In a digital era where information is currency, a newly released Apple commissioned report sends shockwaves through the cybersecurity landscape. According to the study, a staggering 2.6 billion personal records have been compromised in data breaches over the past two years. Furthermore, many indicators show that the number of data breaches has gotten worse in 2023. This isn't just a statistic; it's a stark reminder of the relentless onslaught that our digital identities face. As stated, this report shows compelling evidence that data breaches “have become an epidemic” that endangers sensitive and personal information globally. The Magnitude of Breach
The study titled ‘The Continued Threat to Personal Data: Key Factors Behind the 2023 Increase’ was conducted by MIT professor Dr Stuart Madnick. It provides a summary of the major data breaches, and highlights some trends. The report shows that data breaches have more than tripled between 2013-2022 - exposing 2.6 billion personal records in the past 2 years alone (1.1 billion in 2021 and 1.5 billion in 2022) - and have continued to get worse in 2023. In the first 9 months of 2023, the number of data breaches in the U.S. have already increased by nearly 20% as compared to all of 2022. For US organisations, this is an all-time high. This trend of sharp increases in data breach can also be seen globally. The report also shows that attacks targeting cloud infrastructure nearly doubled from 2021 to 2022. According to a 2023 report, over 80% of data breaches involved data stored in the cloud. This occurs as (1) there's a mass migration of data to the cloud due to the various benefits it offers, and (2) as cloud services are based on new technology, cloud misconfigurations caused by errors that expose a cloud environment, tend to occur. According to the NSA, “cloud misconfigurations are the most prevalent cloud vulnerability”. In this report, a list of examples of major data breaches that occurred globally in 2023 were compiled. For instance, in Asia Pacific, Toyota (cloud misconfiguration) led to over 2.15 million customers’ location data over 10 years being compromised, PhilHealth in the Philippines (corporate ransomware) led to over 13 million customers’ personal data being compromised, and Latitude Financial (vendor exploitation) led to over 14 million customers’ personal data being compromised. To read the study in full, here’s the link: The Continued Threat to Personal Data: Key Factors Behind the 2023 Increase Key Factors That Contributed to The Increased Threat to Personal Data: 1. Ransomware attacks have increased in quantity and are more dangerous than ever. In 2023, ransomware attacks increased quantitatively like never before, and have become more sophisticated and aggressive. This is easily reflected in which it was found that more ransomware attacks were reported through September 2023 than in all of 2022. Additionally, in the first 3 quarters of 2023, the number of ransomware attacks increased by nearly 70% as compared to the first 3 quarters of 2022. Furthermore, hackers are becoming more organised, often through ransomware gangs. Hackers are relying on more sophisticated tools including generative AI, have higher budgets and on more efficient organisational structures. Ransomware gangs behave like companies - crafting a public web presence, providing customer service, and offering opportunities to other threat actors to rent out ransomware software. Cyberattacks have also become more threatening, and more likely to target organisations with sensitive data - e.g. healthcare facilities, education institutions, governments. Unlike before, hackers have shifted their strategies to cause the most harm possible. They are now more likely to leak corporate and consumers’ personal data when a ransom is not paid. This shift has caused ransomware attacks to be detrimental to consumers, as their data has been exposed more often. To make things worse, it has been found that in recent years, hackers are more likely to leak data even after receiving a ransom. Hence, even if organisations did pay the ransom, it is often not enough to protect consumers. 2. Cyberattacks On Vendors Are Increasing. Attacks on vendors often lead to many other organisations that depend on these vendors being data breaches. As virtually every organisation globally relies on a wide range of vendors and software for daily operations. In many cases, these vendors are small or medium sized companies that do not have sufficient resources to allocate to security. Hence, vendor attacks can impact virtually all organisations, even those with the strongest security measures. This is evident from the report which shows that 98% of organisations that work with a vendor that experienced a data breach in the last 2 years. The wide-reaching impacts of a vendor attack can be seen by the MOVEit transfer service data breach. In which, an unpatched vulnerability led to hackers compromising the data of organisations that utilised their service and steal sensitive data from their customers. The hackers were able to infiltrate more than 2,300 organisations globally (this included private companies such as Shell, IBM, government entities and contractors, financial & public institutions), and more than 65 million individuals have been impacted so far. A Call For Action: End-To-End Encryption This report highlights the prevalence of data breaches and the detrimental consequences these will have for individuals. Therefore, keeping personal data safe must be at the forefront of organisations’ priorities. This message is further brought back to home as recent cyberattacks have shown that organisations can only be as secure as their “least secure link”. This is why, in the last year, technology platforms and other industry players have expanded the use of end-to-end encryption. This is a method in which companies can protect their data by ensuring that only the sender and receiver can access and modify the data. Hence, it protects sensitive information such as personal and financial information. Navigating the Digital Storm As individuals and businesses grapple with the repercussions of this data breach tsunami, the report serves as a guidepost. It not only elucidates the scale of the challenge but empowers readers with insights to fortify their defences. Cybersecurity is no longer a luxury; it's a necessity. Let us navigate the digital storm armed with knowledge, fortified by encryption, and united in our commitment to a more secure digital future. Related Topics 26 Billion Records Compromised in Huge Data Leak - dubbed as “Mother of All Breaches”. Unmasking Phishing: Your Guide to Spotting The Signs of Phishing The Rise Of Phishing: Safeguarding Against Digital Deception Protect Yourself: Best Practices to Combat Phishing Attacks Comments are closed.
|
Archives
June 2024
Categories
All
|
© 2021, TAFA HOLDINGS (S) PTE LTD. ALL RIGHTS RESERVED
|