As we start Q2 of 2024, it almost seems comforting that there have only been 700,095,520 known records breached in 658 publicly disclosed incidents thus far this year. Compared to the 8 billion+ records breached in 2023, the ‘Breach Vector’ must be on the downside, right? Not at all. More attacks are coming and will most likely top last year’s tally.
Cyber criminals never sleep, and there is never a point where they get enough of your money. The battle against cyber threats is a never-ending war. Unfortunately, 2023 was a watershed year for data breaches. Data compromises have surged to an all-time high in the U.S. This is based on data from the first 9 months of the year. Meaning that numbers will only end up higher for the year.
The last time a data breach record was set was in 2021. That year, 1,862 organizations reported data compromises. Through September of 2023, that number was already over 2,100.
In Q3 of 2023, the top data compromises were:
HCA Healthcare
Maximus
The Freecycle Network
IBM Consulting
CareSource
Duolingo
Tampa General Hospital
PH Tech
These breaches illustrate the relentless efforts of cybercriminals to find and exploit vulnerabilities to access sensitive information. Let’s examine the main drivers of this increase and the urgent need for enhanced Cybersecurity measures.
- Surge Size
Data breaches increased significantly compared to previous years – to a staggering degree. Anyone who remains unconcerned with the scale and frequency of these incidents is like the Ostrich with its head buried in the sand. These breach numbers emphasize the evolving sophistication of cyber threats and highlight the challenges organizations face in safeguarding their digital assets.
- Healthcare Sector Under Siege
The escalating number of breaches in healthcare is one of the most disturbing trends. Healthcare organizations are the custodians of highly sensitive patient information. As a result, they’ve become prime targets for cybercriminals. The breaches jeopardize patient privacy. They also pose serious risks to the integrity of medical records. This creates a ripple effect that can have long-lasting consequences.
- Ransomware Still on Top
Ransomware is still #1 with a bullet in the threat landscape, and it’s not just your data they are after. They are wielding the threat of encrypting valuable information, crippling your business until a cryptocurrency ransom is paid. The sophistication of these ransomware attacks has also increased. Threat actors are employing advanced tactics to infiltrate networks and encrypt data, using many different methods to extort organizations for financial gain.
According to Malwarebytes' 2024 State of Malware report, in 2023 the number of known ransomware attacks increased by 68% from the previous year, with the United States accounting for almost half of the world’s attacks.
- Supply Chain Vulnerabilities Exposed
Supply chains have become a focal point for cyberattacks, since modern business ecosystems have an interconnected nature. The compromise of a single entity within the supply chain can have cascading effects, disrupting other connected operations. Cybercriminals use vulnerabilities to gain unauthorized access to the networks of interconnected businesses.
- Insider Threats
External threats remain a primary concern, but the rise of insider threats is adding a new layer of complexity to the already complex cybersecurity landscape. Insiders inadvertently contribute to data breaches through unwitting negligence, lack of security training, or malicious intent. Organizations are now grappling with a challenge. They need to distinguish between legitimate user activities and potential insider threats.
- IoT Devices as Entry Points
One thing that has expanded the attack surface is the proliferation of Internet of Things (IoT) devices – devices that are not network peripherals, like printers and scanners, but are still connected, like HVAC or an automatic coffee machine. Security is often overlooked on IoT devices, and hackers know it. There’s been an uptick in data breaches originating from compromised IoT devices. These connected endpoints provide cyber criminals with entry points to exploit vulnerabilities within networks.
- Targeting Critical Infrastructure
Critical infrastructure has become a target of choice for cyber attackers. This includes energy grids, water supplies, and transportation systems. Think of the Colonial Pipeline ransomware attack a few years ago. The potential consequences of a successful breach in these sectors are often financial, but they can also extend to public safety and national security. As cyber threats evolve, safeguarding critical infrastructure has become an urgent imperative.
- The Role of Nation-State Actors
Nation-state actors are increasingly playing a role in sophisticated cyber campaigns. These attacks are often driven by political motives, using advanced techniques to compromise sensitive data and disrupt operations. This is to advance their strategic interests in the global cyber landscape.
- A Paradigm Shift in Cybersecurity is Necessary
The surge in data breaches reveals the dire need to rethink defensive strategies. Yesterday’s defenses are old, and crooks know how to get around them. It's no longer a question of IF an organization will be targeted but WHEN. Proactive measures include:
Robust cybersecurity frameworks
Continuous monitoring
A culture of cyber awareness
These are essential for mitigating the risks posed by evolving cyber threats.
