Last year saw a nearly 80% surge in data compromises compared to 2022, with 3,205 incidents recorded, according to a report from the Information Theft Resource Center.
Despite the surge in breaches, the number of victims impacted saw a 16% decline from 2022, totaling 353,027,892 individuals.
The ITRC's 2023 Annual Data Breach Report also shed light on significant shifts in cybersecurity threats, revealing a doubling in breach notices lacking specific attack details.
Just 54% of notices provided actionable information, down from nearly 100% in 2018, indicating a decline in transparency surrounding data breaches.
Security experts explained that, with the increasing trend toward opaque breach notices, organizations must enhance their transparency in disclosing data breaches.
Nick France, chief technology officer at Sectigo, said enhancing transparency in disclosing data breaches requires organizations to establish clear policies, provide timely notifications and engage in open communication with stakeholders.
Key findings from the ITRC report also underlined the widespread impact of cybersecurity threats across industries.
Nearly 11% of publicly traded companies fell victim to breaches, with 47% withholding attack information in their notices.
Healthcare, financial services, and transportation sectors experienced more than double the compromises compared to the previous year, with utility companies leading in victim numbers.
Publicly traded companies face specific challenges in maintaining cybersecurity resilience due to their high-profile nature and the scrutiny they face from shareholders, regulators and the public.
France explained these challenges include balancing cybersecurity investments with shareholder expectations, managing complex supply chain risks, vendor consolidation and addressing regulatory compliance requirements.
Collaboration with industry peers and leveraging emerging technologies can also bolster cybersecurity resilience for publicly traded companies.
The report also highlighted evolving attack vectors, with cyberattacks remaining the primary cause of breaches.
While phishing and ransomware attacks saw a slight decline, zero-day exploits surged significantly, posing new challenges for cybersecurity professionals.
Supply chain attacks emerged as a growing concern, impacting a rising number of organizations and individuals.
Since 2018, incidents have skyrocketed by over 2,600%, with victims increasing by 1,400%.
They should look at ways to streamline their investigation and determine the potential materiality of an incident using technologies like data security posture management and data detection and response.
Mandy said they should also be actively and proactively trying to reduce the data at risk from compromises of actionable issues like dormant identities and dormant data and overprivileged accounts to ensure they reduce the frequency of events that trigger the materiality thresholds.
France noted organizations can strengthen their cybersecurity posture through proactive measures.
Establishing incident response plans, collaborating with industry peers and security experts, and staying informed about emerging threats can help mitigate the risk of falling victim to similar attacks in the future.
This Cyber News was published on securityboulevard.com. Publication date: Fri, 09 Feb 2024 14:13:03 +0000