Tripwire has released an interesting infographic that maps out sources of cyber-attacks as well as threat vectors by industry based on Verizon's 2015 Data Breach Investigation Report.
The infographic lists out where cyber-attacks that businesses face come from and which businesses are hackers' favourite targets.
Verizon's 2015 Data Breach Investigation Report had identified trends in attack vectors by industry, singling out point-of-sale terminals (PoS) as the largest source of cyber-attacks that businesses faced. Other major vectors for cyber-attacks were privilege misuse, web applications, cyber espionage, and crimeware.
The three-dimensional data security problem
Based on Verizon's findings, Tripwire has released an interesting infographic, mapping out attack vectors by industry and helping businesses evolve their cyber security efforts to nip vulnerabilities in the bud.
According to the infographic, Point-of-Sale terminals are the biggest targets of hackers as a result of which hospitals, entertainment, and retail industries have suffered. Similarly, public sector organisations, educational institutions, and finance companies have been targeted by crimeware which constituted one in every five cyber-attacks.
Nearly 10 percent of all cyber-attacks were on web applications owned by finance and information firms but cyber espionage attempts on information, manufacturing and professional firms accounted for 18 percent of all cyber-attacks.
This is what happens to your data after a breach
A bulk of cyber-attacks on mining, administrative and healthcare organisations also took place due to privilege misuse.
In April, Verizon released its latest Data Breach Investigations Report in which it noted that among all enterprises affected by cyber-attacks, a quarter of them were financial institutions, 15% were health care organisations, 12% were public sector entities and 15% were related to retail and accommodation.
The report listed out several actions which businesses must employ to ward off cyber-espionage and ransomware attacks. These include changing management systems regularly, training staff to recognise phishing attempts, using two-factor authentication, ensuring physical data security and constantly updating security software with patches and encrypting confidential data.