Despite significant efforts by organizations to fortify their defenses, the frequency of data breaches continues to rise. In fact, it is now commonly accepted that no data which is gathered or processed online can ever be deemed to be 100% secure. This may seem unusual given the scale of investments being simultaneously made in cybersecurity; In 2023, world-wide spending on cybersecurity reached approximately $188 billion, with projections suggesting this figure will rise to $215 billion in 2024. Despite the expenditure on data security, breaches persist, drawing attention to the evolving nature of threats and the challenges organizations face in mitigating their risks and being ready to respond when a data violation occurs.
Evolution of cyber threats
Attackers are becoming more sophisticated and well-funded. The typical ‘hacker’ is no longer limited to the classic image of an isolated individual who works independently. There are perhaps now three broad categories of hacking threat for companies to be aware of:
- State-sponsored groups; in February 2024 for example, the FBI named the Chinese state-sponsored “Volt Typhoon” group as being responsible for a series of attacks on US public infrastructure.
- Organized crime syndicates; also in February 2024, the UK’s National Crime Agency (NCA) announced that it infiltrated systems belonging to the criminal ransomware group Lockbit. Emerging in 2019, Lockbit had established itself as a dominant player in the ransomware market, with some estimates suggesting that it held around 20-25% of the global market for ransomware
- ‘Hacktivists’ now play an important role in the growing number of breaches ; in July 2024, Disney announced that it had launched an internal investigation into an apparent leak of internal messages by a hacking group known as Nullbulge, which claims it acts to protect artists’ rights.
With more access to advanced tools and resources, these groups are keeping up with legitimate organizations’ investment in cybersecurity, permitting them to launch more complex and targeted attacks.
A primary reason for the increase in data violations is the emergence of new attack vectors. Cybercriminals adapt their methods to exploit vulnerabilities in systems that were until recently considered quite secure. Techniques like phishing, ransomware, and social engineering remain common, but new methods, including zero-day exploits and supply chain attacks, have made cybersecurity more complex. Unsurprisingly, organizations can be caught off guard, and many struggle to keep up with the rapid pace of these developments.
Human error and insider threats
While external threats are a major concern, human error remains prevalent and insider threats also contribute to the growing frequency of data breaches. Unintentional errors by employees remain the cause of the majority of security incidents. Mistakes such as the misconfiguration of security settings, falling for phishing scams, or mishandling sensitive information can lead to breaches.
By their very nature, insider threats are particularly challenging to address. Disgruntled employees or those who perhaps entered the company with malicious intent from the outset can exploit their access to sensitive data, bypassing security controls designed to keep outsiders at bay. Companies handling sensitive data need comprehensive monitoring and access control policies that can detect and mitigate risks posed by insiders. The level of risk can vary greatly depending on the sector or activities the company engages in. Businesses need to be honest with themselves as to the gravity of risk they face and act accordingly.
Remote working
The COVID-19 pandemic accelerated a pre-existing shift towards remote working, rendering reliable data security more complicated for companies. As more employees now access corporate networks from various locations and devices, the opportunity for attack has expanded. Personal devices, home networks, and public WiFi connections often lack the strong security measures found as standard in the corporate setting, making them soft targets for attackers.
Digital transformation initiatives have also introduced new risks. The rush to adopt cloud services, the Internet of Things (IoT), and other technologies has increased the complexity of IT environments. These advances, though beneficial, often outpace the development of adequate security measures, leaving organizations exposed to possible breaches.
Third parties
Large companies have become better prepared to repel cyberattacks, but in response hackers have shifted their attention to vendors, which are often much smaller companies with more limited cyber defense resources and expertise. Hackers attempt to exploit those weaknesses to first get into the vendor’s system, then use its privileged access as a stepping stone to get into the computer systems of every company that uses the vendor.
This poses a real risk. One vulnerability in a single vendor system could threaten thousands of organizations. Some experts believe that more than 2,600 organizations around the world were victims of the MoveIt attack of 2023 when hackers exploited a vulnerability in a common file-transfer tool to gain access to personal data. A study by cybersecurity-ratings provider SecurityScorecard found that 98% of organizations globally have a relationship with a vendor that has suffered a data breach.
Regulation and compliance
It perhaps goes without saying, but the simple failure of many companies to follow the established rules remains a source of many data beaches. Compliance with relatively recent regulations such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), both in force since 2018, requires organizations to maintain much higher standards of data protection than was previously the case.
Businesses must implement technical and organizational measures to protect personal data, they should conduct regular audits, and ensure transparency in all data processing activities. Non-compliance exposes organizations to legal and financial penalties while increasing the likelihood of data breaches.
Achieving compliance, however, remains a complex and resource-intensive process. This is particularly true for companies which operate across multiple jurisdictions, where differing regulations create additional challenges. Failure to fulfill these requirements can lead to significant breaches, compromising sensitive information.
Mitigating risk
Organizations can and must take steps to mitigate their risk. A proactive and layered approach to cybersecurity is recommended to defend against a variety of threats. This includes implementing solid security controls, carrying out regular risk assessments, and remaining informed about emerging threats.
An effective strategy is the adoption of what is known as a ‘zero-trust’ security model. This approach assumes that nobody, whether inside or outside the organization, can be trusted by default. It requires verification for every access request, ensuring that only authorized individuals can access sensitive data and systems. By limiting access based on the principle of least privilege, the risk of insider threats and unauthorized access is significantly reduced.
Organizations should also invest in security awareness training. Educating staff about the latest phishing techniques, social engineering tactics, and safe online practices helps reduce the risk of human error. Regular training sessions and simulated phishing exercises reinforce these concepts and ensure that employees stay vigilant.
Incident response planning
No organization is immune to data breaches, in fact, a data breach (hopefully a very minor one!) at some point can be viewed as inevitable by any organization which handles large quantities of personal data. It is for this reason that having a well-defined incident response plan is an obligation. Knowing how to react in such circumstances is as important a part of a company’s data security policy as any other. The plan should list the steps to be taken when a breach arises, including how to contain the incident, evaluate the damage, and communicate with stakeholders. A rapid and coordinated response will minimize the impact of a breach and reduce the recovery time afterwards.
Every incident response team should be equipped with the necessary tools and resources to detect and respond to breaches effectively. This includes monitoring systems that provide real-time alerts and forensic tools to investigate the origin of the breach. Regular drills and simulations help ensure that the response team is prepared for a breach when one, inevitably, occurs.
Photo credits: ImageFlow, AdobeStock.com
