This month we’ll examine the industries and sectors cyber criminals are most likely to target and their motives for doing so. As cybercrime tactics and intentions evolve, it’s more crucial than ever to keep current on the latest developments in cybersecurity. Writing for Investopedia, Peter Gratton reports that “Cybercrime is among the most significant threats to modern businesses—no matter the size of the company or its sector. With damage estimated at $10.5 trillion globally in 2025—enough to make it the world's third-largest economy after the U.S. and China—cybercrime has become an acute and unavoidable business risk that affects every organization with digital assets." With most businesses, sectors and organizations using or migrating to digital platforms, everyone is vulnerable. The average cost of a data breach clocked in at over 4 million dollars in 2024, so pressure is high to identify risks and take preventive action.
To further complicate the landscape, the tactics of cybercriminals are continually evolving alongside industry attempts to bolster security measures. According to Forbes, “Cybercrime is no longer just about opportunistic hackers looking for a quick payday. The modern cyber adversary is highly structured, well-resourced, and increasingly operates like a business.” New strategies are constantly being developed, tested and deployed. From nation-state actors to financially motivated cybercriminals, threat groups are becoming savvy and more sophisticated by leveraging AI-driven automation, social engineering, IoT, weak end user security protocols and cloud vulnerabilities to breach even the best defended organizations and industry networks.
Brandefense reports that cybercriminals target industries with abundant digital assets, high volumes of sensitive personal information, and valuable data related to financial transactions. Healthcare, finance, and retail are particularly vulnerable due to the extensive personal and financial data stored and shared within their networks. Cybercriminals are highly skilled at exploiting weak security measures, launching phishing campaigns and/or planting ransomware. The loss for these companies and sectors is financial and reputational; customers, patients and investors may lose trust in an organization where a data breach or cyberattack has occurred, and the costs of paying ransoms have skyrocketed.
Government agencies, as well as the manufacturing and energy sectors, are vulnerable to cybercrime for a variety of interrelated reasons. Nation-state hackers may try to disrupt essential infrastructure—like electricity and energy—to cause chaos and even potential threat to life while exacerbating geo-political tensions. In previous newsletters we’ve reported on this in relation to the war in Ukraine as well as the Colonial Pipeline attack.
Writing for Forbes, Tony Bradley quotes Adam Meyers, who is head of CrowdStrike’s counter adversary operations, and is sounding the alarm: “After decades of investment, China’s offensive cyber capabilities are now on par with other world powers. They’ve moved from smash-and-grab operations to persistent, stealthy intrusions that are highly specialized.”
In addition, espionage is a major concern for government industries and agencies, as evidenced by recent attacks. While criminal enterprises are evolving, nation-state actors are scaling their operations with unprecedented efficiency, and experts believe this will escalate. CrowdStrike’s 2025 Global Threat Report reveals a 150% increase in China-nexus cyber activity, with some industries—including finance, manufacturing, and media—experiencing spikes of 200–300%.
According to an AP article which cited a 2024 Microsoft report, nations such as Russia, China, and Iran are teaming up with criminal networks to develop hacking strategies and lead cyberthreats against the U.S. The partnership between authoritarian governments and cybercriminals is of great concern to those in national security and cybersecurity.
For countries like Russia, China, Iran, and North Korea, partnering with cybercriminals blurs the lines between legal and illegal activity and offers a myriad of benefits for both, at a great cost to the targets being attacked. Governments have access to resources that can easily bolster cyber activities—both the speed and effectiveness—without incurring financial cost. In short, cybercriminals see dollar signs—new ways of making money under government protections. The report, which analyzed threats between July 2023 and June 2024, noted that foreign actors and cybercriminals use a variety of methods: hacking, malware, spear phishing, and other techniques that target vulnerabilities to gain access and eventual control over the targeted system. To provide a sense of scale, Microsoft says that its customers face over “600 million such incidents every day.”
Data and security breaches in healthcare have made headlines in the past few years as they increase in intensity and severity. Healthcare institutions store extensive personal health records, which are more valuable than credit card numbers on the dark web, representing a real score for malevolent actors. Cybercriminals often infiltrate these records by exploiting unpatched vulnerabilities, weak authentication mechanisms, and outdated software to access sensitive patient data.
Ransomware attacks on hospitals and healthcare companies have surged, forcing organizations to pay substantial amounts to regain system access and continue to provide care. 2024 was a particularly bad year for the healthcare industry led by the ransomware attack at United Health. This attack impacted “crucial payments from insurers to providers for weeks and impacted 100 million Americans.” As more healthcare industries move to online platforms for medical records and payment portals, this sector will be at continued and consistent risk.
Retail businesses, particularly e-commerce platforms, are more vulnerable to data breaches as cybercriminals seek to steal payment and customer information. Vulnerabilities in the supply chain, as discussed in previous newsletters, are also a threat source. Cybercriminals are very good at identity theft, stealing login credentials and gaining access to user accounts to make unauthorized purchases, drain money from accounts, and even log out the legitimate users. One of the underlying problems is “outdated login systems that rely only on passwords” that make an account breach easier. The use of multi-factor authentication (MFA) can help, but businesses remain highly vulnerable to “brute-force attacks and credential theft.”
Attackers are using AI capabilities to hone their tactics, and scams are increasingly challenging to detect. “Deepfake voice and video technology can impersonate executives or customer support agents, tricking employees or customers into sharing sensitive information.” The industry is also concerned that the “anatomy” of attacks is changing, with hackers using AI-powered bots to “enhance credential stuffing attacks by automating and optimizing password-cracking attempts.”
While fraudulent transactions are a huge problem, identity-based fraud is on the rise in models like Buy Now, Pay Later (BNPL). Criminals use stolen or false identities to “make purchases with no intention of repayment.”
Why are criminals targeting higher education—colleges and universities? According to Cyber Defense magazine, here are a few reasons:
It’s critical that cybersecurity strategies continue to adapt industry-wide, and in many cases, compliance becomes a significant issue as well as the first line of defense. Organizations need compliance frameworks unique to their industry’s needs and prepare for the best response in a crisis. Critical infrastructure industries like energy and telecommunications must implement robust security protocols to avoid an impact on providing essential services.
How does CYRIN training and acumen play a role in all this? Whether it’s creating training for any environment, we have all the tools, including AI, the ability to design digital twins, and above all world-class training.
We continue to work with our industry partners to address major challenges including incident response, ransomware, and phishing and set up realistic scenarios that allow them to train their teams and prepare new hires for the threats they will face. Government agencies have been using CYRIN for years, training their front-line specialists on the real threats faced on their ever-expanding risk surface.
For educators, we consistently work with colleges and universities both large and small to create realistic training to meet the environment students will encounter when they graduate and enter the workforce. In an increasingly digitized world, training and experiential training are critical. Unless you get the “hands-on” feel for the tools and attacks and train on incident response in real world scenarios, you just won’t be prepared for when the inevitable happens. A full-blown cyberattack is not something you can prepare for after it hits.
The best time to plan and prepare is before the attack. Our training platform teaches fundamental solutions that integrate actual cyber tools from CYRIN’s labs that allow you to practice 24/7, in the cloud, no special software required. Our new programs, including Digital Twins, can create real-world conditions for you to practice before you must act. Cyber is a team effort; to see what our team can do for you take a look at our course catalog, or better yet, contact us for further information and your personalized demonstration of CYRIN. Take a test drive and see for yourself!