Malicious Email Attacks Target Health Care, Payment Industry

The payment industry, which includes firms like PayPal and Western Union, had middling average ThreatScores in the first and second quarters of 2014.

it security and agari

The health care industry had the worst security score of every industry surveyed in all four quarters, according to IT security specialist Agari’s TrustScore Report.

The report tracks the volume of cyber threats targeted toward any given company’s customers via email, and how well companies are protecting consumers from email cyber threats.

"The most worrisome security issues in the health care industry is that the industry historically has not paid attention to cybersecurity," Patrick Peterson, CEO of Agari, told eWEEK. "It’s that simple, and makes the industry more prone to attacks. We’ve seen this play out in the recent months with the Community Health Systems and Anthem breaches."

Peterson explained that similar to companies in the financial industry, health care organizations have large amounts of personal data that can be sold on the black market, and cyber criminals quickly see the various opportunities.

Six of the 14 major health insurance companies surveyed scored a zero TrustScore rating in the first three quarters of the year. In the fourth quarter, that number decreased to four with zero ratings.

The payment industry – which includes firms such as PayPal and Western Union – had middling average ThreatScores in the first and second quarters of 2014, but saw those numbers spike into the double-digits in the third and fourth quarters.

"The financial industry is in the same boat as health care, in that both industries have large amounts of personal data that, if exposed, could be detrimental to the companies and clients," Peterson said. "Mobile banking just increases the likelihood that someone checking email on their phone will click on a phishing email and end up logging in to a spoofed banking site."

European megabanks experienced a similar surge in email attacks, with their average ThreatScore nearly quintupling to 30.5 in the third quarter, up from 6.3 in the prior period.

Businesses with perfect email security scores -- so-called TrustScore Rock Stars -- almost doubled in 2014. But this was merely an increase from just seven companies to 13 of the 147 companies whose domains were surveyed.

"The industries and organizations in the safe zone are the ones who have implemented security best practices from the beginning," Peterson said. "They understand the need to keep their data and their customers’ data safe, and what the implications of taking cyber security lightly are. Companies are pushing to get standards in place to help protect everyone from cyber criminals."

He explained one of those initiatives is DMARC, which is the only security solution enabling Internet-scale email protection and preventing fraudulent brand abuse for email-borne cyber-attacks.

The TrustIndex contains ratings developed by the company that reflect how fully organizations have deployed three standards (SPF, DKIM, and DMARC) across their primary active domains.