law offices of brian c focht cyber security law cybersecurity law

Is Your Cyber Security Up to the Task?

To keep yourself and your business safe – at least as safe as is possible – you need to understand the risks, understand your cyber security’s vulnerabilities, and remain vigilant. No matter who you are, you are at risk.

Understanding the threat means you take it seriously. Taking the threat seriously is the first step in setting up the best cyber security protection for your customers, your employees, and your business in general.

Know the Risks

Largest Data Breaches
in History

(identities stolen in Millions)
0
U.S. Dollars
Cost per Data Breach
0
%
Increase in Mobile Malware
rr
0
Zero-Day Vulnerabilities Discovered (2017)
0
Identities Exposed per Breach - 2018

There’s No One-Size-Fits-All Approach to Cyber Security

Different Industries: Different Threats

Although nearly all businesses have information that hackers may find valuable, the type and profitability of that information varies across the economy. Certain types of attacks are more effective when targeting specific industries. Where are you vulnerable?

cyber security in the hospitality industry

The hospitality industry, which includes hotels, restaurants, and other food service businesses, is a popular target for “opportunistic and financially motivated” hackers. The majority of the victims of cyber attacks in this industry are restaurants, often small businesses with no significant IT resources, but who routinely accept credit card payments for their services. As one would expect, Point-of-Sale attacks are the overwhelmingly most popular choice for attacks in this industry:

Top Data Breach Methods (2018)

Point-of-Sale Attacks 90%
Everything Else 3%
Web Application Attacks 3%
cyber security in education

Universities and other educational institutions are a popular target for hackers, most likely due to their large repository of Personally Identifiable Information and research-driven intellectual property. Interestingly, while not among the top three cyber attack tactics used against educational institutions in 2016, Cyber Espionage was in the top three methods of attack for successful breaches, suggesting that skilled state-actors are increasingly focusing their attention on America’s educational infrastructure.

Top Data Breach Methods (2018)

Everything Else
Web Applications
Misc. Errors
cyber security in finance

A broad category of businesses that includes everything from financial analysts to insurance underwriting, there is one main element in common in this industry: control over money. As a result, it’s not too much of a stretch to figure out why these businesses would be a target for hackers. Unsurprisingly, nearly all cyber attacks against financial and insurance institutions are motivated by direct financial gain.

Top Data Breach Methods (2018)

Payment Card Skimmers
Web Applications
Miscellaneous Errors
cyber security in healthcare

The healthcare industry is a veritable treasure trove of information valuable to hackers. Medical records, usually organized in centralized databases or kept on laptops and tablets, have all the information needed to steal an identity. Focusing only on external actors, however, misses a significant threat – 24% of breaches in 2016 were motivated by personal curiosity.

Top Data Breach Methods (2018)

Misc. Errors
Privilege Misuse
Web Applications
Cyber Security Information Services Software Telecommunications Internet WiFi

With businesses ranging from software companies to telecommunications companies, cloud-based providers to online gambling, it’s not too much of a surprise to see that the most common attacks consist of attempts to disrupt service. As far as actual data breaches, attacks on the Information sector rely on a wide variety of attacks, making the attacks even harder to prevent.

Top Data Breach Methods (2018)

Web Applications
Everything Else
Misc. Errors
cyber security in manufacturing

These are the companies that, per the Verizon 2017 Data Breach Report, “make stuff.” When you “make stuff, there is always someone else who wants to make it better, or at least cheaper.” As you probably imagine, it’s the information these companies have that hackers want. In fact, although only making up 18% of hacking attempts, cyber espionage accounted for 86% of all breaches – of which 91% of the data compromised consisted of industrial/trade secrets.

Top Data Breach Methods (2018)

Cyber Espionage
Everything Else
Web Applications
Cyber Security Information Services Software Telecommunications Internet WiFi

The Professional group comprises a large number of business types that provide business-to-business and/or business-to-consumer services, from law firms and accounting firms to landscape architecture companies and high-tech R&D. Unsurprisingly, spear phishing attacks with financial motivation as well as attacks using stolen credentials were among the most common attacks. Lack of information on the effect of a significant number of incidents – preventing identification of breaches, possibly – suggests the failure to report breaches remains a problem.

Top Data Breach Methods (2018)

Everything Else
Web Applications
Misc. Errors
cyber security in government and public administration

The public sector is difficult to fully analyze, because it is a treasure trove of information. Unlike other sectors, most government agencies are required to report violations, which can create a lot of noise – the fact that a clerk had an unauthorized program isn’t likely to be something that would be reported in other sectors. However, like the Manufacturing sector, the data is interesting for what was tried (see chart), and what succeeded – cyber espionage was the most successful method of actually breaching a public network. Another scary statistic – 60% of the breaches took at least one year to be discovered.

Top Data Breach Methods (2018)

Cyber-Espionage 25%
Everything Else 17%
Privilege Misuse 17%
cyber security in retail

Comprised of both brick-and-mortar and online retailers, the Retail industry as a whole is a popular target for hackers interested in making quick cash. As far as the methods of attack, the prevalence of Denial of Service and Web App Attacks reveals that online retailers are likely to be much more aggressively targeted by hackers, and the most common way online applications are hacked is using customer credentials stolen as part of phishing attacks.

Top Data Breach Methods (2018)

Web Applications 38%
Payment Card Skimmers 36%
Point of Sale 6%

Different Industries, Different Obligations

The threats to respective industries are different, so it only makes sense that different sets of rules should apply. Knowing those rules – as well as who writes and enforces them – is essential for proper cyber security.

Healthcare

Most healthcare providers fall under HIPAA’s rules for securing personal information, but other federal and state regulations may apply in certain circumstances, including payment information.

Financial

The Gramm-Leach-Bliley Act, and subsequent regulations from the FTC, govern the data security requirements for all “financial institutions” – a term that applies to more than just banks!

Legal

While industry-specific laws and regulations will apply to certain law firms, the most pertinent rules will be those promulgated by your applicable state bar ethics committee.

Contractual

Do you have additional obligations imposed by contract? It’s quite possible – especially if you handle data for a client or have a cyber liability insurance policy.

Get the Cyber Security Law Weekly, a publication from the Law Offices of Brian C. Focht, absolutely free, sent directly to your inbox every week!
Law Offices of Brian C Focht Cybersecurity Law Cyber Security Law Resilience Cybersecurity Newsletter

Who We Serve:

We represent businesses seeking cost-effective representation in issues relating to privacy, intellectual property, construction, and professional negligence. Based in Charlotte, we represent clients in state and federal court in any of North Carolina’s 100 counties. 

Contact me today for a free consultation to discuss your goals

P.O. Box 18667
Charlotte, NC 28218

Phone: (980) 202-0704
Fax: (833) 202-0705