These industries were the most affected by the past year of ransomware attacks

After what has been a year of averaging more than a thousand ransomware attacks per day, NordLocker said that data released by hackers shows an unexpected industry at the top.

istock-684061756.jpg

Zephyr18, Getty Images/iStockphoto

Cloud security provider NordLocker has released a report of the 35 industries most hit by ransomware over the past year, and in what may be a surprise to some, the construction industry appears to have been the hardest hit. 

This isn't just any data that NordLocker used to compile its statistics, either. "Most successful attacks might be left undisclosed," NordLocker said, but hackers do release data, and that's what it used to build the report. 

That may be the reason for construction's place at the top: The data in the report isn't coming from the mouths of the companies, but from the data hackers are attempting to sell. But why construction?

"Construction companies are typically in a set of companies that have no technical (IT/Security) teams, which makes them more vulnerable to cyberattacks," said Tiago Henriques, director of security engineering at cybersecurity insurance company Coalition. Those companies are also good targets for financial and wire fraud cybercrimes, Henriques said, because they have a high number of third-party vendors from whom they purchase materials. 

Johnathan Hunt, VP of security at GitLab, said he's seen different trends. "The most hit industry I've personally seen has been healthcare and government, both local and federal," Hunt said, though he also says that visibility is the likely reason for the difference. "There is a lack of visibility or widespread reporting on ransomware in these spaces. Impacts are also isolated to the companies themselves, and don't affect a populace of city residents, hospital patients or bank customers," Hunt said. 

In addition to the construction industry, other heavily hit spheres include manufacturing, finance, healthcare and education, which Henriques said is in line with findings from a 2021 Coalition report on cyber insurance claims, which he said was topped by materials and industrial companies, a.k.a., manufacturing. 

"Nearly all modern industrial and manufacturing companies rely on industrial control systems connected to the internet and disruptions to these systems can be incredibly costly," Henriques said. Ransomware attacks against those sorts of companies are often successful because "bad actors know that causing business disruptions in these systems can be a strong motivator for companies to pay ransom demands to get back up and running," Henriques said.

Regardless of industry, it's essential that businesses know how to shore up defenses against ransomware threats, for which NordLocker has provided several tips:

  • Hire a cybersecurity team, or build a group of internal people who can tackle it. "Only someone who knows how hackers operate can set up the right defenses to protect your business from ransomware," NordLocker said.
  • Establish a backup practice that is smooth and reliable so that, in the event of a successful ransomware attack, you can simply restore systems and carry on. 
  • Email is a common attack vector for ransomware, so be sure you have email security in place that can detect phishing attacks and malicious attachments/links. 
  • Inform law enforcement when you're the subject of a ransomware attack. They may already have a decryption key for the form of ransomware you've been hit by.
  • Take the time to train users in cybersecurity best practices.
  • Make sure all software is kept up to date.
  • Audit your current security measures and practices to find holes, misconfigured systems, and other potential vulnerabilities. Do it regularly. 
  • Set up a response plan, and test it. 
  • Prepare for the "when, not if" of ransomware. "No business is safe from cyberattacks. That's why you have to be proactive when it comes to digital security. Nurture a culture of knowledge-sharing and taking responsibility," NordLocker said.

Henriques said that it's easy to get overwhelmed when your business is the victim of a cyber incident. "Many business owners and teams aren't sure where to start, what to do, and how to keep their business operational. The critical first step is to immediately contact your incident response team, who should be able to respond in minutes, not days, to take risk mitigation steps and begin the recovery process," Henriques said. 

SEE: Password breach: Why pop culture and passwords don't mix (free PDF) (TechRepublic)

Hunt warns not to ignore the specifics (and often detailed implementation steps) of the tips NordLocker provided, and he also has specific advice for network managers. "Test controls for protection against ransomware attacks, evaluate user access and network controls for overly permissive settings and ensure your backups are separated from and protected from the same ransomware attack," Hunt said. 

Also see