Global organizations are due to spend billions of dollars on cybersecurity this year. But data breach incidents continue to rise. The latest figures from the US reveal over a billion individuals were impacted by corporate data breaches in Q2 2024, a 1,170% increase from the same period in 2023. So what’s going wrong?
It may be time for enterprises to renew and revise their security strategies, starting with what matters most: their data.
Non-profit the Identity Theft Resource Center (ITRC) has been tracking publicly reported breaches in the US for years. It found 2023 the worst on record, with 3205 compromises impacting more than 353 million downstream customers and employees. Unfortunately, 2024 is shaping up to be another record year. In H1 2024, the ITRC recorded 1,571 data leaks and breaches, a 14% annual increase. Around 1.1 billion individuals were affected by these incidents. That’s a lot of potentially disgruntled customers and employees to launch class action suits. The reputational and financial hit could be significant.
The number of reported incidents in 10 of the 16 industries tracked by the ITRC increased in the period, with financial services the most compromised industry – breaches there increasing 67% year-on-year (YoY). Rounding out the top five most impacted industries were healthcare, professional services, manufacturing and education. But in reality, no organization that handles sensitive data is safe from theft, digital extortion and even cyber-espionage.
Perhaps unsurprisingly, cyber-attacks accounted for 1,226 of the 1,571 breaches recorded in the first six months of the year. But failure to configure cloud systems correctly, as well as “unsecured” cloud environments, contributed a handful of incidents. As did credential stuffing. The impact of a campaign against corporate customers of Snowflake, who failed to secure their accounts with multi-factor authentication (MFA), illustrates how easy it is for threat actors to bypass defenses and reach potentially hundreds of millions of records.
Against this backdrop, growth-oriented organizations understand that business success can only be built on secure foundations. That should start with the assets most at risk: customer/employee data, financial information and sensitive IP. A data-centric security strategy will focus on protecting that data, wherever it resides (including third-party cloud stores), with strong encryption or tokenization. Any such strategy will need to build in continuous discovery and classification of that data, to ensure that no stone is left unturned.
Once the organization is confident that its crown jewels will be rendered worthless to any digital thief, they can build a secure wrapper around them with things like:
Supply chains must be managed with the same rigor. According to the ITRC, over 460 organizations and more than 10 million individuals were impacted by supply chain-related breaches in H1 2024. By demanding more of suppliers and partners, and ensuring due diligence and ongoing auditing checks are watertight, there is a way to better manage risk and set your business up for growth.