Recently published research from FoxTech has revealed the industries that are most at risk of future data breaches. If you want to know which companies have historically suffered the worst data breaches, you can check that out here.
FoxTech found that the five worst industries for cybersecurity and most at potential risk of future cyberattacks are:
- Software development
- Transportation, trucking and railroad
- Civil engineering
Industries scored on several factors
FoxTech’s research involved calculating a “cyber risk” score by combining public information with a range of cybersecurity indicators. These scores were then organised to order each industry analysed by the scale of risk they faced.
FoxTech indicated that industries scoring over 75 were at extreme risk of future cybersecurity problems, while those scoring lower than 25 were at the lower end of the risk spectrum.
Here’s the list from above, but with the scores added:
- Software development – 166 points
- Publishing – 152 points
- Research – 115 points
- Transportation, trucking and railroad – 111 points
- Civil engineering – 102 points
What are the problems in these industries?
Technology news website DIGIT carried comments from Anthony Green, FoxTech’s CTO, regarding the research.
Green said: “We audited hundreds of companies across a wide range of sectors and found that while industries such as banking (cyber risk score 6) and performing arts (cyber risk score 5) are at very low risk of a potential attack, other industries fell woefully short when it came to ensuring their cyber protection was up to scratch.”
Notably, the issue appears to be more of a lack of awareness around how robust one’s IT security systems are rather than a lack of caring about cybersecurity. Nevertheless, FoxTech’s findings are hugely concerning, especially given the industries significantly lacking in preparedness for cyberattacks are among those that are potentially lucrative targets for cybercriminals.
Green’s statement continued: “In many cases, companies will be entirely unaware that the antivirus or endpoint protection software they have invested in simply isn’t robust or far-reaching enough to prevent a cyber-attack from occurring.
“Alternatively, companies might be under the misapprehension that they are safe from attack because they have invested in cloud-based services. Sometimes, a company can be exposed by something as simple as poorly managed user accounts, software that is out of date or inadvertently leaving their database visible to the internet and therefore exposed to hackers.”
Time taken by cybercriminals to act leaves opportunities for prevention
FoxTech also found that the average time between hackers gaining access to IT systems and exploiting it is 207 days. Unfortunately, companies often take even longer than this to identify that a breach has taken place.
Green said this is a clear opportunity for businesses to act quicker. He also said companies should see data breaches as a gradual process rather than something that happens in a moment.
He said: “The fact that hackers are going undetected for more than half a year tells us that there is time to prevent cyberattacks from occurring and an opportunity to protect companies and their customers on a much higher level – so long as businesses are aware of the potential weaknesses in their systems and how they can fix them, even if a hacker is already gathering what they need.
“The best thing to do for any company is to arrange a cybersecurity audit of their IT systems, process and procedures. This won’t necessarily be through their IT provider, but via an independent company that is set up to focus fully on cybersecurity, analysing cybercrimes and data breaches – ultimately an ‘anti-hacker’.”