While it’s easy to see the operational differences between industries, not everyone acknowledges the differences between their IT security concerns. For many, all information security concerns fall under the same umbrella, regardless of vertical, but IT pros know that’s not necessarily true.
While all companies face similar risks, each vertical is impacted by those risks in different ways. Here’s a quick look at those differences and how you can keep them top of mind when developing your security strategy.
Tackle IoT endpoints in healthcare
Healthcare has always been at the forefront of technology. Unfortunately, recent years have also found healthcare to be one of the foremost targets of cyber attacks. Health records are valuable on the black market, and hackers are eager to steal them. In addition to securing sensitive health records, healthcare organisations also face risks posed by all the hospital equipment with network connectivity. This equipment may make patient care easier, but anything with a connection to the internet—from MRI machines to IV drips—can potentially get hacked.
Connected Internet of Things (IoT) devices need close monitoring, and you should limit them to authorised users and systems. Every single connected endpoint in a healthcare organisation—even innocuous or sometimes overlooked devices, like printers—need securing against hackers who will use any opportunity to steal patient data.
In many ways, the healthcare sector has to deal with some of the most difficult cybersecurity challenges of any industry. The data it stores is constantly under attack—as are the connected devices essential to patient care. Healthcare security teams must take a lot of factors into consideration, but locking down endpoints and implementing basic data protection practices can give you a head start.
Protect sensitive data in finance
The financial services industry is traditionally at the head of the pack when it comes to information security. These businesses need to be fiercely protective of their systems to ensure the integrity of transactions and customer data. However, even the most advanced financial organisation is facing new cybersecurity challenges today.
IT security concerns in finance often centre around external connectivity to and from core systems. Many systems underpinning financial services and banking institutions were built many years ago in a completely different threat environment. As such, they’re difficult to secure and need isolation and monitoring. The need for monitoring goes beyond your data centre, though: Due to its sensitive nature, financial data should be monitored at all stages. That means endpoint security is just as critical as network security, as more secure printers and computers with built-in monitoring systems can ensure network traffic moving through them is legitimate.
A recent report by the Financial Services Information Sharing and Analysis Centre found that employee training, network defence, and breach prevention are the major points of focus for 2018 among financial CISOs. Financial cybersecurity experts can use these broad strategies to decide on specific data protection practices, like monitoring networks, securing endpoints, and teaching employees how to identify malicious online activity. With these techniques, you can stop the majority of attacks your financial institution may face.
Secure mobile devices in schools
Schools and universities are facing substantial new IT security concerns. With K-12 schools trending toward mobility by giving students laptops or tablets and universities dealing with bring your own device (BYOD) policies, IT administrators are presented with a large number of endpoint devices that may prove difficult to control or monitor.
In this environment, unauthorised attempts to access confidential data are likely, whether due to malware introduced to the network by a compromised student-owned device, insecure file-sharing practices, or any number of vectors. That’s why educational institutions can benefit from having clear and well-defined BYOD policies in place, just as businesses do. They should also be strict about user training—students often don’t know how to recognise malicious sites or emails, but if they’re going to use mobile technology, they need to learn.
Training can’t solve everything, though, and IT needs to be careful about using as many safeguards as possible. Stringent access control can prevent students from seeing data they shouldn’t, and blocking certain sites on the school Wi-Fi can limit the risk of malicious downloads. Even purchasing more secure printers with pull printing and access control features can keep sensitive data out of the wrong hands.
Schools face security unique challenges due to the nature of their end users. Implementing security precautions wherever possible and using trainings to fill the gaps can help keep educational institutions safe.
Dodge the threats of modernised manufacturing
There’s been an industrial revolution in progress over the last decade. The machines used to make goods are now more connected and efficient than ever. While that connectivity delivers huge benefits when it comes to product quality, safety, and productivity, it introduces some IT security concerns. As factories become more dependent on computerised systems for their operations, it’s critical the digital information driving the shop floor is secure.
What happens when it’s not? Consider the Stuxnet incident. A malware attack caused centrifuges at a uranium enrichment plant in Iran to spin too quickly. The change was so subtle it wasn’t detectable even to someone standing close to the machines, but 20 percent of Iran’s centrifuges were destroyed in the process. Today, manufacturing is dominated by IoT devices—from computerised robot arms to 3D printers—but while these are amazing innovations, cybersecurity needs to be considered. Unless you want to end up the victim of the next version of Stuxnet, make sure the devices used on the manufacturing shop floor have security features built in.
Although many industries face similar IT security concerns, what companies need to focus on most is not identical across the board. Each vertical has its own specific risks and requires individualised security strategies. By taking a close look at what needs to be protected and where your biggest vulnerabilities are, you can keep your company secure—even as cybercrime grows.