data breach revealing investors’ personal and financial information due to a phishing attack
- The payment processor Automatic Funds Transfer Services was hit by a ransomware attack by the Cuba Ransomware group
- The Reserve Bank of New Zealand was affected by a data breach through its third-party file sharing service
- Large-scale cyberattack on Microsoft Exchange servers that affected hundreds of thousands around the world, including the European Banking Authority and Chile’s Comisión para el Mercado Financiero
Manufacturing and Food Processing
The scope of ransomware attacks is widening — and the food processing and manufacturing sectors are not out of it.
In the summer of 2021, the U.S. subsidiary of the Brazilian food processing company JBS — JBS Foods — paid $11 million to a ransomware gang. It’s known as the world’s largest distributor of beef, chicken, and pork and operates across continents. JBS Foods had to stop its operations in the U.S. and Australia after the REvil cyber gang successfully targeted its servers responsible for its North American and Australian IT systems.
While no customer data was stolen, the attack caused the halting of operations for JBS Foods. It resulted in huge financial losses and logistical problems for the company, threatening the food supply chain in Australia and even worldwide. JBS Foods decided to pay the massive ransomware to prevent further spillover and risks to its customers.
As for manufacturing, one of the most notable attacks was the 2017 WannaCry ransomware attack of Renault-Nissan. It caused the shutting down of production facilities in England, France, Slovenia, Romania, and India. The attack was a part of the WannaCry global ransomware targeting Microsoft Windows systems.
Many other major manufacturing companies have suffered different types of cyber threats in recent years. Some of them include the aluminum manufacturer Norsk Hydro affected by the LockerGoga ransomware, the food and beverage giant Mondelez — by the encrypting malware NotPetya, and the space and defense manufacturer Visser Precision — by the DoppelPaymer ransomware.
Software Development and IT Companies
As surprising as it may sound, businesses in the IT and software sectors are not immune to cyber threats either.
A major recent example is the double extortion ransomware attack on the German software giant Software AG. The Clop ransomware gang attacked the company’s systems in October 2020, causing a major data leak.
The company was heavily affected, with its internal systems down — including internal communication and helpdesk. The attackers published employees’ details, internal communication, and financial data on the dark web after Software AG refused to pay the demanded $20 million ransom.
Cybercriminals are using double extortion attacks more and more often. To address ransomware attacks, many companies have adopted backup and restoration processes to protect the locking and deletion of their data. But with double extortion, attackers have a second chance to strike even if a business refuses to pay the ransom. They extract valuable data, which they can then leak or sell.
Healthcare
Healthcare is one of the fields in which cyber threats have been around for a long time. In 2021 alone, the U.S. federal government received incident reports affecting more than 40 million patient records.
Just a few of the largest attacks throughout the year in the U.S. included:
- A phishing attack on American Anesthesiology, Inc. that exposed the personal information about clients, affecting almost 1.3 million people
- University Medical Center Southern Nevada was attacked by the REvil ransomware gang who gained access to the personal data of 1.3 million people
- A ransomware attack on the Georgia health system jeopardized the electronic health records of 1.4 million citizens
Amatas Offers Cyber Threat Protection Across Industries
Cybersecurity has become a priority for businesses in all sectors — but that doesn’t mean it’s easy to take care of it.
Amatas offers the right services for ensuring the cyber threat protection of your company, irrespectively of which industry you’re in. They include Managed Extended Detection & Response for continuous internal and external monitoring and swift incident response, as well as Virtual CISO for strategic management of risks, creating a secure digital workplace culture, and business-enabling security.
Ready to get started with outsourcing your cybersecurity management? Get in touch with us, so we can devise the right security plan for your business.