October is Cybersecurity Awareness Month, a collaboration between government and private industries with the goal of raising awareness about digital security and empowering consumers and organizations to protect personal data from cyberattacks.
Created by the Cybersecurity and Infrastructure Security Agency (CISA), the Cybersecurity Awareness Month campaign marks its 20th year in 2023, with the theme Secure Our World. Secure Our World provides simple ways to avoid online dangers when using connected devices, and focuses on four key behaviors organizations and individuals should be aware of:
- Turn on multifactor authentication
- Recognize and report phishing
- Update software
- Use strong passwords
After 20 Years – Cyberattacks Haven’t Stopped
While Cybersecurity Awareness Month brings to light methods and best practices for data protection, individuals and businesses around the globe are still struggling two decades later with the havoc that data breaches and cyberattacks inflict.
Identity Theft Resource Center’s (ITRC) Q3 report for 2023 provides proof that the struggle is real. There were 2116 reported US data breaches and leaks in the first nine months of 2023, passing an all-time high in data compromises set in 2021, with a whole quarter left to go.
Cyber-attacks remained the most common cause of breaches in Q3, with phishing attacks the most popular attack vector, followed by zero-day exploits, ransomware, and malware. Zero-day attacks are on the rise, climbing 1620% in the first three quarters of 2023 versus the whole of 2022.
“While setting a record for the number of data breaches is attention-grabbing, unfortunately, it is not surprising,” said Eva Velasquez, President and CEO of the Identity Theft Resource Center. “There are a handful of reasons for the rise in data compromises, ranging from the drastic uptick in Zero-Day attacks to a new wave of ransomware attacks as new ransomware groups enter the criminal identity marketplace. Now that we have broken the previous annual data comprise record, the question remains: by how much?”
The After Effects of Data Leaks
If it is no surprise that data leaks will continue – 733 compromises in Q3 of 2023 alone, and over 66 million victims affected – the aftermath will indeed continue to be shocking for organizations and their customers.
Just recently, KrebsOnSecurity reported that hackers stole access tokens from a multi-factor authentication and single sign-on technology provider, and gained access to their customer support platform. The hackers responsible had access the platform for at least two weeks before the intrusion was contained. Time will tell just how much damage this organization will suffer, but if the past holds true, it will have a rippling effect.
The financial sector is no stranger to the aftereffects of a data leak. A usual target for compromises, the financial sector topped the list in Q3, with 204. A recent Forbes article reviewed some of the biggest hacks to hit the banking and financial industry to date, with a list of risks and challenges that impacted organizations and their users across the globe, such as:
- Identity theft and fraud – exploiting sensitive data (social security numbers, credit card details, etc.) for fraudulent activities
- Market Manipulation – leaking of sensitive financial information can lead to insider trading and illicit gain for hackers
- Global Economic Impact – breaches can have a ripple effect across the world, affecting trade, commerce and investments
Best Practices for Protecting Data
It is safe to say that cyber threats are here to say, but organizations like CISA will continue to provide resources to individuals and organizations to stay safe online.
Organizations will need to be diligent in securing sensitive data, and cybersecurity experts suggest using methods to reduce the risk of data breaches such as data encryption, zero-knowledge proof technologies, and efforts to reduce human error.
At Bluefin, we believe organizations should protect sensitive customer and payment data by implementing advanced security tools and continuous monitoring to prevent cyberattack attempts. Best security practices should include:
- understanding all of the areas where this data is entered, exchanged, or stored
- Shield data with PCI-validated, point-to-point encryption (P2PE)
- Devalue data with tokens
- Scale all security measures, internally and externally
- Find a partner with a holistic, long-term solution