Flashy headlines of big-name companies suffering data breaches keep piling up. But, data breaches also harm many small businesses, and experts say they must prioritize cybersecurity.
Victims of data breaches and exposures in the first half of 2023 increased 152.5% compared to the first half of 2022—from 62 million to 156.6 million, according to an analysis of Identity Theft Resource Center data by QR code generator company Flowcode.
In addition, 70% of small businesses suffered a data or cybersecurity breach — or both— in the last 12 months, according to ITRC data to be released this year. "We are on track to have the highest number of data breaches reported in the U.S.," said James E. Lee, chief operating officer at the ITRC, in an interview with Stacker.
Health care and financial services industries experienced the most data breach increases; manufacturing and utilities and professional services rounded out the five industries compromised the most.
Russia's Ukrainian invasion last year redirected hackers' attention to the eastern European country in search of evidence of war crimes, cybersecurity experts told Reuters.
A new and younger crop of data breachers took that opportunity to develop skills and enter the fray, Lee said.
This year's spiking numbers result from older, more traditional data criminals returning to the market, plus the newcomers gaining a foothold in the data breaching game, according to Lee: "They are just hitting their stride."
Also adding to 2023's elevated statistics is the massive cyberattack of MOVEIt, which had the largest data theft of the year. The file transfer software company's data breach harmed 2,000 businesses and government agencies and affected more than 62 million people.
"It hit every sector of the economy," Lee said.
If you are a small business, create room in your budget for cybersecurity to prevent it from being hit by an attack.
"At a minimum make sure you hire a service or have an expert on your staff who makes sure that you have all the tools that you need to protect your infrastructure," Lee said.
Businesses need someone to make sure that anti-virus software is updated, software is patched, and the company's computer system's firewall is working, he added.
Also, Lee said consistently and continually training employees about cybersecurity is essential: "Your employees are your weakest link."
For example, two-factor identification can help secure online accounts. Deciding which employees get access to data is another way companies can involve workers in cybersecurity hygiene efforts.
Lee also advises companies to investigate cybersecurity insurance coverage to help pay the costs of repairing and recovering from breaches that do happen.
Health care and financial services suffered the largest increases in data breach attacks from the previous year. Health care organizations had 379 compromises in the first half of 2023, compared to 161 in the prior year's first half. Identity criminals consistently target health data because "any information is valuable," Lee said.
The health care industry traditionally secured its payment systems but didn't care as much about the information.
"They didn't think their information was interesting or valuable," Lee explained. However, the health care system is full of little details about your life that make it easier for identity criminals to impersonate you if someone challenges their authenticity during a scam, he said.
Multiple organizations are involved in health care, creating a vast supply chain of data: lab companies, backend payment processing systems, bill collectors, social service agencies, and more.
Not surprisingly, the financial services industry has the second-highest number of data breaches—241 in the first half of 2023 compared to 127 for the same period in 2022. Unlike previous years, though, insurance companies are getting targeted, not just banks. Dental insurer MCNA suffered the fifth most significant data breach in the first half of 2023, affecting more than 8.9 million victims.
Story editing by Jeff Inglis. Copy editing by Kristen Wegrzyn.
This story originally appeared on Flowcode and was produced and distributed in partnership with Stacker Studio.