Apple recently released its findings and observations on cybersecurity threats encountered in 2023. The study reveals interesting data points and demonstrates how the threat landscape is evolving.

1. Attackers are Increasingly Targeting Consumer Data

Over 360 million people fell victim to corporate data breaches in the first eight months of 2023 alone, a number higher than all of 2022. At least 80% of these breaches involved data that’s stored in the cloud. The steep rise in data breaches is attributed to the growing interest of cybercriminals in consumer data plus the growing volume of unencrypted personal data in the cloud.

2. 95% of Breached Organizations Suffer Repeat Attacks

Cybercriminals continue to target organizations that were previously breached. Examples include T-Mobile, GoDaddy and Sony. Each company may have different causes for repeated attacks, but the common factor is that hackers recognize a victim’s vulnerability and make multiple attempts to target it.

3. Cloud Misconfiguration is the Most Common Cloud Vulnerability

Even though there’s been a mass migration to the cloud these past few years, it’s still a relatively new platform and they all have different security “speak”. IT teams may not be well-skilled in the various features and processes required to secure data. Cloud security is a specialized knowledge that is high in demand and low in supply. Therefore, it’s not unusual to find IT teams prone to cloud misconfigurations, apply excessive permissions and access control, or leave ports unrestricted and backups unsecured. Because of these oversights and others, it’s necessary to perform third-party penetration testing (in addition to cloud pen testing) and configuration reviews at regular intervals.

4. Organizations Holding Sensitive Data at Greater Risk of Being Attacked

Security researchers observed that threat actors are increasingly targeting organizations like schools, municipalities, hospitals and healthcare clinics, military contractors and police headquarters precisely because they hold sensitive and secretive data like personally identifiable information (PII) and medical records. Probably because some of these records can be sold on dark web marketplaces.

5. The First Half of 2023 saw 50% More Ransomware Victims Than All of 2022

Ransomware continues to wreak havoc on corporations and institutions. The first three quarters of 2023 witnessed 70% more attacks compared to the same period in 2022. The U.S. and the UK faced the highest amount of ransomware attacks, followed by Canada and Australia. As many as 60% of healthcare organizations reported a ransomware attack, 34% higher than in 2021. Detecting ransomware is also not easy because most threat actors are in and out of victim networks in less than a day. Organizations must monitor their endpoints and networks 24/7, if they cannot do it themselves, it is advisable to rely on experienced MDR providers to do so on their behalf.

6. Ransomware Actors Steer Towards Data Instead of Disruption

Earlier ransomware attacks focused on operational disruption and locking up corporate data. Attackers would then demand money in exchange for the release of these data. In the last few years, attackers have become more aggressive, focusing on data exfiltration, increasing pressure on organizations that even had the foresight to make backups. For example, hackers often attempt to extort plastic surgery practices to pay up using personal photos of patients.

7. Employees and Their Families may be Susceptible to Ransomware

Threat actors are joining forces, merging into ransomware gangs, offering franchising opportunities, offering technical expertise, renting email lists, selling DIY ready-to-deploy phishing and ransomware attack kits and providing customer service and help desks to low-skilled hackers. Adversaries use a new tactic called “dual ransomware attacks,” where the victim is targeted multiple times by multiple ransomware variants over a short period. Some ransomware gangs approach victims whose data was leaked and use aggressive tactics including issuing violent threats to their families. We’re looking at an attack surface that is ever-widening. Organizations need to train employees to be ever vigilant, with the ability to identify, block and report phishing and other malicious threats.

8. Software Vendor Exploitation Attacks on the Rise

Businesses are increasingly relying on third-party software for their day-to-day operations. Once these tools are installed, they typically provide a “back door” to their client organizations for the provision of services such as software updates. Bad actors exploit vulnerabilities in these tools, allowing them to overcome or circumvent security defenses, even those that have sophisticated countermeasures. It is believed that 98% of organizations have a relationship with a software vendor that has experienced a breach in the past two years, highlighting the need for organizations to have an active and comprehensive vendor risk management program to manage third-party risks.

Apple research proves that no organization nor individual is safe from a data breach. Breaches and attacks can have real-life consequences. In such situations, it can be difficult for organizations with limited expertise to stay updated on root causes and the latest risk factors. Start by understanding the current state of your security posture, evaluating vulnerabilities, determining the effectiveness of existing defenses and implementing industry-standard security policies as the best path forward.