Perhaps the only thing more damaging than suffering a data breach are the recovery costs associated with it. According to the 2023 IBM Cost of a Data Breach report, data loss is costing businesses 2.3 percent more year-over-year, with the average cost of breach rising to a staggering USD 4.45 million. The cost of a data breach isn’t explicitly related to leaked data; recovery or restoration expenses, customer compensation, and in some cases legal or regulatory fines all add up.
Protecting your data has never been more important, but data protection can’t be achieved with a one-size-fits-all approach. Instituting and maintaining a robust security posture starts by understanding the kinds of data your business has, the risks and vulnerabilities associated with it, and how it affects your business’s overall attack surface.
Understanding the common causes of data loss and the trends that are driving risk
Several attack trends have been impacting data loss and the types of compromised data in recent years. These trends reflect the evolving tactics of cybercriminals and how they’re able to capitalize on an ever-changing attack surface.
Here are some noteworthy attack trends:
Ransomware attacks continue to surge and affect organizations of all sizes and industries. However, more companies are opting out of ransom payments, leading to far less financial loss. In fact, according to the Verizon 2023 Data Breach Investigations (DBIR) Report, 93% of ransomware incidents had no financial loss. Ensuring data backups and data recovery plans are in place gives IT and security leaders confidence that they can weather a ransomware attack relatively unscathed. Per the 2023 Data Breach and Investigations report, system intrusions were the leading driver of ransomware or malware delivery.
Supply Chain Attacks
Cybercriminals are increasingly targeting the supply chain to compromise data. This involves infiltrating trusted third-party vendors or software providers to gain access to an organization's systems and data.
Attackers are exploiting previously unknown vulnerabilities (zero-days) in software and hardware to gain unauthorized access to systems and steal sensitive data. These exploits are particularly challenging to defend against because there are no available patches. Notable examples include zero-day vulnerabilities in Google Chrome, Microsoft Windows Support Diagnostic Tool, and Atlassian’s Confluence Data Center and Server.