Financial services are built on the promise of security and privacy for their clients. With data moving to the cloud and online services being prevalent for financial services, the exposure to cyber crime has never been higher. While FINRA compliance assures financial services protect critical financial data, cyber criminals target ‘soft targets’ as well that allow easier access to critical data, such as email and other applications that employees use. End-to-end pragmatic security measures are therefore necessary to ensure that financial services firms protect not only high value assets but any entry point that cyber criminals may leverage to gain access to data or manipulate fraudulent financial transactions.
Manufacturing enterprises face cyber threats not only to plant and equipment but also proprietary processes, intellectual property, designs and trade secrets. Manufacturing competes across borders and, therefore, attractive to not only profit seeking cyber criminals but also cross border threats looking to obtain valuable information or disrupt operations and supply chains. Increasing automation of manufacturing also makes it reliant on networks and cloud, making plants and processes more accessible to cyber criminals. Networks also control physical plant access and security. In aggregate, manufacturing enterprises need robust end-to-end security across critical manufacturing infrastructure, but also other operational systems and endpoints.
Information technology runs across most industries and enterprises. Information technology is a core asset for companies, and has been the focal point for cybersecurity given the inherent risks and exposure enterprises can have from IT cyber breaches. However, the nature of IT has continued to evolve through cloud migration, BYOD, IoT and other advances. Accordingly, the cybersecurity requirements of IT have changed, and the rate and extent of cyber threats have evolved. IT systems today need a comprehensive end-to-end security approach as point solution optimizations are not adequate. At the same time, given the complexity of IT systems, a pragmatic business specific approach is required to ensure that IT organizations can operate within their business’ parameters while ensuring adequate security on an ongoing basis.
Educational institutions are particularly vulnerable to cyber breaches. Not only do educational institutions hold valuable data – personal information of students and faculty, and research data and intellectual property – but their networks are also connected to a myriad of personal devices. Entering students bring their own phones, computers, game consoles and others that tether on the networks without any software authorization controls or authentication. This makes breaching educational networks particularly attractive for cyber criminals, and the frequency of higher educational institutions getting breached is growing.
Utilities are a critical part of national infrastructure, regardless of size. Even minor disruptions can cause significant repercussions to people, businesses and economies. Utilities are highly visible on networks and exposed to cyber threats. This creates unique vulnerabilities to cyber malfeasance. Whether threats are from profit motive, such as ransomware, or other criminals looking to disrupt infrastructure, utilities need to secure both critical infrastructure and seemingly benign operational endpoints, such as email and applications routinely used by employees.
Federal, state and local governments control large capital infrastructures and transactions, and manage mission critical systems for operating their jurisdictions. Given that most revenue flows and infrastructures are partially or wholly online, they are susceptible to cyber threats. The increasing cyber attacks on local and state government assets are the result of easy access to them by cyber criminals. Whether it is a profit motive, such as ransomware, or more nefarious motives such as shutting down critical utilities or infrastructure, government establishments and infrastructures need cybersecurity more than ever today. Loss of revenue or other collateral damage can result fast with cybercrime, given the large number of people and businesses that rely on government run services and operations every day.
Retail is a much desired and frequent target of cyber crime. As most retail transactions are digital, cyber criminals frequently target PCI data. Credit card and other customer information causes financial loss but retailers also suffer loss of customer confidence and brand reputation. Beyond PCI, retailers POS systems are exposed to cyber crime, and any breach of POS or other supply chain systems can immediately result in financial loss and critical disruptions. Retailers need end-to-end enterprise wide cyber security to obviate cyber threats that can imminently originate anywhere on their networks and partner interconnects.
Telecom by definition is networked and therefore exposed. Cyber breach can originate not only at critical infrastructure nodes but also within everyday applications, personal devices and office computers. Increasingly, telecom is moving to IoT and other connected devices. All these create greater complexity in managing cybersecurity across the entire network and enterprise. Collateral damage from breach of telecom networks can extend to other industries relying on telecom, such as financial services, retail, healthcare and IoT. While many of such breaches can be prevented with cyber technology measures, others such as ‘SIM swap’ require policy and authentication procedures that should be part of cyber security considerations.
Healthcare systems possess data that is now considered more valuable to cybercriminals than financial data. While patient data is considered highly protected and needs to be HIPAA compliant, cyber criminals target the easiest vulnerabilities that can be as simple as email systems or other non-clinical systems. With connected devices, IoT, connected third party services such as billing, labs and pharmacies, healthcare is increasingly exposed to cybercrime. End-to-end security is therefore critical to healthcare, to not only protect patient data, but also systems that provide easier cyber access to other critical information or operations.
Legal information is by definition sensitive information. In the era where information storage and communication is digital, legal firms are exposed to cyber threats as never before. Whether privileged communication or everyday online communication and document sharing, legal information needs end-to-end security measures. With legal firms increasingly relying on cloud services and BYOD, every end point needs to be adequately secured.
The construction industry may not seem an obvious target for cyber threats, but that is not the case. A transient, mostly mobile workforce, information exchange between multiple vendors and parties, and valuable data regarding infrastructure and other projects makes construction a valuable, yet soft target for cyber criminals. Whether it is personal information, business contracts or construction plans, the construction industry needs special consideration in managing cybersecurity as there are many vulnerable points of ingress across devices and systems running on disparate networks across individuals and different vendors.