Tailoring security to industries: No "One size fits all"

Verizon Business says security solutions need to be specifically tailored to a particular sector, due to the characteristics of how and why data breeches happen, according to the results of a four-year security study it conducted across four industry sectors.

In financial services there's a greater risk from insiders, whereas other industries have to be worried about being robbed by their partners. Attacks against the financial sector tend to take longer and to be more sophisticated. Discovery of attacks often takes weeks, but financial service organizations generally learn of breeches more quickly than other types of organizations AND demonstrate a "higher level of asset awareness."

High-tech services are, well, complex. Attacks are sophisticated and errors tend to be a contributing factor. High-tech organizations have a difficult time keeping track of information assets and system configurations. Malicious insiders are a big headache, with insider misuse of granted resources and privileges much more common in high-tech.

Retail has a growing problem with attacks on wireless networks that is significantly higher than any other industry. Simple attacks are prevalent and attacks against the industry are largely opportunistic, looking for quick "payloads" of data that can be easily used for fraudulent purposes.

Food and beverage companies tend to get breeched from external sources, with an attacker leveraging a partner's trusted remote access connection as the point of entry into online databases of payment card data. Many attacks exploit point-of-sale systems that criminals use to stage additional attacks and spread malware throughout a chain of establishments.

For more:
- Verizon Business reports its findings on industry-specific security challenges

Related articles
Verizon data security report: Inside jobs uncommon
UCSniff targets VoIP, UC, and the inside job

Suggested Articles

Frontier will pay a $900,000 fine to Washington state after the attorney general's office found it has misled customers about internet speeds.

Nokia has entered the data center switching arena with a new network operating system and intent-based automation and operations toolkit.

RtBrick took the wraps off of two new APIs for its software as part of its efforts to disaggregate hardware and software for telco networks.