As the world becomes increasingly online, companies and individuals alike are trying to protect themselves from cybercriminals and bad actors trying to access their personal information. Despite this, there is evidence that the fight against data breaches is not progressing. In fact, things seem to be getting worse.
Most reports indicate that 2023 will be the worst year for data breaches in the United States and around the world. A report released in January by the Identity Theft Resource Center (ITRC) concluded that data breaches increased 78% year-over-year, from 1,801 incidents in 2022 to 3,205 incidents in 2023. Criminals “continue to find new ways to access and exploit human-readable personal data, especially data stored in the cloud,” according to a data breach study by MIT information technology professor Stuart Madnick.
This has devastating consequences for personal financial security, creates problems for cybersecurity, and marks a step backward in the fight against identity theft. What makes 2023 data breaches so bad?
subscription Week
Escape your echo chamber. Understand the facts behind the news and analyze it from multiple angles.
Subscribe and save
Sign up for this week’s free newsletter
From our morning briefing to our weekly Good News newsletter, get the best of the week delivered straight to your inbox.
From our morning briefing to our weekly Good News newsletter, get the best of the week delivered straight to your inbox.
What are the numbers for data breaches in 2023?
The numbers are staggering: According to the ITRC report, 3,205 breaches will occur in 2023, including 3,122 data breaches, 25 data breaches, two data breaches and 56 breaches of unknown nature. This means the total number of victims exceeds 353 million, “an all-time high for reported data breaches in the United States,” ITRC said.
Many of the data breaches in 2023 took the form of ransomware, viruses that lock victims’ files and hold their data hostage until a ransom is paid. Madnick said the number of ransomware attacks has “increased almost 70%” compared to last year. While all data breaches are problematic, ransomware has emerged as one of the most common culprits. Cybersecurity media SecurityWeek said ransomware scams will have “more than double the number of victims in 2023 than in 2022.” SecurityWeek said that based on current trends, the threat of ransomware “will continue to increase and evolve in 2024.” The outlet said the surge in ransomware can be measured by “an increase in the number of victims paying the ransom – from 68% to 76% (remember, this is 76% of the higher number of victims)”.
While the vast majority of these breaches occurred online, this is not all-inclusive; according to the ITRC, at least 729 breaches were caused by human or system errors, 242 of which were caused by supply chain attacks and 53 The breach was caused by a physical attack on the hardware. ITRC said the healthcare industry was the worst affected, with a total of 809 incidents. Similar breaches occurred in professional services, financial services, education and manufacturing.
What makes the breaches in 2023 so serious?
“There are three main reasons behind the increase in personal data theft: cloud misconfigurations, new ransomware attacks, and increased exploitation of vendor systems,” Madnick said in the Harvard Business Review. First, cloud-based storage is generally cheaper for large-scale enterprises, so “it is estimated that more than 60% of global enterprise data is stored in the cloud.” This “makes the cloud a very attractive target for hackers,” with more than 80% of breaches in 2023 involving cloud-based software.
The spread of ransomware attacks is also a factor in these surges, Mednick said. Third, many large companies use third-party vendors to help with everything from “air conditioning maintenance to providing software.” In order to do these things, Madnick said, vendors “need easy access to a company’s systems,” which could lead to a hacker frenzy given that vendors “are often small companies with limited cybersecurity resources.”
Equally concerning is the fact that “the number of data breach notifications without specific information, such as what occurred, what corrective actions the company took, or what steps were taken to ensure the breach does not happen again,” nearly doubled year over year. ITRC’s James E. Lee told USA TODAY that this lack of information “poses risks to other businesses that may be vulnerable to similar attacks, as well as to consumers who need to know how to protect themselves. “
To continue reading this article…
Create a free account
Continue reading this article and get limited monthly access to the website.
Already have an account? login
Subscribe this week
Get unlimited website access, exclusive newsletters, and more.
Cancel or pause at any time.
Already a subscriber to This Week?
Digital and Print+Digital subscriptions include unlimited website access.
create an account Use the same email registered to your subscription to unlock access.