Every chief information security officer (CISO) faces ongoing threats to his or her company’s assets. While some threats apply to every industry, IT security specialists in the health care, financial services, and energy and utilities sectors need to pay more attention to industry-specific security risks. Although these threats are most prevalent in the aforementioned sectors, businesses across all industries are prone to similar vulnerabilities and should adhere to the same security guidelines.

A Labyrinth of Health Care Security Risks

Electronic medical records (EMRs) are the standard for patient data and highly simplify record storage, updates and retrieval. At the same time, cybercriminals have found an enhanced market for stolen medical records worth as much as $10 per record — that’s 10 to 20 times the value of a credit card record. Medical records typically include Social Security numbers, medications used and addresses that can help attackers in a variety of illegal efforts.

Because the intent of the EMR is to facilitate wide access, CISOs charged with guarding medical records need to protect against endpoint penetration originating from public facilities such as hospitals, clinics, private physicians’ offices, pharmacies and millions of individual patients. Users can gain access through a variety of devices, and a wide range of individuals may access various aspects of a patient’s records for different purposes.

These variations present a labyrinth for security professionals and a playground for cyberthieves. The Health Insurance Portability and Accountability Act (HIPAA) makes CISOs responsible for these data environments, which are open to audit by the Office for Civil Rights (OCR) in the U.S. Department of Health and Human Services (HHS).

The Fourth-Party Threat in Financial Services

The financial ecosystem has become highly complex as digital transactions connect financial institutions with their customers, and those customers connect digitally with their own clients and vendors. This complexity expands the CISO’s range of potential targets beyond traditional third-party relationships to include fourth-party providers of financial data connections.

As the number of relationships escalates, so does the difficulty of monitoring and assessing the vulnerability of each financial participant. The security capability of the service providers handling the third-party’s transactions can impact the security of your customers and potentially expose your data.

The U.S. Federal Trade Commission (FTC) has investigated and taken action against a number of companies that failed to provide adequate protection to their customers. CISOs need to understand their exposures and expand their abilities to evaluate all segments of the financial chain.

Emerging Urgencies in Energy and Utilities

The energy sector is investing heavily in smart meters and intelligent distribution systems. As a result, infrastructure is increasingly reliant on intelligent computing services to manage the power grid from generation to consumption. That reliance on computing networks presents CISOs with new challenges because every node represents a possible entry point for malicious activities. In particular, Internet of Things (IoT) devices such as smart meters may not have the robust security protection needed to defend against persistent attacks and could become gateways to the larger grid management systems.

The stakes are high when it comes to the possible failure of the electric grid. According to Natural News, experts have estimated that a collapse of the U.S. energy grid could kill 90 percent of Americans “through starvation, disease and societal collapse.” CISOs in the energy and utilities sector need to validate all endpoints for secure protection and build sophisticated intrusion intelligence into their operating processes.

All CISOs Should Mind Industry-Specific Security Threats

Every industry has its own set of concerns when it comes to cybersecurity. These examples represent some of the largest and most widely used and, by extension, the biggest targets for cyberattacks. All CISOs need to assume their environments are at risk to the same extent, even if their business doesn’t fall within one of these broadly defined categories.

Learn more about Industry case studies and trends

More from Banking & Finance

Unveiling the latest banking trojan threats in LATAM

9 min read - This post was made possible through the research contributions of Amir Gendler.In our most recent research in the Latin American (LATAM) region, we at IBM Security Lab have observed a surge in campaigns linked with malicious Chrome extensions. These campaigns primarily target Latin America, with a particular emphasis on its financial institutions.In this blog post, we’ll shed light on the group responsible for disseminating this campaign. We’ll delve into the method of web injects and Man in the Browser, and…

PixPirate: The Brazilian financial malware you can’t see

10 min read - Malicious software always aims to stay hidden, making itself invisible so the victims can’t detect it. The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan (RAT) malware that heavily utilizes anti-research techniques. This malware’s infection vector is based on two malicious apps: a downloader and a droppee. Operating together, these two apps communicate with each other to execute the fraud. So far, IBM Trusteer researchers have observed this…

New Fakext malware targets Latin American banks

6 min read - This article was made possible thanks to contributions from Itzhak Chimino, Michael Gal and Liran Tiebloom. Browser extensions have become integral to our online experience. From productivity tools to entertainment add-ons, these small software modules offer customized features to suit individual preferences. Unfortunately, extensions can prove useful to malicious actors as well. Capitalizing on the favorable characteristics of an add-on, an attacker can leverage attributes like persistence, seamless installation, elevated privileges and unencrypted data exposure to distribute and operate banking…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today