Based on a recent study conducted by IBM, the “average cost of a data breach for an organization exceeded $4.45 million in 2023, the highest average on record, this is an increase of 2.3% from 2023”.
While significant advancements were made in security technologies like Artificial Intelligence (AI), malicious actors remained a persistent threat, constantly adapting their tactics and exploiting newly discovered vulnerabilities. This piece explores some of the more significant cybersecurity events of 2023 and provides practical tips to help you strengthen your cybersecurity posture in 2024.
AI Revolutionizes Threat Detection:
AI systems such as Google Bard and ChatGPT have achieved remarkable advancements in functionality. While these technologies offer immense potential for good, they are also accessible to malicious actors. Thankfully, AI has also revolutionized threat detection, enabling organizations to analyze vast amounts of data in real-time and identify malicious patterns that might elude traditional methods. These AI-driven algorithms can detect anomalies and predict potential attacks before they occur, allowing for faster and more effective response.
Enhanced Collaboration: Building a Collective Defense
Collaboration and information sharing are crucial components in countering cyber threats. Organizations are increasingly participating in the exchange of threat intelligence, which allows for the swift identification and neutralization of threats. By learning from each other's experiences and sharing knowledge, organizations can develop a stronger collective defense against cyberattacks.
The White House's National Cybersecurity Strategy (The White House, 2023) and CISA's "Shields Up" campaign (Cybersecurity & Infrastructure Security Agency , n.d.) reinforce this approach by advocating for coordinated efforts and resource sharing to enhance cybersecurity resilience across various sectors. These initiatives underscore the importance of a unified and proactive stance in addressing the evolving challenges within the cyber landscape.
Evolving Cyber Attacks and Breaches
2023 was marked by a series of high-profile incidents around the world, demonstrating the ever-evolving nature of cyber threats, including the sophisticated rise of deepfakes. Here’s a highlight some of the more notable cyber events that took place in 2023:
- The year began with Royal Mail, a major British postal and courier company, experienced a major operational disruption due to a ransomware attack by LockBit, a ransomware gang linked with ties to Russia (Cyber Management Alliance, 2023). The attack halted international shipping and raised alarms about the readiness against such threats.
- Then in June, a software vulnerability in a popular file transfer product MOVEit was exploited by the ransomware gang CloP to attack hundreds of organizations, including universities, banks, and major multinational corporations (Vasquez & Vicens, 2023).
- In July, Storm-0058’s a Chinese state-linked hacking group, breached Microsoft's email platform that led to the extraction of tens of thousands of emails from U.S. State Department accounts, primarily involving personnel working on Indo-Pacific diplomacy (Pearson, 223).
- Then in October, identity and authentication giant Okta suffered a breach in its customer support department, with hackers gaining access to the customer support case management system and stealing sensitive data. This breach was first reported to only have affected 1% of their customers but later revised that it impacted all of there customer (Krebs, 2023).
Deepfakes: The Rise of a New Threat
2023 also saw a significant sophistication of deepfakes, synthetic media created using artificial intelligence. These advancements have raised concerns about potential abuse in various digital spaces, including phishing attacks, disinformation campaigns and social engineering. Deepfakes pose a significant challenge due to their ability to convincingly mimic real people, making it difficult for individuals and organizations to discern genuine content from malicious attempts. Advanced detection technologies and awareness campaigns are crucial to combat this emerging threat.
These varied incidents and technological advancements illustrate the escalating scale and sophistication of cyber threats. The year 2023 saw nearly 6 billion compromised records (Ford, 2023), emphasizing the urgent need for robust, proactive cybersecurity strategies on a global scale.
Protecting Yourself in 2024
While the cyber threat landscape may seem daunting, individuals need to continue to take proactive steps to enhance their cybersecurity posture.
Here are some key actions you can implement:
- Embrace strong passwords: Move beyond easily guessable passwords. Utilize strong, unique passwords for all your accounts and enable multi-factor authentication wherever possible. Consider using a password manager for enhanced password management.
- Beware of phishing scams: Be cautious of suspicious emails, links, and attachments. Always verify the sender's identity before clicking on any links or downloading attachments. If something seems too good to be true, it probably is. Check the “red flag” list for actions that should cause you to stop and verify.
- Update regularly: Regularly update the operating systems, applications, and firmware on all your devices (smartphones, tablets, computers) to install the latest security patches.
- Backup is key: Regularly back up your important data to a secure location. This will provide a safety net in case of a cyberattack or accidental data loss.
- Secure your home network: Use strong passwords for your Wi-Fi network and enable encryption to protect your data while online. Avoid using public Wi-Fi for sensitive activities.
Looking Ahead: A Collaborative Future
Combating cyber threats effectively requires a collaborative effort. Individuals, organizations, and policymakers must continue to work together to create a more secure digital environment. By taking these steps and staying vigilant, you can navigate the ever-evolving threat landscape with confidence!
Be Alert! Watch for these red flags and always verify before you send...
- Change in payment information, such as changes to wire directions, check details, or ACH directions
- Urgency in the request or last-minute changes without notice
- Change in your point person for business in process, such as your loan officer, title agency contact, or dealer representative
- Change in payment type, such as requiring you to wire money instead of provide a check
- Requests for payments for unexpected things, or by someone who wouldn’t normally contact you for money
- Unexpected email, text or phone call, or communications where the contact information doesn’t match what you normally use for that individual, such as a different email address or phone number
To view the winter 2024 issue of Partners magazine in its entirety, click here.
