Hospitality and healthcare 'lag behind' in cyber security
Despite their nature as top targets for hackers, the hospitality and healthcare sectors are among the world's most laggardly when it comes to cyber security awareness.
This is according to an expert from the Sans Institute, who told Computer Weekly last week (November 18th) that understanding of cyber threats is still "in its infancy" in Europe and around the world.
Lance Spitzner, who serves as training director for the organisations' Securing the Human programme, said in an interview with the publication: "We are starting to see increased interest, but mainly from the financial, government, defence and manufacturing sectors, because they have the most to lose from being hacked."
He then highlighted hospitality, healthcare and retail as three of the sectors with the poorest cyber defences, even as the volume and severity of attacks against these industries increases.
Retailers, for example, are regularly targeted for the credit and debit card numbers they handle - particularly in the US, where chip and PIN has not been widely adopted. The hospitality sector is often attacked for similar reasons, with hotels storing vast repositories of payment card data in order to complete bookings.
In healthcare, meanwhile, medical records are an attractive target for hackers thanks to the wealth of fraud opportunities they present when sold on the black market. In September, researchers from Websense told MIT Technology Review that recorded attacks against hospitals had ticked up 600 per cent in the past ten months alone.
According to Spitzner, one of the biggest challenges in cyber security today is the prospect of educating employees to be on their guard against social engineering, with phishing in particular representing a major threat to organisations' data.
"Understanding of the importance of the human factor in information security is now at the level that understanding of the importance of cyber security in general was about five years ago," he commented.
This lack of knowledge underlines the need for robust authentication and authorisation rules to protect data accessed through compromised accounts, as well as comprehensive logging so that illicit activity can be detected at the earliest convenience.