top of page
Blurred empty open space office. Abstract light bokeh at office interior background for de

Data Breaches of 2023: Why Cyber Security Needs to be Top -of-Mind for Businesses in Connecticut .



Map with threat hotspots on it.

The battle against cyber threats is an ongoing challenge. Unfortunately, 2023 has proven to be a watershed year for data breaches. Data compromises have surged to an all-time high in the U.S. This is based on data from the first 9 months of the year. Meaning that numbers will only end up higher for the year.


The last data breach record was set in 2021. That year, 1,862 organizations reported data compromises. Through September of 2023, that number was already over 2,100.


In Q3 of 2023, the top data compromises were:


  • HCA Healthcare

  • Maximus

  • The Freecycle Network

  • IBM Consulting

  • CareSource

  • Duolingo

  • Tampa General Hospital

  • PH Tech


This data underscores the relentless efforts of cybercriminals to exploit vulnerabilities. As well as access sensitive information. Let’s take a look at the main drivers of this increase. And the urgent need for enhanced cybersecurity measures.


1. The Size of the Surge - Cyber Security in Connecticut


The numbers are staggering. Data breaches in 2023 have reached unprecedented levels. They've increased significantly compared to previous years. The scale and frequency of these incidents is concerning. They emphasize the evolving sophistication of cyber threats. As well as the challenges organizations face in safeguarding their digital assets.


According to the Hartford Business, more than 800,000 Connecticut residents were impacted by a data breach in 2023. Connecticut has an approximate population of 3.6 million. Doing the math... In one year, the personal information of 22% of Connecticut residents was compromised.


As a business in Connecticut, we need to remember that we are also members of the community. For most of us, our clients and customers live and work in Connecticut and our employees live and work here. Connecticut's business and personal communities are intertwined. We are custodians of our client's and our employee's data. We need to be more aware and proactive regarding the security concerns around this responsibility.


2. Healthcare Sector Under Siege


One of the most disturbing trends is the escalating number of breaches in healthcare. Healthcare organizations are the custodians of highly sensitive patient information. As a result, they’ve become prime targets for cybercriminals. The breaches jeopardize patient privacy. They also pose serious risks to the integrity of medical records. This creates a ripple effect that can have long-lasting consequences.


Healthcare Breaches in CT in 2023:


  • Yale New Haven Health

  • Prospect Medical Holdings

  • Manchester Memorial Hospital

  • Rockville General Hospital

  • Waterbury HEALTH

  • Eastern Connecticut Health Network


Interestingly enough.... here is a snippet of a study from NordPass - a password manager provider


Nord Pass Healthcare Industry Password Statistics.

Things that standout:


  • 74% of passwords used by healthcare professionals are reused.

  • The top 10 passwords being used I wouldn't use as a password on my NETFLIX account, what are they doing being used on Medical/Healthcare systems?


As a business community in Connecticut, we need to do better than this. Get away from passwords if you can, but if not... do some of the following to reduce your risks:


  • Enforce complex and unique passwords on your systems.

  • Use a password manager

  • Enforce Multi-Factor Authentication on ALL accounts ( MFA stops over 99.9% of attacks )

  • Enforce password changes every 90 days ( MAX )


As owners/managers of IT systems in Connecticut, these security policies are no longer "optional" and holding employees accountable to these policies should be a priority. Not following these simple policies can literally destroy your company, it's reputation and the local communities you do business in. Do The Right Thing!


3. Ransomware Reigns Supreme


Ransomware attacks continue to dominate the cybersecurity landscape. Cybercriminals are not merely after data. They are wielding the threat of encrypting valuable information. Then demanding ransom payments for its release. The sophistication of ransomware attacks has increased. Threat actors are employing advanced tactics to infiltrate networks and encrypt data. They are also using many different methods to extort organizations for financial gain.


4. Supply Chain Vulnerabilities Exposed


Modern business ecosystems have an interconnected nature. This has made supply chains a focal point for cyberattacks. The compromise of a single entity within the supply chain can have cascading effects. It can impact several organizations downstream. Cybercriminals are exploiting these interdependencies. They use vulnerabilities to gain unauthorized access to a network of interconnected businesses.


5. Emergence of Insider Threats


External threats remain a significant concern. But the rise of insider threats is adding a layer of complexity. It's added to the already complex cybersecurity landscape. Insiders inadvertently contribute to data breaches. Whether through malicious intent or unwitting negligence. Organizations are now grappling with a challenge. They need to distinguish between legitimate user activities and potential insider threats.


6. IoT Devices as Entry Points


The proliferation of Internet of Things (IoT) devices has expanded the attack surface. There’s been an uptick in data breaches originating from compromised IoT devices. These connected endpoints range from smart home devices to industrial sensors. They are often inadequately secured. This provides cyber criminals with entry points to exploit vulnerabilities within networks.


7. Critical Infrastructure in the Crosshairs


Critical infrastructure has become a target of choice for cyber attackers. This includes energy grids, water supplies, and transportation systems. The potential consequences of a successful breach in these sectors are often financial. But that’s not all. They can also extend to public safety and national security. As cyber threats evolve, safeguarding critical infrastructure has become an urgent imperative.


8. The Role of Nation-State Actors


Geopolitical tensions have spilled into the digital realm. Nation-state actors are increasingly playing a role in sophisticated cyber campaigns. These actors are often driven by political motives. They use advanced techniques to compromise sensitive data and disrupt operations. This is to advance their strategic interests in the global cyber landscape.


9. The Need for a Paradigm Shift in Cybersecurity


The surge in data breaches underscores the need to rethink cybersecurity strategies. It's no longer a question of if an organization will be targeted but when. Proactive measures include:


·        Robust cybersecurity frameworks

·        Continuous monitoring

·        A culture of cyber awareness


These are essential for mitigating the risks posed by evolving cyber threats.


10. Collaboration and Information Sharing


Collaboration among organizations and information sharing within the cybersecurity community are critical. Especially as cyber threats become more sophisticated. Threat intelligence sharing enables a collective defense against common adversaries. This allows organizations to proactively fortify their defenses. They do this based on insights gained from the broader cybersecurity landscape.



Picture of a business conference room.


Protect Your Business from Devastating Data Breaches


The surge in data breaches in 2023 serves as a stark reminder. It reminds us of the evolving and pervasive nature of cyber threats. There is an urgent need for heightened cybersecurity awareness and robust defensive measures. Cyber Security must be a top-of-mind concern for businesses in Connecticut, as well as a commitment to adapt to the ever-changing tactics of cybercriminals.


Need help protecting your business? Give us a call today to schedule a chat.





Article used with permission from The Technology Press. 


















16 views

Commenti


bottom of page