In the first half of 2019 alone, several data breaches have already exposed as many as 4.1 billion personal records. We’ve seen even industry giants and low-key players alike succumb to all kinds of data compromise. To date, the top 5 data breach victims of all time include Yahoo (3.5 billion records), the First American Financial Corp. (885 million records), Facebook (540 million records), Marriott International (500 million records), and Friend Finder Networks (412.2 million records).

It’s easy to see that the top data breach victims belong to different industries. What ties them all together is the fact that they have massive databases of personally identifiable information (PII) that any cybercriminal would love to get his hands on.

Should specific sectors be more concerned than others? If so, what organizations are in most need of better data protection and why?

Most Likely Data Breach Targets

According to a 2019 data breach investigations report, organizations in the following industries are most likely to end up as victims:

1. Public sector: In most cases, federal agencies get hacked due to a lack of funding. A 2018 survey, for instance, revealed that 57% of U.S. federal agencies suffered from a data breach that year. The respondents cited the use of legacy systems as a primary reason for the agencies’ lack of protection against attacks. The budget allotted for system and solution upgrades is not enough to afford the offices’ security against ever-evolving threats. As a result, we’ve seen public offices such as the U.S. Office of Personnel Management (OPM) get compromised, exposing the records of 22 million of its current and former employees.
2. Accommodation and entertainment: In the case of hotel chains and media moguls, lax security practices are often to blame for compromise. Add to that the fact that their customers are ripe for the picking since they have enough cash to spend on travel and leisure. Those are the most likely reasons why over the years we’ve seen the likes of Marriott International and the Sony PlayStation Network make news headlines.
3. Healthcare: Hospitals and other healthcare service providers, meanwhile, often get hit by attacks for a mixed bag of reasons. Public institutions likely suffer from a lack of funding like other federal agencies not to mention skilled cybersecurity experts. Several medical pieces of equipment may also cost too much to maintain and sufficiently protect once connected to the Internet. Finally, patient records contain not only valuable financial data but also access to prescription drugs that can be very profitable when sold in black markets.

What Can Organizations Do?

Connectivity is no longer a premium service. Success today is defined by a company’s ability to offer not just the broadest range of services but also be the most accessible and convenient service provider. Unfortunately, achieving those goals can be detrimental if they do not sufficiently secure their networks against compromise.

Organizations need to protect not just against known but also unknown threats. A reactive defense that only allows them to address already-ongoing attacks is no longer acceptable. Instead, they need to mitigate risks by determining the likelihood that anyone who wishes to gain access to their network is an attacker.

One way of doing that is to keep tabs on all potential attack vectors. They need to know as much as they can about the threat landscape, which involves access to a comprehensive source of threat intelligence.

With the help of a threat intelligence platform users can also almost-instantly assess if a website is safe for their employees to access or not. This approach significantly reduces the risks that anyone in the company would fall for a phishing (or other) attack that can lead to a massive data breach.

* * *

So long as organizations fail to protect their networks, we’ll continue to see breaches unfold. Stopping threats from the source is critical. Only with the aid of comprehensive threat intelligence and security solutions can organizations truly realize proactive defense.