What We Learned from Data Breaches in 2022

We just witnessed one of the most eventful years of cyberattacks on record. The cost of a data breach has never been higher, the threat of cyberwarfare is a daily reality, and highly sensitive targets like critical infrastructure and supply chains face a broader range of cybersecurity challenges than ever before. Meanwhile, the evidence continues to accumulate that social engineering will remain the primary weapon in the cybercriminal arsenal. 
We’ve been tracking some of the most significant cyberattacks this year in our Behind the Hack series, and several trends have emerged from our research. Here’s what we’ve learned: 

1. Cloud platforms pose major security risks.

When Uber and Rockstar Games were hacked last September, it quickly became apparent that cybercriminals were able to infiltrate company Slack channels to steal sensitive data and gain deeper access. This is a reminder that these platforms should be monitored for suspicious activity, while the number of employees on a channel should be limited and they should be wary of the information they share. Other digital tools can be exploited as well – a major attack on Cisco took place after hackers were able to compromise a personal Google account because login credentials were synchronized with an employee’s browser. 
Further reading: 

Behind the Hack: Breaking down the break-ins at Uber and Rockstar

The four cybersecurity trends to watch in 2023, by NINJIO COO and CISO Matt Lindley

2. Cyberwarfare will continue to affect companies around the world.

Just as the Russian invasion of Ukraine has contributed to inflation and snarled global supply chains, acts of cyberwarfare have destructive consequences everywhere. Viasat is a company based in California which provides satellite communication services in Ukraine, and its systems were targeted by Russian hackers in the early days of the invasion. Several of the largest cyberattacks in history – from the Solar Winds breach to the NotPetya ransomware attack – were launched or supported by the Russian government. Given the effectiveness of these state-sponsored attacks and the fact that they can be launched with some measure of deniability (however thin), companies should be prepared for an era of cyberwarfare. 
Further reading: 

Behind the Hack: Ukraine + Viasat 

How Companies Can Protect the Country from Acts Of Cyberwarfare, by NINJIO CISO and COO Matt Lindley

3. Supply chain cybersecurity has never been more vital.

It has been a difficult few years for companies in the supply chain sector – after major disruptions during the COVID-19 pandemic, these companies now face high costs and new obstacles (such as production and shipping delays related to the war in Ukraine). Meanwhile, supply chains confront unprecedented cyberthreats as they undergo a sweeping digital transformation and become increasingly tempting targets for cybercriminals and hostile governments. Verizon’s 2022 Data Breach Investigations Report found that supply chain breaches “increased dramatically this year.” According to a report from the National Institute of Standards and Technology, third-party service providers, vendors, and data aggregators represent some of the top risks to supply chains.
Further reading: 

NINJIO’s Supply Chain Cybersecurity Report

Why Cybersecurity Has Never Been More Important for the Supply Chain Sector, by NINJIO CEO Shaun McAlmont

 
The thread that links all these trends is the importance of building a cyber-aware workforce. From the responsible use of cloud platforms to the ability to spot and prevent cyberattacks in progress, cyber-aware employees are your most valuable security asset. This trend has been clear for a long time, and 2023 will be no exception.