Data breaches have surged threefold from 2013 to 2022, with 2.6 billion personal records exposed in just the past two years. According to a report by MIT Professor Stuart E. Madnick, backed by Apple, 2023 is on track to set new records in data compromise.
The report reveals a concerning trend: cybercriminals are growing more adept at exploiting misconfigured cloud environments and unsecured end-to-end phone encryption. Ransomware remains the favored method of attack.
Ransomware Attacks on the Rise
In the first half of 2023, organizations faced nearly a 50% increase in ransomware attacks compared to the same period in 2022. Attackers often seize control of fleets of mobile devices, crippling communications until their demands are met.
Misconfigured Clouds: An Open Invitation to Attackers
Unsecured and misconfigured clouds have become prime targets for cybercriminals, serving as gateways to steal identity data that can be resold or used for synthetic identity fraud. Madnick cites a TechCrunch report detailing a Microsoft AI research blunder that exposed over 38 terabytes of sensitive information due to a cloud misconfiguration. Attackers aim to take control of identities, starting with Microsoft Active Directory (AD), to enhance their ransomware efficacy.
Merritt Baer, Field CISO at Lacework, emphasizes that bad actors typically seek easy entry points through misconfigured clouds rather than investing in costly zero-day exploits. They often exploit overprovisioned permissions and legitimate credentials to gain unauthorized access.
Nearly 99% of cloud security failures stem from incorrectly configured manual controls. According to IBM's 2023 Cost of a Data Breach Report, misconfigured cloud infrastructure can cost organizations an average of $4 million to remediate.
Expanding Beyond Encryption Strategies
Organizations must adopt a comprehensive security strategy that goes beyond mere end-to-end encryption to safeguard their infrastructure. A breach often begins when attackers use legitimate credentials to access unauthorized resources. This vulnerability far exceeds the protections that encryption can provide.
Baer advocates for including the ability to detect anomalous behaviors that leverage legitimate credentials in security programs. By analyzing data at a granular level, organizations can effectively identify security threats.
The Importance of Unified Endpoint Management (UEM)
CISOs predict that 2023 will be a pivotal year for consolidation, particularly in managing endpoints. Unified Endpoint Management (UEM) streamlines the safeguarding of company devices across networks. Key vendors in this space include IBM, Ivanti, ManageEngine, and Microsoft.
Srinivas Mukkamala, Chief Product Officer at Ivanti, believes that the convergence of 5G and IoT will redefine digital experiences in 2024, increasing demand for strict security and privacy standards. Organizations must ensure they are prepared for a fully connected work environment.
UEM also plays a crucial role in enabling passwordless authentication and mobile threat defense. Leading providers in this area include Microsoft Authenticator, Okta, and Ivanti, which uniquely integrates UEM and passwordless multi-factor authentication into a singular platform.
The Evolving Landscape of Cybercrime
Cybercriminals are continually adapting their strategies to exploit technological advancements and pressure victims into quick ransom payments. Tools such as FraudGPT offer attackers enhanced resources. CrowdStrike's 2023 Global Threat Report indicates a threefold increase in breaches involving "cloud-conscious" threat actors, alongside a significant rise in adversaries pursuing cloud data theft.
Access brokerages are rapidly emerging as one of the fastest-growing illegal businesses on the dark web, selling bulk access to stolen identities and credentials. Industries such as healthcare and manufacturing are prime targets, as attackers exploit time-sensitive conditions to extract larger ransoms.
With the new SEC disclosure laws, ransomware gangs are now utilizing a "triple extortion" approach—encrypting data, leaking information, or reporting to the SEC, giving victims even less leverage in negotiations.
Preparing for a Challenging 2024
As CISOs and their teams work to secure revenue-generating operations without hindering business growth, the role of security leaders is becoming increasingly prominent. More CISOs are joining corporate boards, recognizing the influence they can have on organizational resilience and security.
George Kurtz, CEO of CrowdStrike, emphasizes that security should enable business growth and protect the productivity gains from digital transformation. Cultivating a culture of security within organizations will be crucial as they navigate the evolving threat landscape in 2024.
Ranking
