Welcome to our second quarterly review of cyber attacks and data breaches for 2023.
In this article, we take a closer look at the information gathered in our monthly list of security breaches, and delve into the infosec landscape over the past three months.
You’ll find an overview of the most common types of cyber attack, plus year-on-year comparisons, details on the most breached sectors and a running total of incidents for the year.
Overview
IT Governance discovered 297 security incidents between April and June 2023, which accounted for 116,933,247 breached records.
This represents a slight decrease (-4.1%) in the number of security incidents that we saw in Q1 2023, but a massive 66% reduction in the number of breached records.
How security incidents are occurring
In compiling our monthly lists, we distinguish between data breaches caused by an organisation accidentally leaking information (‘data breaches’) and those that are the result of criminal hacking (‘cyber attacks’).
We also place ransomware in its own category, due in part to the frequency of attacks and in order to differentiate it from intrusions that may be harder to detect, such as password breaches.
Separating incidents in this way reveals more about how organisations fall victim and who is to blame, as you can see in this chart:
Phishing and malware are among the most common threat vector, but in many cases the breached organisation doesn’t disclose how it fell victim.
That’s often a deliberate strategy, because it doesn’t want to publicise its vulnerability – particularly if it’s still working on a solution.
Elsewhere, we continue to see fluctuations in the number of reported ransomware attacks. There were 82 such instances in Q2 2023, which represents a 16% decrease compared to last quarter.
However, the start of the year coincided with a huge spike in infections. The 98 ransomware attacks in Q1 2023 is almost double the figure that had been reported at the same stage the previous year (50).
A contributing factor to this variation is the continued evolution in cyber criminals’ techniques. Ransomware soared in popularity at in around 2020, with attackers committing to a relatively simple method: infect organisations’ systems with malware that worms through their systems and encrypts data.
With the victims unable to access their files or systems, they felt compelled to meet the criminals’ ransom demands. As such, they would pay huge sums of money in the hope that the attackers would keep their word and free their systems from the malware.
However, as this technique became well-known, organisations began to anticipate attacks and created regular offline backups of valuable data.
This meant that targeted organisations could wipe the infected files and rebuild their systems in a safe environment without having to interact with the criminals.
It resulted in a drop-off in publicly reported ransomware attacks, and it hit its nadir (or peak, depending on how you look at it) at the start of 2022.
But in the past year, cyber criminals have responded with a new method of attacks that has come to be known as ‘double extortion’.
With these attacks, the criminal hackers don’t simply encrypt organisations’ systems and demand money for the safe return of the data. They also threaten to publish the information online if they don’t get their money.
This is intended to give the organisations an added reason to negotiate. However, the reality is that criminal hackers were leaking the data in most cases even when ransom payments were consistently successful.
The slight slowdown in attacks throughout 2023 suggests that organisations are again getting used to a new technique and responding in kind. However, it’s important to remember that whatever method cyber criminals use, it’s never a good idea to pay their ransom demand.
After all, there is no way to prove that the criminal hackers are deleting the stolen information – or even that they haven’t already used that information for fraud by the time they contact the organisation in an extortion attempt.
How many records have been compromised?
As we often note, it’s hard to know definitively how many records have been compromised, because few publicly disclosed breaches contain this information.
However, in the incidents during Q2 2023 where this information was revealed, there were 116,933,247 breached records in total.
Which sectors are most vulnerable?
The healthcare sector accounted for the most security incidents in Q2 2023 (91). It was followed by the education sector (51) – and between them they accounted for 48% of all incidents that we identified.
The other big contributors were the public sector (37), professional services (31) and technology (30).
Protect your organisation with IT Governance
IT Governance offers a range of resources to help you navigate the threat landscape, including cyber security software, training courses, books and toolkits.
Those looking for advice on where to get started may be interested in reading The Data Breach Survival Guide.
This free guide provides a six-step outline on how to respond to a security incident.
Whether you’re hit by a cyber criminal or you discover an internal error, we can show you how to respond effectively and mitigate the risk.
The post Data Breaches and Cyber Attacks Quarterly Review: Q2 2023 appeared first on IT Governance UK Blog.