Looking Back – and Ahead – in Data Security
In the world of data security, 2022 was another year of remote and hybrid work, expanded attack surfaces, and bold cyber criminals employing sophisticated methods to carry out their schemes. Organizations around the globe have also had to comply with numerous new regulations that give consumers more control over their personal data. What does this mean for 2023?
At NetLib Security, we have been observing the complex and evolving situation, working with our customers to tailor our continued efforts to meet their needs, and to address the many complex challenges facing them. With 2022 coming to a close, it’s a perfect time to reflect on recent burgeoning trends, while looking ahead to 2023 and what it might bring to data security efforts. Will companies finally start taking the need for enhanced security with full force?
Hacking the human
The healthcare, financial, and education sectors have been hit hard this year, and this trend is predicted to continue. Jen Easterly, the Director of the Cybersecurity and Infrastructure Security Agency (CISA) has explicitly emphasized these as areas of concern. Verizon’s 2022 Data Breach Investigation Report revealed that human error has been a substantial factor in compromised data security this year, accounting for 82% of data breaches at the time of the report. “Hacking the human,” as it is also called, is a big reason why phishing schemes are still one of the largest attack vectors, along with other online scams, data harvesting, and the use of malicious domains.
An Interpol report indicates that cyber criminals have shifted more of their attention to large, multinational businesses, government organizations, and public infrastructure. This means that bad actors will either exploit employee error, or launch sophisticated attacks of their own against these firms. Once they are inside the network, if corporate data is not encrypted, it becomes the thieves’ to use in any way they desire. Because cybercrime is ubiquitous both nationally and globally, a myriad of regulations have been drafted that are similar to the European General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA). Four new U.S. state-specific privacy laws will in fact become effective throughout 2023.
Remote working has further complicated matters
With the expanded attack surface created by this shift in workforces, many types of human errors exacerbate the digital dangers facing businesses, healthcare, and government organizations. Remote working’s extensive use of public cloud and interconnected software supply chains are just two of the factors necessitating new, out of the box approaches to cyber risk management.
Third-parties have always been a major security risk to sensitive corporate data, and organizations should restrict access to their most critical assets, both in-house and externally. A company can offer all the cyber hygiene training it wants – people are still going to click on malicious links in an email, especially if it looks legitimate.
The rise of ransomware
Ransomware is another important threat to monitor. Data from Statista shows that during the first half of 2022, there were approximately 236 million ransomware attacks. Compare this to 2021, which saw a total of around 623 million, with incidents decreasing as the year progressed. If this year ends in similar fashion, it might tempt people into thinking the danger has lessened. Indeed, as Surfshark says, “Looking at the big picture, 2022 seems like a promising year. The number of breached accounts has significantly gone down compared to 2021.”
Nothing could be further from the truth, however. NVIDIA can certainly attest to this, given its experience with having around a terabyte of its proprietary information stolen and encrypted by the ransomware group known as LAPSUS$. When NVIDIA elected not to pay the ransom (as more organizations seem to have done this year), the thieves released the data publicly. This was one of the most notable ransomware incidents of 2022, and also highlights the importance of keeping your data encrypted, before somebody else potentially releases your internal data.
NVIDIA was not alone. A ransomware attack on Bernalillo County in New Mexico closed government buildings, affected educational institutions, and compromised prison security. Last month, CommonSpirit, one of the largest non-profit healthcare organizations in the US, was hit by ransomware that impacted core systems, delayed patient care, and even diverted ambulances from facilities. Overall, ransomware is still part of 10% of all data breaches, says Forbes.
What does this mean for data protection in 2023?
Cybersecurity solutions will continue to be crucial for organizations that handle sensitive data. Whether healthcare, government agencies, or businesses, NetLib Security’s Encryptionizer solution can help tackle the multifaceted challenges facing firms going into 2023. Offering simple and efficient encryption of stored data with no additional programming, Encryptionizer also assists in adhering to the ever-changing compliance landscape, helping to meet requirements for PCI, GDPR, HIPAA Omnibus/HiTECH, and FIPS 140-2.
As always, an emphasis must be made on improving overall security mindset, knowledge and structures throughout an organization. Bolstering detection and response capabilities, locking down connected Internet of Things (IoT) devices, enacting strong security regulations, and above all, encrypting valuable data to prevent cyber criminals from exploiting proprietary and private information.
Learn more about how NetLib Security’s Encryptionizer can help you easily and swiftly protect your stored data.
About NetLib Security
NetLib Security has spent the past 20+ years developing a powerful, patented solution that starts by setting up a formidable offense which can be managed from anywhere in the world, across every environment where your data resides: physical, virtual and cloud. Our platform is geared to simplify the process for you while ensuring unprecedented levels of security are in place.
You can simplify your data security needs by utilizing Encryptionizer to satisfy your security requirements quickly, and with confidence. These days it’s essential to protect the safety, integrity and confidentiality of sensitive data. NetLib Security’s unique encryption solutions are an easy and cost effective way to proactively and transparently protect your data. We also understand budget considerations are a constant concern, which is why we designed an affordable data security platform to protect, manage and defend while enabling the growing areas of compliance. Protecting your data doesn’t have to break the bank, but not protecting it will.
NetLib Security works closely with government agencies, healthcare organizations, small to large enterprises spanning financial services, credit card processors, distributors, and resellers to deliver a flexible data security solution to meet their ever changing needs. For more information or to request a free evaluation visit us at www.netlibsecurity.com.