By Shira Landau, Editor-in-Chief, CyberTalk.org
Twenty twenty-three breezed by in the blink of an eye, but before it eclipses us in entirety, let’s revisit some of the moments that mattered most.
Although many notable cyber security narratives and events have unfolded across the past 12 months, the stories summarized below stand out on account of what they say about the decisions that need to be made and the actions that need to be taken in 2024.
While you can draw your own conclusions, we’ve set out to make this easy — At the close of each section, you’ll find corresponding cyber security recommendations that are intended to supplement and enrich your security operations.
Let’s allow past obstacles serve as the foundations of future success. Here’s to a new year and a new chapter of your cyber security journey.
Most influential cyber security stories (2023)
Twenty twenty-three was defined by these developments that could function as harbingers for the future, unless we take corresponding action in the near-term.
1. Malicious generative AI tools. At the beginning of the year, in the wake of ChatGPT’s meteoric rise, hackers started to construct ‘black hat’ versions of ChatGPT that can be employed for illicit activities.
One of these tools, known as WormGPT, is capable of producing phishing emails and corresponding social engineering campaign strategies. It effectively forwards objectives among those who aim to carry out Business Email Compromise attacks.
Another tool, known as FraudGPT, can create undetectable malware, isolate vulnerabilities, detect leaks and has countless other potential malicious uses — all of which help hackers execute attacks at-scale.
While the threats posed by unchecked AI are proliferating, the corresponding challenges aren’t insurmountable. A consolidated cyber security architecture that includes AI-powered elements can keep organizations a step ahead of these types of threats.
2. MOVEit breach. One of the largest hacks of the year, in May, the Clop ransomware group exploited CVE-2023-34362 in order to use the MOVEit Transfer managed file transfer (MFT) software to steal massive quantities of corporate data.
The MOVEit breach affected roughly 2,000 organizations and close to 60 million individuals. Corresponding costs have reached an estimated $11 billion.
Among the victims were 900 educational institutions within the United States, all of which had connections to a single third-party service provider that had been using the MOVEit software at the time of the attack.
Since then, 58 class action lawsuits have been filed against Progress Software, the file-transfer software’s parent company.
This massive data compromise highlights the need to implement a sophisticated and layered approach when it comes to cyber threat prevention.
Specifically, an automated approach to patch management will assist in preventing similar attacks, as the MOVEit attack was caused by an unpatched zero-day vulnerability.
IT and cyber security teams should be promptly informed of vulnerabilities, enabling them to intervene quickly – Ideally, before hackers start to exploit them.
3. Sri Lankan government breach. In August, the Sri Lankan government’s email network was affected by a ransomware attack.
The attack wiped months’ worth of data from nearly 5,000 email addresses, including those belonging to top government officials.
The targeted system, Lanka Government Cloud, was encrypted, and cyber security experts were able to partially restore systems from backups.
However, the government didn’t maintain data backups for the several months that preceded the attack, rendering all affected account data lost. This high-profile breach highlights the need to maintain daily data backups.
Ensure that your organization retains a strong data backup strategy. Be sure to leverage the 3-2-1 principle. This entails storing data in three separate locations, on two types of storage devices, with one copy located off-site.
4. 23andMe breach. In October, the genetic testing company 23andMe acknowledged the compromise of data for a subset of its users. Initially, over 14,000 individuals were informed about the breach. Presently, it’s estimated that almost 7 million people may have been impacted.
As stated in a blog post published by 23andMe, hackers gained unauthorized access to personal data using the technique known as “credential stuffing.” This involves using a collection of previously stolen passwords in attempts to obtain unauthorized access to unrelated accounts.
The breach perpetrators claim that the stolen data sample contains 1M data points that exclusively pertain to Ashkenazi Jews. Hundreds of people of Chinese descent were also affected by the leak. Much, if not all, of this data is now available for sale on the dark web.
In an age where information is treated as currency, every business is obliged to do more in order to protect it. If you haven’t already, ensure that your cyber security systems are state-of-the-art, conduct regular audits, and engage in third-party vulnerability testing in order to ensure the highest level of data protection.
5. Cyber security talent gap reaches 4M. This year, the cyber security workforce gap widened – expanding by more than 10% over 2022’s numbers.
Ninety-two percent of surveyed professionals indicated that they had cyber security staffing gaps in their organization. As many as 67% said that they were short on staff who could prevent and troubleshoot security issues.
Exacerbating the issue, as companies claimed victim-hood from economic headwinds, some cyber security teams saw significant cutbacks to their operations.
One conclusion that can be drawn here is that organizations are more concerned with economic risk than cyber risk. Yet, the two are inextricably interlinked, and cyber risk can quickly turn into economic risk.
This very notion must make its way through the highest echelons of an organization. It’s incumbent upon cyber security leaders to convey as much.
Build a more secure and resilient future. Transform your approach now, and be ready for whatever comes next.