Three Cybersecurity Mistakes and How To Counter Them

Stuart Madnick, writing in The Harvard Business Review, notes that despite efforts to strengthen cybersecurity, there was a 20 percent increase in data breaches from 2022 to 2023. That continues a longstanding trend of year-on-year increases. He identifies three primary reasons.

Cloud misconfiguration is number one. More than 60 percent of the world’s corporate data is stored in the cloud. In 2023, eight of 10 data breaches involved data stored in the cloud.

Madnick defines misconfiguration as unintentional misuse of the cloud, mainly permissive cloud access; unrestricted ports; and use of unsecured backups.

Misconfiguration can be countered by avoiding shortcuts, making sure that the cloud configuration is set correctly, and verifying that cloud storage is used correctly.

New kinds of ransomware attacks are the second factor. Chief among them are the threat of public disclosure in addition to encryption, and the emergence of ransomware as a service. The latter includes franchise arrangements, purchase or monthly rental of malware, and payment arrangements to accommodate start-up data thieves, splitting the ransom, for example.

Countering these types of attacks requires fast, efficient backups, and prevention of exfiltration and exposure of data. Constant monitoring of data transfers to sites outside your systems and halting illicit transfers are the first steps. Second, only store data in an encrypted format, so that even if an attacker can exfiltrate your data, it cannot be read or disclosed.

Most companies have increased their cybersecurity, which leads to the third factor, accessing data via vendors’ systems. The vendors are often small companies with limited cybersecurity resources. Once attackers gain control of their systems, they can use them to steal their customers’ data.

Counter this threat by using services that provide “cyber security credit scores” to evaluate an organization before doing business with it. Limit each vendor’s access to what is necessary, and monitor data being exported from your systems to detect illicit exfiltrations.