EXECUTIVE SUMMARY:

In 2022, bombshell broadcast announcements pertaining to high-profile cyber security breaches dominated headlines and demanded the public’s attention. In this review of 2022’s top breaches, CyberTalk takes a look at some of the major events that shaped the year, and explores how organizations can leverage the lapses to inform strategic security initiatives in 2023.

In 2022, escalating geopolitical tensions and the deteriorating conditions of global financial markets contributed to worse operational risk outlooks and more strained risk management than in prior years. While this bleak and troubling reality may pervade 2023, in the new year, organizations are expected to be more prepared and more resilient than ever before.

What we can learn: 2022 breaches

1. The password management platform known as LastPass recently issued a worrying statement. A previously disclosed security incident suddenly became more significant than anyone initially realized. Encrypted password vaults, which are the crown jewels of any password manager, were accessed by unauthorized persons.

If that sounds tame, the situation proved sufficiently concerning that, in the immediate aftermath, security professionals quickly began to advocate for users to switch to other password management services. A week has passed since the disclosure, and LastPass has not provided further information.

“In my opinion, they are doing a world-class job detecting incidents and a really, really crummy job preventing issues…” says Evan Johnson, a security engineer who worked with LastPass just over seven years ago.

The company’s new logging and alert capabilities are intended to help detect any further unauthorized activity.

2. In September of this past year, an 18 year-old hacker managed to gain access to Uber’s internal Slack platform. In addition, the hacker gained sweeping access to an array of other tools and confidential information.

“They pretty much have full access to Uber,” said Sam Curry, a security engineer who corresponded with the party responsible for the attack.

The 2022 Uber attack occurred because an employee fell victim to a social engineering deception. The data breach indicates that organizations should upgrade employee security awareness training, increase reliance on multi-factor authentication, and otherwise rethink account security. For instance, passwordless authentication can actually help protect identities and secure digital resources.

3. In April of 2022, the government of Costa Rica contended with a series of cyber attacks that were perceived as intentional attempts to destabilize the country as it transitioned to a new government.

The cyber crime group known as Conti claimed responsibility for the attack, and the attackers demanded $10 million in exchange for safely returning certain sensitive information.

The attack directed towards the government of Costa Rica may leave a lasting legacy. Attackers proved that it’s possible to hold an entire country for ransom. Analysts say that similar attacks may occur in the future. Have you read our 2023 ransomware predictions article yet? Here.

To prevent these types of attacks from hitting your network, conduct a security assessment, evaluate your existing systems, conduct tests and determine where you can make changes.

4. In January of 2022, a breach of the digital scheduling platform known as FlexBooker affected several million platform users. A portion of the company’s customer database was compromised, providing hackers with access to partial credit card data. Making matters worse, the stolen data later appeared on criminal dark web forums.

Experts determined that the breach occurred due to a misconfigured AWS account. Discover top AWS cloud security tips to help secure your environment here.

Closing thoughts

If 2022 has taught organizations anything, it’s that effective cyber security is critical in order to ensure business continuity and business success.

An analysis of the aforementioned data breaches reveals that security leaders are hunting through IT environments for the latest vulnerabilities, but sometimes flub the fundamentals. In 2023, cyber security leaders need to focus on multi-year security roadmaps and on everyday operational measures that encourage long-term cyber security resilience.

For key 2023 insights from Check Point’s cyber security leaders, please see CyberTalk.org’s past coverage. Lastly, to receive cutting-edge cyber security news, exclusive interviews, expert analyses and security resources, please sign up for the CyberTalk.org newsletter.