Data breaches up 72% from all-time high: Cyber ​​incident preparedness must be a priority | Epic

“Protect your data! Breaches are on the rise!” These warnings seem to be everywhere, and rightly so. Threat actors are becoming more sophisticated and new compromise trends are constantly emerging. Awareness alone is no longer enough. It requires a combination of education and action. The latest data breach statistics are alarming and show just how dire the current situation is. Every organization needs to be aware of breach trends and effective ways to limit cyber risks.

Recent data breach statistics

The Identity Theft Resource Center (ITRC) released its 2023 Data Breach Report in January of this year. This gives organizations a better understanding of the current cyber threat landscape, allowing them to anticipate and prepare. The 2023 findings were more shocking than in years past.

Below are some important observations.

• There were 3,205 data breaches last year, representing a 78% increase from the 1,801 reported in 2022.
• The previous record for data breaches was 1,860 in 2021. This means 2023 will be 72% more than its previous competitors and a new all-time high.
• The estimated number of victims of data breaches last year was 353,027,892. This is actually a 16% decrease from the previous year. However, the ITRC explained that the trend continues to be an increase in breaches by organized attackers focused on obtaining specific information, identity fraud, and fraud. This is different from less sophisticated cybercriminals who launch large-scale attacks to see what information they can obtain.
• The healthcare and financial services industries had the most data breaches in 2023, with 809 and 744, respectively. These two industries and transportation more than doubled their reporting year-over-year.
• The number of phishing and ransomware attacks decreased, but only by a small amount. The number of malware and zero-day attacks has increased quite significantly, which can probably be attributed to the massive MOVEit hack that started last May.
• Data breaches via email and correspondence increased by 590%.
• Supply chain attacks have been on the rise in recent years, with a 2,600% increase in organizations affected since 2018. During the same period, the number of victims increased by 1,400%.

These statistics illustrate the ever-growing cyber threat landscape. Organizations must take steps to further prepare. Doing so will allow you to better respond to breaches and reduce catastrophic damage. It can also prevent breaches from occurring in the first place. On the other hand, not taking action before a breach occurs increases the opportunity for threat actors to intercept sensitive business and consumer data. This inevitably leads to legal and regulatory implications, costs, business interruption, impact on customer relationships, and negative public image.

Limiting cyber risk

Targeted attacks are on the rise, increasing the risk of valuable data being intercepted.

Here are six steps organizations should consider as part of their cybersecurity strategy.

1. Maintain a robust investigation and breach response plan to respond quickly and efficiently in the event of an incident. Incorporating information governance into these plans is a way to better prepare because there is less data to intercept when retention controls are in place. Knowing more precisely where your data resides also improves identification, containment, and notification after a data breach. Overall, information governance is an area where there is opportunity to invest in mitigating the risks associated with cyber events.
2. Get information about third-party security controls, breach history, mitigations, and breach notifications. The fact that supply chain attacks continue to steadily increase, and the increased risk of zero-day attacks, makes it more important than ever to thoroughly understand your vendor’s security practices. This also applies to suppliers that are critical to your business, suppliers that may host or hold your data, and suppliers that host or hold sensitive data. Data aggregators, including law firms, pose a threat because they hold data for many end clients, and in the case of law firms, they often hold highly sensitive data for those end clients. It becomes a lucrative target for actors. When a threat actor infiltrates a data aggregator or law firm, it’s as if they were able to infiltrate hundreds of companies at once.
3. Invest time and resources in cyber training, education, and monitoring. Attacks that are usually easy to spot, such as phishing attempts, are now more convincing. Threat actors know what languages ​​to use and have better technology available to aid their attack attempts. Additionally, the exponential increase in exposure through email and correspondence shows how easily everyday communications can be compromised. Simulation exercises against company email addresses and devices are a great way to test training effectiveness and compliance with company security policies.
4. Increase cross-functional collaboration on cybersecurity efforts. Simply put, everyone needs to be on board. Security teams and executives alone are not enough. Include legal, human resources, and risk management in strategy and policy development and ensure these stakeholders participate in regular tabletop exercises.
5. Activate alerts for breaches, industry reports, and cybersecurity best practices through our search engine. This requires a little effort, but it helps you stay conscious. Actions beyond this will be required, but being informed is always the first step.
6. If your organization lacks time or expertise, identify and hire a trusted consultant to support you until you can onboard resources in-house, making MDR and other preventive measures a permanent partner. Consider whether it would be more appropriate to handle

These are just a few tips to help organizations anticipate and overcome cyber challenges. As always, this is an ongoing effort that can benefit from monitoring trends and the expertise of consultants.