Zero-day, supply-chain attacks drove data breach high for 2023>
CSO Online – John Mello Jr.
The Identity Theft Resource Center (ITRC) annual data breach report for 2023 reveals a record high in data breaches, showcasing a 78% increase over 2022, totaling 3,205 breaches.
The surge in breaches is attributed to zero-day and supply chain attacks, with an increase in organized criminal groups engaging in identity crimes due to the conflict between Russia and Ukraine.
Supply chain attacks played a significant role in data breaches, with attackers targeting vendors to gain information on multiple companies.
The rise in zero-day attacks has been notable, with 110 instances reported in 2023, a substantial increase from previous years.
This increase may be linked to the heightened use of open-source software components, which contribute to the occurrence of zero-day attacks, given the accessibility of third-party components.
Despite the increase in data breaches, the number of affected victims declined by 16% compared to 2022, reflecting a shift in attackers’ tactics towards more precision and targeting specific systems to minimize collateral damage.
The report highlights a shift in attackers’ focus on organizations rather than individuals, as companies have bolstered their data privacy efforts due to regulations such as GDPR and CCPA.
The ITRC also noted that nearly 11% of all publicly traded companies were compromised in 2023\) Industries such as healthcare, financial services, and transportation reported more than double the number of compromises compared to the previous year, indicating a heightened risk environment.
Looking ahead, the ITRC foresees a continuation of increasing breach numbers, driven by the rise of supply chain and zero-day attacks.
The advent of new AI tools is expected to further aid attackers, potentially leading to a surge in successful attacks and posing ongoing challenges for defense mechanisms.
Link: https://www.csoonline.com/article/1298730/zero-day-supply-chain-attacks-drove-data-breach-high-for-2023.html
Zero-day, supply-chain attacks drove data breach high for 2023
Categories:
Tags: