Q4 2023 Cyber Threat Landscape Report: Threat Actors Breach the Outer Limits
by Laurie Iacono, Keith Wojcieszek, George Glass
While businesses might have become more prepared for direct cyberattacks, 2023 demonstrated that unfortunately a business is only as secure as the organizations within their environment. Third-party risk, which is to say any risk to an organization by external parties in its ecosystem or supply chain, was the headline culprit in 2023. This was greatly due to the extensive impact of the CLOP ransomware gang’s exploitations of the MOVEit Transfer vulnerability as well as the rise of social engineering attacks like business email compromise (BEC).
Kroll handles thousands of incidents every year and saw evidence of this breach having a significant impact on the most breached industries. In this year's Data Breach Outlook, Kroll ranked which industries continue to top the charts.
In 2023, finance was the most breached industry, accounting for 27% of the breaches handled by Kroll, compared to 19% in 2022. While in the spotlight for 2022, healthcare dropped to second place, yet still accounted for 20% of breaches. This is only slightly less than in 2022 where it accounted for 22% of breaches.
The financial sector is an attractive target for cyber criminals not only for the immediate financial gain but also due to the wealth of sensitive customer information it holds. However, the 2023 increase in data breaches is likely due to the CLOP ransomware activity impacting small- to mid-sized regional banks. Further, Kroll also observed several casess in which financial institutions were affected by the CLOP exploitation when a third party they worked with was posted to the victim shaming site, exposing data related to their customers. This type of activity and its impact underscores the fragility of organizational interdependence and the extent of third-party risk.
Further, the professional services moved up from fifth most targeted industry to third in 2023. This could be due to the steady rise in BEC cases particularly affecting this industry, with a high concentration of this activity related to legal firms from the BLACKCAT ransomware gang. Indeed from Q1 to Q3 of 2023, Kroll saw BEC attacks increase by 21%.
While the finance and healthcare sectors battle it out for a gold and silver medal yet again, perhaps a more interesting story is found in the middle of the chart.
Notable Shifts in 2023
Further investigation into the data unveils some insights into how concerned consumers are in these respective industries about the data breaches in question. While the financial sector might have experienced the most data breaches in 2023, it was in fact the technology sector that seemed the most concerned. Indeed, the highest number of incoming calls related to these data breaches came from the technology sector, as well as the highest number of consumers who took up identity protection – often a combination of identity and credit monitoring.
In fact, in 2023, Kroll saw over a quarter of a million calls from the technology sector and provided over a million monitoring activations.
This astronomical increase in calls and monitoring for the technology sector all point to the same glaring cyberattack from 2023 – the MOVEit transfer vulnerability.
The MOVEit vulnerability was a perfect example of the ripple effect one attack can have on an ecosystem of connected companies. Indeed, third-party risk is now presenting as a key area of concern due to shifting threat actor behaviors and priorities.
Within the technology sector group observed by Kroll were businesses that deal with pensions and benefits. This could account for the sharp increase in phone calls made following being notified of a breach as the age demographic of this particular industry could be more inclined to call a helpline in order to ensure their pensions and benefits remain safe.
This could also be of interest to insurers looking to estimate the financial exposure of data breaches. A more engaged population of consumers impacted by a data breach could result in more identity monitoring and higher costs for the insurer and/or organization.
Interestingly, Kroll data shows that in total, over 91 million people were notified of a data breach in 2023. This can be broken down in the below communication channels:
When looking at the identity theft trends and how victims are being targeted, one method in particular continues to be the most common; new credit card fraud. Utilities fraud and new cell phones fraud were also trending in 2023.
Understanding the drivers behind the Data Breach Outlook figures is subjective, and it is important that businesses combine this data with their own insight from talking to customers and market research. It is also true that while an industry may make up less of the overall number of data breach cases, it is not immune from the impact of a data breach and should similarly have playbooks if an incident was to occur.
To understand more about how the data breach notification process works and what you can do ahead of time to ensure it runs as smoothly as possible with minimal financial and reputational damage, please reach out to our data breach experts.
You may also be interested in reading our 2022 Data Breach Outlook – Healthcare is the Most Breached Industry of 2022.
For more insights, visit the Cyber Blog at kroll.com/cyberblog
Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.
Kroll’s data breach notification, call centers and monitoring team brings global breach response expertise to efficiently manage regulatory and reputational needs.
Services include drafting communications, full-service mailing, alternate notifications.
A notification letter can generate lots of questions for those affected by a data breach. Kroll’s call center services are provided by skilled representatives who know how to handle difficult questions and stand at the ready to serve your breached population.
Kroll delivers more than a typical incident response retainer—secure a true cyber risk retainer with elite digital forensics and incident response capabilities and maximum flexibility for proactive and notification services.
Kroll’s unique combination of identity monitoring services can detect more types of identity theft than credit monitoring alone, providing practical help to combat identity theft and fraud.
by Laurie Iacono, Keith Wojcieszek, George Glass
by David White
by George Glass
by Dave Truman
by George Glass
by George Glass, Ryan Hicks
by Sean Straw
by George Glass, Ryan Hicks, Mikesh Nagar