Cyber pirates manage to steal data through three main vectors: databases, cloud applications, and removable USB devices. Nearly three quarters of security breaches have required public disclosure, putting the brand’s reputation at stake. What are companies doing to fend off these attacks? Are they aware of the danger? Let’s zoom in on this omnipresent threat.

On Wednesday, January 24th, a leak of over 26 billion data records, including several million from Twitter, Deezer, LinkedIn, Adobe, Dropbox, and Canva, occurred. Dubbed the Mother of All Breaches (MOAB), this database “includes information from thousands of leaks, breaches, and privately sold databases meticulously compiled and re-indexed,” according to Cybernews. It resides in an open cloud instance and consists of 26 billion data records spread across 3,800 folders, each “corresponding to a distinct data breach.”

PwC’s 2024 Global Digital Trust Insights survey, conducted among 3,876 executives and technology leaders in the world’s largest companies (30% of respondents have revenues of $10 billion or more), shows that there’s room for increased vigilance in cybersecurity.

The cost and scope of data breaches continue to rise. Although attacks via the cloud are the main concern for companies, about a third of them do not have a risk management plan to address the cybersecurity challenges posed by the cloud. Only half of the companies say they are “very satisfied” with their cyber technological capabilities. 30% of companies still consider themselves insufficiently equipped.

Forrester and some forecasts Forrester has just unveiled its forecasts for 2024 in the fields of cybersecurity, risk, data privacy, and trust.

Future Perspectives: 90% of breaches will involve a human element. The percentage of breaches involving a human element will increase in 2024 due to the impact of generative AI and the prevalence of communication channels that make social engineering attacks simpler and faster. Therefore, raising awareness and providing security training will be crucial. However, news organizations will become coveted sources of information. In 2024, Forrester predicts that trust in the credibility of sources will reach a record level – and thus there will be an indispensable rebound in trust in the media.

Conversely, consumer trust in companies will decrease by 10%. With the global Olympic Games and the upcoming US presidential elections, consumer skepticism will reach a record level. The spread of misinformation will also affect all businesses.

A study conducted through online questionnaires, carried out between December 12 and 31, 2018, among organizations with more than 1000 employees in the USA, UK, Singapore, France, and Germany, highlights the lag in companies’ cybersecurity. Particularly in French companies where 74% of IT managers have experienced serious security breaches.

This study revealed that despite improvements in combating cybercrime and threats, information security professionals must deal with securing their organization and protecting it from vulnerabilities.

“The threats have evolved and will continue to become increasingly sophisticated,” explains Fabien Rech, Southern Europe GM of McAfee. “Organizations need to enhance their security measures by implementing a strong security culture internally, and by emphasizing that all employees must adopt a security mindset common to society, not just IT teams. To anticipate threats, it is essential for companies to provide a holistic approach to improving security processes, not only through integrated security solutions but also through developing good security hygiene.”

What are the insights from this study? Seasoned and cunning predators. Indeed, they are imaginative and use all methods and tricks to steal data. However, it should be noted that among the main data exfiltration vectors, the top 3 are leaks in databases, cloud applications, and removable USB devices. Intellectual property, their preferred target. Thus, personal identification information and intellectual property have the highest potential impact, for 43% of respondents. Personal identification information concerns Europeans more (49), probably due to GDPR. In the Asia-Pacific countries, theft of intellectual property is a greater concern (51%) than personal information. Where are the culprits? IT is considered guilty. 52% of respondents blame IT services for initiating major data breach events. Business operations (29%) are also in the spotlight as potentially involved parties. Conversely, highly regulated internal services including finance (12%), legal (6%), are considered the safest services. A risky accountability. 55% of IT professionals believe that senior executives should lose their jobs if a breach is serious enough. Moreover, 61% state that their senior executives are more lenient towards themselves regarding security. Implementing protection systems, a must. IT professionals are taking action, with nearly 2/3 of respondents stating they have invested in DLP, CASB, and endpoint detection solutions over the past 12 months. Respondents believe that between 65 and 80% of breaches could have been avoided if such actions had been taken. 81% of IT professionals lament a lack of integration of policies or the absence of unified management between “on-Premise” Data Loss Prevention (DLP) and Cloud Access Security Broker (CASB) solutions. The stakes are significant as cybercriminals continue to target personal data and industrial property. Moreover, when a significant breach occurs, disclosing these vulnerabilities has financial consequences. But it also damages reputation and brand.