There have been a multitude of high-profile cyber-attacks this year. Indeed, over the last few years the mainstream news outlets have featured cyber-crimes far more than ever before. Our IT experts always try to adopt a ‘security by design’ approach in their work. Our CRIBB Cyber Security brand has been helping clients large and small with IT security since 2016. In light of this, ‘cyber security trends 2023’ is a look at the trends which have emerged this year. If your organisation has little or no defence in place then hopefully this piece will be of great value to you.
Security Incidents January To July 2023*
Last year (2022), there were 408 million breached records from over 1,000 security incidents. In 2023, there were over 612 million breached records from 694 breaches up to the end of July. Theoretically at least, there could then be over 1 billion records breached by the time we reach December 31st. These figures must be taken very seriously indeed, as they relate to people such as you and I. A glimpse at some of the organisations and entities to suffer cyber-attacks gives further evidence of the scale we’re dealing with.
January- Twitter (Email addresses linked to over 235 million accounts were posted to an online hacking forum)
- T-Mobile (T-Mobile USA suffered a data breach which affected ~ 37 million customers)
- JD Sports (The company leaked the personal information of 10 million customers)
February- Sharp HealthCare (Following a cyber-attack against its website, Sharp notified ~ 63,000 patients of a data breach)
- Reddit (Hackers used a phishing technique to steal source code and internal data)
- Activision (Unknown hackers stole internal data from the gaming giant)
- Alabama’s Jefferson County School system (These suffered a ransomware attack during Spring Break)
- ChatGPT (In its first major personal data breach, the personal information of some ChatGPT Plus subscribers was leaked)
Cyber Security Trends 2023: Ransomware Strikes Again
April- Pizza Hut, KFC & Taco Bell (Yum! Brands had to notify consumers of a data breach following on from a ransomware attack)
May- T-Mobile (May saw the company suffer its second data breach of the year, although this one affected a lot fewer customers at 836**)
- PharMerica (The national pharmacy network sent notification letters to more than 5.8 million individuals disclosing a data breach following a ransomware attack)
June- MOVEit (A wave of cyber-attacks and data breaches began after a vulnerability was discovered. The impact of these attacks was huge, affecting multiple United States government organisations. In the UK, organisations including the BBC, British Airways, Boots and Aer Lingus were also breached)
- American Airlines (Hackers breached a database maintained by the Texan recruiting company, Pilot Credentials. This resulted in the theft of personal information from more than 8,000 pilot applicants – including some from American Airlines)
July- Roblox (A data breach exposed the personal information of 4,000 Roblox developers, including home addresses and phone numbers)
- The Norwegian Government Security and Service Organisation (A cyber-attack on the ICT platform used by 12 ministries was detected by the Norwegian Government)
How To Strengthen Your Cyber Defences
This month (August), more cyber-crimes have been committed against Government entities. Every police officer in Northern Ireland had their data compromised in a data breach. Think about that for a moment. Then look back through the lists above and it becomes clear that no target is unobtainable for malicious actors. Having a robust cyber security strategy in place is therefore vital for any organisation. Here then are some tips from the experts at CRIBB Cyber Security on how you can strengthen your defences^:- Ensure that all desktop computers, laptops and other devices are patched
- Implement strong password / passphrase conventions
- Regularly review user access controls
- Consider deploying 2FA or MFA
- Check anti-virus software and firewall rules regularly
- Review your backups and consider creating an offline copy
- Implement an incident response plan and keep it updated
- Train your staff on social engineering and how to deal with phishing emails
- Regularly review third party access
‘Cyber Security Trends 2023’ represents but a scratch on the surface of the cyber security landscape in 2023. Hopefully though, it will encourage further research and thought into what is undoubtedly a very important area. Unfortunately, cyber security is still being overlooked by organisations both large and small. Investment into it does appear to be on the up, however, at least according to the UK Government: “The [UK cyber security] sector employs 58,005 people (full time equivalents), up 10% since last year, an increase of 5,300 jobs.” This was published in April 2023, along with some other positive statistics. Perhaps more organisations are embracing security in a more serious manner, and that is a great thing. Cyber-criminals are certainly not resting on their laurels – that is for sure.
Need Help With Cyber Security?
If you need help with cyber security, contact us today.
*Statistics taken from IT Governance.
**Statistics taken from Bleeping Computer.
^These are just a small selection of actions you can take to protect your organisation. They are based upon the NCSC actions to take when the cyber threat is heightened.