As the world moves more and more online, businesses and individuals seek to protect themselves from cybercriminals and malicious actors seeking to access personal information. Despite this, there is evidence that the fight against data breaches is not improving. In fact, it seems to be getting much worse.
Most reports indicate that 2023 was the worst year for data breaches both in the US and globally. An Identity Theft Resource Center (ITRC) report released in January concluded that data breaches increased 78% year over year, from 1,801 in 2022 to 3,205 in 2023. According to data breach research by Stuart Madnick, a professor of information technology at the Massachusetts Institute of Technology, hackers and criminals are “constantly finding new ways to access and exploit readable personal data, especially when it's stored in the cloud. “I'm here.”
This has devastating consequences for personal financial security and web safety issues, and represents a setback in the fight against identity theft. Why was 2023 such a bad year for data breaches?
apply 1 week
Escape from the echo chamber. Get the facts behind the news and analysis from multiple perspectives.
Subscribe and save
Sign up for this week's free newsletter
From our morning news briefing to our weekly Good News newsletter, get the week's best stories delivered straight to your inbox.
From our morning news briefing to our weekly Good News newsletter, get the week's best stories delivered straight to your inbox.
What will the data breach numbers look like in 2023?
The number is staggering. According to the ITRC report, his 3,205 breach incidents in 2023 included 3,122 data breaches, 25 data breaches, 2 data breaches, and 56 breaches of unknown nature. Masu. This represents a total number of victims of more than 353 million people and is “the largest data breach ever reported in the United States,” the ITRC said.
Many of the data breaches in 2023 came in the form of ransomware. This is a virus that locks victims out of their files and holds their data hostage until a ransom is paid. Madnick said the number of ransomware attacks was “almost 70% up” compared to the previous year. All data breaches have their problems, but ransomware is one of the most common causes. According to cybersecurity magazine SecurityWeek, ransomware scams “more than doubled the number of victims in 2023 compared to 2022.” And based on current trends, ransomware threats “will continue to increase and evolve in 2024,” SecurityWeek said. The surge in ransomware “can be measured by the number of victims who paid the ransom increasing from 68% to 76%,” the outlet said (this compares to an even higher number of victims than 76%). %).
The majority of these breaches were carried out online, but this is by no means exhaustive. According to the ITRC, at least 729 breaches were due to human or system error, 242 were due to supply chain attacks, and 53 were due to physical attacks on hardware. According to the ITRC, the healthcare industry was the most affected, with 809 incidents. Similar breaches were seen in professional services, financial services, education, and manufacturing.
Why are breaches so serious in 2023?
“There are three main reasons behind the rise in personal data theft: cloud misconfigurations, new types of ransomware attacks, and increased abuse of vendor systems,” Madnick wrote in Harvard Business Review. . First, cloud-based storage is often cheaper for large businesses, which is why “it is estimated that more than 60% of the world's corporate data is stored in the cloud.” This has made “the cloud a very attractive target for hackers,” with more than 80% of breaches in 2023 involving cloud-based software.
The prevalence of ransomware attacks is also contributing to this spike, Madnick said. Third, many large companies rely on third-party vendors for everything from air conditioning maintenance to software provision. To do this, vendors “need to have easy access to a company's systems,” Madnick said, noting that vendors “are often small businesses with limited cybersecurity resources.” Given that, this could be fodder for hackers.
Also of concern is “specific information such as what happened, what the company did to fix it, and what steps it took to ensure the breach does not happen again.” The number of data breach notifications that do not contain relevant information has nearly doubled compared to last year.” ” said James from ITRC. E. Lee told USA Today. This lack of information “poses a risk to other businesses that could be attacked in similar ways and to consumers who need to know how to protect themselves.”
To continue reading this article…
Create a free account
Continue reading this article and get access to exclusive websites every month.
Do you already have an account? Sign in
Subscribe to “This Week”
Get unlimited website access, exclusive newsletters, and more.
You can cancel or pause at any time.
Already a subscriber to The Week?
Digital and Print + Digital subscriptions include access to unlimited websites.
Create an account To unlock access, use the same email registered with your subscription.