New data summarizing the compromises of data in 2023 provides key details on who’s being targeted, what types of data is being compromised, and what attack vectors are being used.
I’ve covered reports from the Identity Theft Resource Center (ITRC) – their coverage of attacks over the years has grown to include much more than identity theft. They just released their Annual Data Breach Report for 2023 that provides lots of insight into what transpired last year:
- The number of compromises rose from 1801 in 2022 to 3205 in 2023
- The total number of victims (that is, the individuals whose records were compromised) actually declined from just over 425 million in 2022 to 353 million in 2023
- The top industries affected were education, financial services, government and healthcare
- 76% of the records compromised in 2023 were contained sensitive personal information
What’s interesting is the details on attack vectors:
- Phishing remains the top specified attack vector for both 2023 and 2022
- User error with email correspondence jumped 590% in 2023 to the number two spot
- Ransomware and malware take the next two spots (keep in mind, these are a product of their own initial attack vector – which is usually vulnerabilities, RDP access or phishing)
The ITRC data makes it pretty clear, successful attacks are on the rise…and users are the primary target. It takes continual security awareness training to elevate an organization’s overall sense of cybersecurity vigilance and establish a strong security culture around everyone’s job. Users play a role in many of these data breaches; the goal is to minimize the risk by mitigating the opportunity through making the user far more aware of cyber attacks and how they work.
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
