Preventing cyber-attacks is becoming a growing concern, whatever the sector of activity or size of the organization. All the conditions are ripe for the subject to take on even greater importance: the accelerated digitization of business activities, geopolitical tensions on an international scale, and the development of new forms of cyber-attack in line with current technological developments.
What is the current scale of cyber attacks, and which business sectors are most affected? What motivates attackers? What can we expect in terms of cybersecurity in the coming years, and how can we protect ourselves? OverSOC takes a closer look.
Cyber attacks: what are the current trends?
Sophistication and industrialization of cyberattacks
In its report on cybersecurity in the first half of 2023, Check Point Research notes an intensification of cybercriminal activity worldwide, with an 8% rise in weekly cyberattacks over the second quarter of 2023. For its part, insurer Allianz notes a sharp increase in ransomware victims worldwide in the first quarter of 2023.
While phishing and the use of stolen accounts remain the main means of entry for attackers, cyberattacks are gaining in sophistication: renewed spoofing techniques with AI-created deepfakes and deepvoices, the use of fileless malware or polymorphic malware, and so on. This growing sophistication makes cyberattacks more difficult to detect. On the other hand, automation and the development of "Ransomware as a Service" open up the possibility of carrying out cyberattacks on an industrial scale.
Breakdown of cyber attacks by sector of activity: some key figures
While no industry is immune to cyberattacks, a number of trends are emerging. In its " ENISA Threat Landscape 2023 " report published in October 2023, the European Union's cybersecurity agency indicates that, over the period July 2022-June 2023, the most affected business sectors are public administration (19%), healthcare (8%), digital infrastructure (7%), manufacturing (7%), transport, digital service providers, banking and finance. It should be noted that 11% of incidents reported by ENISA do not target any particular sector.
Which business sectors are most vulnerable to cyber attacks?
Banking and finance
The banking and financial sectors are particularly attractive to cybercriminals, with their promise of high profits. The growing exposure of institutions, the increasing digitalization of these sectors and the interconnections between different infrastructures and payment systems make them prime targets.
In a study published in June 2023, software publisher Sophos reports that ransomware attacks against the banking and financial sector increased by 64% in 2023.
Healthcare facilities and medical services
Cyber-attacks on the healthcare sector have the potential to profoundly disrupt the operational capabilities of healthcare facilities, and put patients' lives at risk. Healthcare data are also particularly vulnerable.
In 2022, 432 structures in the healthcare and medico-social sectors reported at least one security incident to CERT Santé, representing a 33% increase on 2021 (source: Agence du numérique en santé).
E-commerce
The exponential growth of online sales makes e-commerce sites attractive targets for cybercriminals, who seek to compromise the security of online transactions and steal customers' payment details.
Operators of vital importance (OIV)
Generally speaking, organizations that play a crucial role in the functioning and security of a country are particularly targeted. In addition to the banking and healthcare sectors, these include the energy, transport and sanitation sectors. And cyber-attacks target not only vital operators themselves, but also their subcontractors, service providers and suppliers.
Local authorities
Cyber attacks on local authorities can disrupt many aspects of daily life and affect many citizens. From January 2022 to June 2023, ANSSI handled 187 cyber incidents affecting local authorities, representing 17% of all incidents handled by the agency over the same period.
What are the attackers' main motivations?
Financial incentives
As Wavestone points out in its CERT 2023 report, "the main motivation for attacks remains financial gain", with ransomware/freeware dominating. While ransomware distribution is one of the best-known activities used by cybercriminals to generate financial gain, other techniques are also used: theft and resale of personal or banking data, fraud, various scams, cryptomining activities, etc. ANSSI also points out that revenues generated by cryptomining activities can be reinvested by malicious actors to improve their capabilities.
Spying
Cyberattacks for the purpose of computer espionage require considerable financial, material and human resources. They are carried out by states seeking to spy on other states, or by major international groups (e.g. industrialists), as part of long-term espionage campaigns.
Sabotage and destabilization
The current geopolitical context provides fertile ground for the development of cyberattacks aimed at destabilization: distributed denial of service (DDoS) attacks, website defacements, data exfiltration and disclosure, etc. This context also requires players in the energy and telecommunications sectors to maintain a high level of vigilance regarding the security of their IT infrastructures. This context is also forcing players in the energy and telecommunications sectors to maintain a high level of vigilance when it comes to the security of their IT infrastructures.
Ransomware, the attackers' preferred modus operandi
Ransomware has been identified by ENISA as the leading form of cyberattack, targeting all sectors. The ransomware modus operandi is now well known: a malicious program is distributed to encrypt data, which will only be returned to its owner in exchange for a ransom. The effectiveness of these malicious programs makes them one of the preferred modus operandi of cybercriminals, with names now famous: Petya, WannaCry, Lockbit, etc.
Ransomware is now particularly sophisticated, and capable of disrupting the operations of any structure, whatever its size or sector of activity. Ransomware-as-a-Service (RaaS) platforms have been developed in recent years. How do they work? Provide "junior" malicious actors with a ready-to-use ransomware campaign. This is what the Conti Group offers, for example.
Some examples of cyberattacks by industry sector
Cyber attacks in the banking and finance sector
- Danish Central Bank, January 2023 (DDos)
- Central Bank of Malta, June 2023 (defacement, DDoS)
- European Investment Bank, June 2023 (DDoS)
Cyber attacks on healthcare facilities
- Center hospitalier de Dax, February 2021 (total costs estimated at 2.3 million euros)
- Versailles Hospital, December 2022
- CHRU Brest, March 2023
Center hospitalier sud francilien (CHSF), August 2022
The cyber attack affected the entire CHSF information system, with the exception of telephony and building operations. The acute phase of the crisis lasted two months. In order to maintain patient care, the hospital chose to restore its information system by securing it. This restoration of the IT system - with the support of mapping - was carried out progressively, in less than 60 days. On January1, 2023, the hospital entered a phase of rebuilding its information system.
What safety measures are appropriate for each business sector?
Sector-specific recommendations
As cyber-attacks become more and more opportunistic, no entity can do without cyber protection. The fundamentals of cybersecurity are broadly the same for all business sectors: map your information system, strengthen authentication, supervise events on your information system, detect and correct IS vulnerabilities, list your critical services, etc. Protecting your entire supply chain applies to all sectors, especially industry, banking and finance.
However, sector-specific cybersecurity recommendations may apply. The Agence du numérique en santé and its CERT Santé, for example, support establishments in the healthcare and medico-social sectors in their monitoring of cyberthreats and incident response.
Certain business sectors are also subject to specific cybersecurity regulatory obligations. This is the case, for example, with the DORA (Digital Operational Resilience Act) regulation for the financial sector. Specific advice can also be given to smaller structures. This is what the ANSSI does in its cybersecurity guide for VSEs and SMEs.
Protecting your data: a cyber security imperative
Data protection is at the heart of all cybersecurity strategies, whatever the industry. Mass migration to the cloud has profoundly changed the way data is stored and shared. It has also changed the way this data is secured. Most cybersecurity initiatives are geared towards this goal: protecting data. Encryption and data classification are now seen as two essential practices for achieving this.
Evolving threats and anticipation: what to expect in the years ahead?
What are the future targets of cyber attacks?
According to Wavestone, the structures affected by cyber attacks are getting smaller and smaller. As large organizations have deployed significant detection and response capabilities in recent years, malicious actors are deploying their efforts towards less well-protected targets (VSEs, SMEs and ETIs, for example).
Improved protection for large corporations also encourages cybercriminals to target different links in the supply chain (suppliers, subcontractors, digital players, etc.) to reach a large target. Securing the supply chain is set to become a major challenge, as is cybersecurity in industry, a sector currently experiencing a spike in cyberattacks.
Prevention: how to stay proactive in the face of emerging threats?
Cyber Threat Intelligence (CTI) plays a key role in helping organizations proactively search for unknown threats and identify suspicious behavior. Organizations can then correlate this data with vulnerabilities in their information systems. This approach requires a thorough understanding of the information system, as well as constant mapping and monitoring. The result: better protection, but also better detection coupled with reduced reaction time when a cyber attack occurs.
The list of sectors most affected by cyberattacks is constantly growing: banking and finance, healthcare, e-commerce, vital operators, local authorities, etc. Every sector of activity needs to be aware of its vulnerabilities, and make cybersecurity a priority. Today, every business sector needs to be aware of its vulnerabilities, and make cybersecurity a priority issue.
Would you like to know how OverSOC can help you protect your organization? Contact us.
