Mon, Mar 9, 2015

Was Your Industry Affected? See the Top Cyber Targets in 2014

A major data breach can happen to anyone, at any time, in any industry.

In an effort to keep our clients informed and, ultimately, protected every year Kroll carefully reviews case information for U.S.-based clients. Our goal is to bring data breach statistics, trends and observations to light that will help us keep history from repeating itself.

Kroll’s 2014 Year In Review report uncovers these findings and explains the forces we see driving data breach response. This information can be used to protect your business and yourself.

Which industries were targeted most in 2014 and why?

For the second year in a row, data breaches accounted for over two-thirds of all client incidents in the following three industries:

  • Healthcare
  • Business Services (including retail, insurance, and financial services)
  • Higher Education

Of the three industries above, retail is typically a focus of major attacks due to its sheer volume and scale. Meanwhile, healthcare and higher education have become targets of cyber attacks due to the massive amounts of sensitive information they obtain. From grades to Social Security numbers, insurance information to medical records, these industries are an irresistible treasure trove to those with malicious intent.

How were the 2014 attacks carried out?

Although the targeted industries of 2014 remained consistent with last year’s findings, it was surprising to see the shift in the types of breaches experienced. Compared to last year, we saw an overall increase in breaches caused by malicious actors (approximately 45% of all attacks) but only 18% were attributed specifically to hacking.

What can be done to avoid future attacks?

Like any good doctor will tell you, prevention is the best medicine. The same goes for data security especially in light of what we saw in 2014. In fact, while we did see an increase in data loss tied to malicious intent, we also saw a crucial decrease in breaches caused by human error. We believe that awareness around data security has certainly helped bring those numbers down.

What can be done in the wake of an attack?

We also found that the recovery period after an attack is changing. Nearly 58% of consumers surveyed by Kroll indicated they had been part of at least one data breach, but what they had to say about remediation services may come as a surprise. If your company has been the victim of an attack, keep in mind that simple credit monitoring may no longer address the majority of problems your customers might experience.

How to prevent seeing your industry on the top cyber attack 2015 list

There are many steps you can take starting now that will help you in the wake of future attacks. Many of Kroll’s college and university clients stepped up their risk assessment efforts in 2014. They created drills and exercises within their organization to educate employees on what to do during certain incidents. We’ve also helped them set up tools and protocols that will catch human errors as they are made before it’s too late.

For more information on how to prevent cyber attacks, download the full 2014 Year In Review report. You can also subscribe to our monthly Kroll Data Security Insights newsletter to receive timely information on data breach and cyber security concerns.

Cyber Risk

Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.

Incident Response and Litigation Support

Kroll’s elite security leaders deliver rapid responses for over 3,000 incidents per year and have the resources and expertise to support the entire incident lifecycle.