How to tailor your cyber security to your sector or industry
Cyber security best practice applies to every business and every sector. However, industries have their own vulnerabilities, and your cyber security strategy can’t be ‘one size fits all’. Some sectors are ‘softer’ targets, some are more lucrative, and some have specific weaknesses that attract or invite cyber threats. Whichever they are, they need a solid defence, and that defence needs to be tailored.
Here are the world’s cyber attacks by sector share, and some sector-specific principles for building a cyber security strategy, using as examples the three most attacked sectors.
Find more statistics at Statista
Cyber Security for Manufacturing
Share of cyber attacks: 24.8%
Why is manufacturing targeted with cyber attacks?
The more that manufacturing processes become a blend of software and hardware, and systems integrate more technology like the Internet of Things (IoT), there more ‘surface area’ there is for attack, and the more disruption an attack can cause.
If an attacker can make a manufacturing process grind to a halt, it’s obvious how costly that is — last year the sector lost £1.3tn to unplanned downtime. If the attacker were, for instance, to hold the systems for ransom, they could be confident that the victim would pay the demanded sum. The chance that a paying ransomware victim (from whatever sector) is then attacked again is 80%.
Strategy and cyber security services for manufacturing
The first step is to take stock of your systems and your vulnerabilities — software, access points, hardware, and networks. Then you can test them, and one powerful approach to that is penetration testing.
Penetration testing uses the same techniques and methods that a cyber attacker would likely use on your systems. By attempting to breach your own system (or having a cyber security consultant do it) you reveal where and what the points of weakness are.
After that, you can reinforce the priority areas.
Cybersecurity for Finance and Insurance
Share of cyber attacks: 18.9%
Why are Finance and Insurance targeted with cyber attacks?
A cyber breach could give attackers access to money, payment details, and personal data. Criminals know the reputational damage and regulatory punishment that financial or insurance businesses could face, and that the victim will want to end the attack as soon as possible to minimise damage and disruption. If ransomware is part of the attack strategy, here’s another example of an industry that may be willing to pay.
Strategy and cyber security services for finance and insurance
As with other sectors, a cyber security review will expose any vulnerabilities. That being said, human behaviour will always present a risk – no matter how technically advanced your security may be. In fact, across all sectors, human error is in some way responsible for 88% of data breaches.
Whether you’re a competing challenger bank or a heritage financial institution, it’s very easy for attackers to use social engineering to trick someone into compromising security. That someone could be of any level, from an ambitious new employee in their first job, to a founder or C-level executive looking to grow their business’s revenue or reputation. For example, one Australian hedge fund was brought down permanently by a cyber attack, after one of the founders clicked a link to a fake Zoom meeting invitation.
You can prevent some high-risk behaviour with awareness training. Take phishing for example — 90% of ransomware attacks start with a phishing email. Would your team know one when they saw it? Some businesses send dummy phishing emails to their teams to a) find out if they would click anything and b) illustrate very clearly how easy these scams can be to fall for.
Cybersecurity for professional services
Share of cyber attacks: 14.6%
Why are professional services targeted with cyber attacks?
Professional services, typically have valuable client data, often from businesses with high turnovers, or even high net worth individuals. Firms also trade on reputation, with referrals and new business depending on the trust they have built. Finally, most professional service firms and practitioners within them will be chartered professionals, members of governing bodies, or both, and face sanctions if they are found to be non-compliant with cyber security rules.
Strategy and cyber security services for professional services
One of the most pressing issues to navigate is the question of remote work. Though hybrid working has undeniably settled as the reality for a lot of firms, many still haven’t adapted their security measures or processes accordingly. For example, in many cases there’s nothing to stop a remote worker from logging on to the Wi-Fi on a train, a café, or a co-working space. Those networks are not secure — 43% of people have had their security compromised through public Wi-Fi, and that should be an unacceptable level of risk for your firm.
A Virtual Private Network (VPN) is always a good idea to protect remote and hybrid workers, and for added safety, you should have endpoint protection in case a VPN fails (or someone forgets to log in to it).
Summary: cyber security for all sectors
Whatever the sector, any business needs to start with the basic building blocks of cyber security. Once you are sure you have those in place, then you can start building a cyber security strategy that’s tailored to your sector and bespoke to your business.
For example, Arc’s managed cyber security services give you ongoing protection, not only by designing protection to fit your business, but also by giving you an ongoing assessment of the threat landscape and your readiness to face evolving threats.