Why stick with retailers and restaurants when there is a whole plethora of card data being processed in other industries? That is the new mindset of hackers, and from the high-profile Equifax data breach to last week’s hack of British Airways, it is abundantly clear that any industry processing credit cards has become fair game.
And because many of these industries – such as real estate – are not used to being targeted, their networks are poorly secured. According to a recent report prepared by KPMG, 50% of surveyed businesses in the real estate industry believed that they are not adequately prepared to prevent or mitigate a cyber-attack. Today we take a look at some of the “non-traditional” industries with a bullseye on their backs.
The Insurance Industry
According to Property Casualty 360, cyber thieves have made the insurance industry a main target. Accenture reports that on average, the insurance industry has 113 cyber-attacks a year, and one out of every three are successful. In 2012, Nationwide Mutual and its subsidiary, Allied Property and Casualty Insurance Company, suffered a breach where the information on 1.27 million customers was compromised. In 2017, Nationwide was fined $5.5M and agreed to take steps to protect individual’s identities as part of a settlement with 32 states.
The Real Estate Industry
Real estate is a target because of the large amounts of personal data – and often money – that agents handle. In 2017, the FBI warned of the dramatic increase in cyberattacks specifically targeting real estate companies. According to the agency, fraudulent real estate transactions as a result of cybercrime increased from $19M in 2016 to almost $1B in 2017. The number of inbound complaints to the FBI on the topic of cyber-attacks against real estate companies also grew between 2016 and 2017 by 480%.
Commercial real estate doesn’t just have to worry about their own cybersecurity systems but also those of their tenants. Forbes reports:
As smart cities begin to expand, it is becoming essential that real estate developers and investors keep cybersecurity top of mind. Smart buildings can improve building and tenant efficiency, but can also leave company and tenant information vulnerable to attacks.
Credit Reporting Agencies
Equifax made history last year for suffering one of the worst data breaches ever recorded. According to CNNtech, 143 million Americans – roughly half of the country – were affected by this breach. The breach occurred mid-May 2017 until July 29, 2017. Cyber criminals made away with sensitive information including, social security numbers, birth dates, driver licenses number, addresses, and names, as well as 300,000 credit cards.
Many wonder how, a company of Equifax’s size, handling such sensitive data, did not have the proper security measures in place? USA TODAY reports that the data breach was due to an Apache struts vulnerability; Apache Struts is free, open-source software used to create Java web applications. However, there was more than one vulnerability discovered and Equifax has not shared which one caused the breach.
“You would think that somebody like Equifax would go above and beyond the standard security precautions, simply because it’s sitting on such valuable pieces of data and is such an attractive target for hackers,” said Rahul Telang, a professor of Information systems at Carnegie Mellon University.
Many industries experts wonder how they did not find these vulnerabilities sooner, and that if hackers did get into the network, that they would only be able to access limited amounts of data. But to be sure, other credit reporting agencies, after the Equifax haul, are also a prime target for hackers.
This is likely the least surprising of the non-retail, non-hospitality industries that are a fraudster favorite. The British Airways breach, reported last week, has affected the credit cards, addresses and names of 380,000 customers. While the news is still breaking, the company has confirmed that the breach was aimed at its website and app, and that the attack took place between August 21st and September 5th. According to researchers from the threat detection firm RiskIQ, the attack is linked to a criminal hacking gang that has been active since 2015. The group, which RiskIQ calls Magecart, is known for web-based credit card skimming.
P2PE is Key to Protecting Enterprises
Real Estate, insurance agencies, credit reporting firms – ever industry should adopt security initiatives to go from reactive to proactive in the fight to secure customer’s data.
Bluefin specializes in Point-to-Point Encryption (P2PE) for enterprises. Validated by the PCI Security Standards Council, Bluefin’s P2PE suite of solutions ensure that credit card and debit card information is encrypted at the Point of Interaction (POI), so that is cannot be read/decrypted at any point within the enterprise’s network. We call this strategy “devaluing the data” so that if a hacker does ever breach a system or network, the information is rendered useless. Learn more about our fight to devalue the data in our June interview with the Bankless Times or contact us today.