- Information Sharing and Collaboration
As cyber threats become more sophisticated, collaboration among organizations and information sharing within the cybersecurity community is more critical than ever. Threat intelligence sharing enables a collective defense against common adversaries, allowing organizations to proactively fortify their protections. They do this based on insights gained from the broader cybersecurity landscape.
Protect Your Business from Devastating Data Breaches
2023’s surge in data breaches serves as a stark reminder of the evolving and pervasive nature of cyber threats. There is an urgent need for heightened cybersecurity awareness and robust defensive measures and a commitment to adapt to the ever-changing tactics of cybercriminals.
Need help protecting your business? Give us a call today to schedule a chat.
Frequently Asked Questions
How is ransomware sent?
The single most common way that ransomware is delivered is through phishing emails which tr7y to lure you into clicking on a malicious link or attachment. It is also sent through ‘drive-by’ downloads, exploit kits and RDP exploits.
What devices are IoT?
The list grows every day, and includes basically anything that can connect to the internet: A VoIP phone system, wireless sensors, appliances, wearable health monitoring devices, security systems, factory equipment, the chip in your German Shepherd, your ‘smart commode’ (yes, they are out there), and even your home sprinkler system. The pacemaker Grandpa had implanted is one of these things. So are sensors in your automobile. If you have a smart litterbox (yes, they are out there too), then Captain Fluffymuffin is also (sort of) connected.
Anything that is internet connected with an ability to accept commands is IoT.
What is the biggest cyber threat to the US?
Nation-state hackers are the most serious in terms of the threats the U.S. faces. Russia commits the most sophisticated types of cyber threats, with China coming in at a close second.
What country commits the most cyber attacks?
China tops the list. The rest of the Top 10 can be found HERE.
How secure is your network?
As a reputable member of the IT Support Los Angeles community since 2002, IT Support LA offers a FREE, no-risk network and Cybersecurity assessment. It is a non-intrusive scan that allows us to deliver a comprehensive report that is yours to keep. No strings, and no obligation to ever use our Managed IT Services.
The best defenses are expert Cybersecurity to protect your data from theft, and a top-notch Managed Services Provider to ensure continued reliability and defenses against newly emerging threats.
With our 100% Money Back Guarantee in writing, we offer a risk-free way for prospective clients to try us out. Because we do not require a ‘hard’ contract, our clients can fire us at any time with 30 days’ notice. We have to be good.
Among the Managed IT services we provide:
IT HelpDesk Service
Onsite IT Support
Cybersecurity
Cloud migration and management
Email migration services
Backup and disaster recovery
VoIP phone systems
IT disposition and recycling
Office moves
White label services (IT to IT)
IT Support LA is an award-winning Managed Services Provider (MSP):
o 3 Years awarded Best IT by the Small Business Expo
o Awarded 2nd best company of any type in the US by the Small Business Expo SB100
o Awarded Best IT in California by Channel Futures
o Winner of Best IT in Los Angeles by Channel Futures
o Listed as one of the world’s Top 501 MSPs by CRN and in the top 250 in the ‘Pioneer’ listing
o 4 years listed as one of the Top 501 MSPs in the World by Channel Futures
o Listed as #21 MSP in the World in Channel Futures NextGen 101
o Globee 2021 Bronze Award winner for Chief Technology Officer of the Year
o Globee 2022 Gold Award winner for Chief Technology Officer of the Year
o Named one of 2022’s 50 ‘Best’ businesses in California by UpCity
o Named one of 2023’s 50 ‘Best’ businesses in California by UpCity
o Named Best of IT Services winner by UpCity
o Winner of Local Excellence Award for 2021, 2022 and 2023 by UpCity
o Named Best of Cloud Consulting winner by UpCity
o Certified as Top Managed Services Provider and Cybersecurity Pro by UpCity
o Named Best IT in Los Angeles by Expertise.com.
Get Expert Guidance with an AI Transformation
AI can be a game-changer for your business. That is if you use it wisely and responsibly. By following these tips, you can set up AI rules for your staff. Rules that can help you leverage the power of AI while minimizing the risks. Give us a call today to schedule a chat and take advantage of our FREE network and Cybersecurity assessment.
818-805-0909
