Editor's note: This story is part of the Cybersecurity Dive Outlook on 2021, a series on the trends that will shape the industry in 2021. For a look at the business trends affecting other industries, see the Dive Outlook on 2021.
No industry or business is immune to cyberthreats. Yet there are some industries that do a much better job at addressing cybersecurity and mitigation efforts than others.
Industry verticals including finance and healthcare had a head start when it comes to security. These industries were among the earliest targets of cybercrime because of the value of their assets.
Malware and viruses were designed to steal money from banks and insurance data from healthcare. They are also the most heavily regulated industries, which help motivate security control and measurement.
Education, on the other hand, has lagged behind other industries in instituting best cybersecurity practices due to constricting budgets and aging infrastructures. The security problem across all levels of education was highlighted as schools moved from the classroom to the dining room, and most learning began taking place through video.
"Schools, such as the Hartford Public School system, which became victim to a ransomware attack in September, struggled with security due to the speed at which they needed to adapt to remote learning," said Heather Paunet, senior vice president of product and marketing at Untangle, a provider of comprehensive network security.
Threats go beyond industry and target organizations depending on business size. Companies in the SMB category tend to be vulnerable; they may not have the budget for a dedicated IT or IT security staff to put the right protections in place for the business.
However, Paunet said, just because some industries appear safer than others, 2020 showed weaknesses emerge across verticals.
"In 2020, as businesses and educational institutions quickly adapted their IT systems to allow for remote working and remote learning, the speed at which they had to adapt often led to security policies and security solutions coming later," Paunet said. "This left temporary holes in security that IT departments had to fix with VPN technologies, and access policies that they applied later."
Opposite sides of the threat spectrum
The need for cybersecurity isn't equal across industries. While one industry looks like it has a strong system in place, it may not be targeted like other industries.
"The organizations that do best at security are on the opposite sides of the risk or attack surface spectrum," said Brandon Hoffman, chief information security officer and head of security strategy at NetEnrich, a provider of IT, cloud, and cybersecurity operations and services. "By that I mean looking at availability to attack an organization and the benefit for doing so."
For example, manufacturing has a smaller attack surface, and until recently, there was little benefit for hackers to attack factories.
Financial services, on the other hand, has a large attack surface and a high payoff for a successful attack, so this industry has placed a higher priority on security than any other industry.
How industries can improve their security posture
While some industries, by virtue of the assets they hold, are more favorable targets for cybercriminals than others, businesses within every type of industry vertical are at risk of an attack, especially smaller businesses.
A large healthcare conglomerate has the infrastructure in place for high levels of security; they can staff cybersecurity and IT professionals and deploy the latest security tools. A small independent healthcare clinic, on the other hand, can't implement the type of security it needs.
Hackers don't care about the size of the business; they just want the access to the assets and will go after the most vulnerable businesses. That's increasingly SMBs.
Organizations in any industry and of any size can improve their security posture with a simple step: determine what needs protection. But because every industry has its unique assets, there is no one-size-fits-all solution that will work for everybody.
Once you know what assets need to be a high security priority, then investigate what systems others within your industry use.
"This can help companies who don't have big budgets avoid making investments in technology too soon," said Hoffman.
Industries that have blazed a successful trail with security implementation and management are an example to those who are in the early stages of their security system. Sharing that information with others across their industry vertical and with others with similar goals will improve security for organizations as a whole.