Gisec 2022: Health care most targeted sector for cyber attacks in 2021, Cisco says

Ransomware was the top threat throughout last year

The rise of phishing can be correlated to the fact that it is a common means of initial infection for cyber crooks employing ransomware, a Cisco study said. EPA
Powered by automated translation

The healthcare industry suffered the highest number of cyber attacks in 2021, with ransomware the leading danger, as bad actors took advantage of the Covid-19 pandemic, a study by Cisco has found.

The rise in cyber incidents were most noticeable in the busiest industries where processes and engagement drastically increased, the study said. These industries were exploited by increasing phishing and assaults on internet-facing applications, which became entry points of attack.

A lack of investment, and possibly time, to orient users amid tight schedules also contributed to an already-weak cyber defence infrastructure, revealed the study, which was released during the Gulf Information Security Expo and Conference in Dubai.

"We anticipated that health care would continue to be a top target throughout 2021 after a spate of ransomware adversaries targeted the industry in late 2020," said David Liebenberg, manager of strategic analysis at Cisco.

"The main reasons adversaries are continuing to target this industry is due to healthcare providers’ often underfunded cyber-security budgets and extremely low downtime tolerance, the latter of which has been exacerbated by the ongoing Covid-19 pandemic."

Cyber criminals tend to be where the action is. In this case, industries that were forced to introduce massive operational changes — health care, retail, hospitality, consumer manufacturing and distribution — were prime targets, Cisco said.

BIGGEST CYBER SECURITY INCIDENTS IN RECENT TIMES

SolarWinds supply chain attack: Came to light in December 2020 but had taken root for several months, compromising major tech companies, governments and its entities

Microsoft Exchange server exploitation: March 2021; attackers used a vulnerability to steal emails

Kaseya attack: July 2021; ransomware hit perpetrated REvil, resulting in severe downtime for more than 1,000 companies

Log4j breach: December 2021; attackers exploited the Java-written code to inflitrate businesses and governments

These sectors witnessed a significant rise in data breach costs on an annual basis, with health care topping the list at $9.23 million per incident from May 2020 to March 2021 — a $2m increase or 27 per cent jump year-on-year, US technology corporation IBM said in a report last year.

Last May, Ireland's Health Ministry was the target of an attempted attack, which forced systems to be shut down as a precautionary measure and came only days after its public health service HSE was victimised. Officials deemed the attack on the latter as an "international criminal operation" and ransomware was identified in both incidents.

Ransomware incidents increased by 151 per cent in the first half of 2021 as the digital economy thrived, the World Economic Forum said in January.

Ransomware was the top threat in the fourth quarter of 2021, the Cisco report said, although compared to previous quarters it made up a much smaller percentage and comprised only 27 per cent of all threats, against the 38 per cent of the previous three-month period.

The third quarter was the only time in which ransomware was not number one — during that period, threats focused on local government.

Phishing, which involves fake emails appearing to come from a reputable source with the aim of securing personal information, such as passwords and credit card numbers, also posted an upsurge in 2021. It can be correlated to the fact that it is a common means of initial infection for cyber crooks employing ransomware, Cisco said.

The main reasons adversaries are continuing to target this industry is due to healthcare providers’ often underfunded cyber security budgets and extremely low downtime tolerance
David Liebenberg, manager of strategic analysis at Cisco

Business email-compromise attacks also rose last year. An attacker typically obtains access to a business account and mimics the owner's identity with the aim of defrauding the company and its employees and stakeholders.

The fraudulent practice siphoned more than $1bn from users in 2020, the US Federal Bureau of Investigation said, and continues to try to swindle users on platforms such as Sony's PlayStation Network and Covid-19-related ones, Cisco said.

Last year “presented different verticals with a number of new challenges, as organisations navigated the complex threat landscape in an increasingly digital world", Fady Younes, cyber security director for the Middle East and Africa at Cisco, said in a note.

"This year, decision-makers must ensure to implement advanced ransomware protection and secure network analytics. It is essential that IT leaders invest in technologies that integrate detection, prevention and response capabilities in a single solution for increased visibility and enhanced actionable insights to improve security."

Updated: March 23, 2022, 4:30 AM
BIGGEST CYBER SECURITY INCIDENTS IN RECENT TIMES

SolarWinds supply chain attack: Came to light in December 2020 but had taken root for several months, compromising major tech companies, governments and its entities

Microsoft Exchange server exploitation: March 2021; attackers used a vulnerability to steal emails

Kaseya attack: July 2021; ransomware hit perpetrated REvil, resulting in severe downtime for more than 1,000 companies

Log4j breach: December 2021; attackers exploited the Java-written code to inflitrate businesses and governments