As the world leans more into remote work and hybrid models, the urgency to maintain security grows. In this environment, security teams face new security risks and must navigate challenges like ensuring secure access and protecting sensitive data. Using personal devices and home Wi-Fi networks at work amplifies these challenges, especially when employees use them.

This article will explore key strategies, focusing on the best countries for remote work, the importance of doubling down on network security, and tips to strengthen your team’s cybersecurity muscle. The content is based on the NordLayer × SoSafe November 29 webinar, available for free viewing for more insights on securing a business.

Best countries for remote work

First off, remote working isn’t a one-size-fits-all; different countries offer varied experiences. At NordLayer, we’ve sifted through 108 countries, assessing them on cyber safety, economic stability, digital and physical infrastructure, and social safety. This analysis has revealed some top picks for remote workers.

5 key insights into remote work destinations

• Northern Europe is a clear leader in the top 10 for remote work, with Spain (4th) and Portugal (6th) as notable exceptions.

• Broadly, Europe takes the lead in the top 50, though Montenegro (74th), Bosnia, and Herzegovina (83rd) fall behind.

• For value-for-money, Portugal (6th) emerges as a standout choice.

• Interestingly, major English-speaking countries don’t make the top 10, with the USA (16th), Canada (14th), the UK (19th), and Australia (25th) ranking lower.

• Cyber and social safety are consistent indicators of a good remote work environment.

Cybersecurity plays a crucial role in these rankings. Countries that lead in remote work security, especially in Northern Europe, boast robust cybersecurity infrastructures. This includes top-notch network encryption and secure Wi-Fi networks, essential for remote workers.

Why and how to double down on network security

In 2023, phishing attacks hit hard, accounting for 95% of the causes of all data breaches. This highlights the growing severity of security breaches and data risks in our increasingly digital world.

In this remote and hybrid work era, robust network security is more important than ever. With employees scattered in various locations, a strong, fortified network is key to protecting not just corporate data but the very manner in which we work.

Secure remote access

Begin by securing remote network access. Technologies like VPNs, secure login methods, and access controls are crucial. They create a secure digital boundary, crucial for protecting your operations in a remote work setup. These tools are the first line of defense against potential security risks.

Ensure endpoint security

Securing endpoints—laptops, mobile devices, and home computers—is also vital. Equip these devices with the latest internet security software. This step is essential in safeguarding against unauthorized access and potential security breaches that can originate from vulnerable personal devices.

Invest in employee training and awareness

Finally, employee education is critical. Regular training sessions and cybersecurity drills play a significant role in enhancing your team’s awareness of security risks. By keeping your workforce informed and vigilant, you can significantly reduce the risk of security incidents.

Experts in our webinar underscore the changing nature of cyber threats, with cybercriminals increasingly employing psychological tactics. Thus, continuous monitoring and a robust incident response plan are crucial.

For a deeper understanding of network security and more expert insights, access our detailed webinar. It’s a crucial step in strengthening your remote work environment against the ever-evolving security risks.

Cloud firewalls and Firewall-as-a-Service

Cloud firewalls offer an effective solution for businesses operating in hybrid and remote environments. Take NordLayer’s Cloud Firewall as an instance: it sets rules based on user identity, traffic destination, such as a local server or cloud resource, and access methods, including ports and protocols.

For a deeper understanding of Cloud Firewalls and Firewall-as-a-Service, our free webinar provides comprehensive insights.

Strengthening cybersecurity in teams: taking security threats seriously

The stark reality of security threats

Home-office cyber-attacks in Germany cause over €50 billion in damages annually. This staggering figure highlights the reality and severity of security threats in the modern digital world. Moreover, data security incidents cost, on average, $4.42 million, with remote work adding an extra $1.07 million.

Building a robust cybersecurity culture

Despite these risks, only 38% of organizations secure work devices connected to the company network. This gap underscores the need for a stronger cybersecurity culture within teams. Over 90% of IT and cybersecurity experts agree on the importance of awareness, yet 40% of organizations report very low employee awareness levels.

Practical steps to enhance cybersecurity

To address this, businesses must adopt simple, effective cybersecurity practices. Regular software updates, secure access management, and educating employees about phishing and malicious behavior are crucial. Implementing multi-factor authentication can significantly bolster remote work security. Such measures foster resilience and a proactive stance against cyber threats.

Leveraging technology and continuous learning

Adopting behavioral science principles, such as positive reinforcement, can drive secure behavior. Continuous learning and expanding the scope of cybersecurity knowledge are essential for teams. Remember, strong cybersecurity habits benefit both private and work life.

Addressing security gaps in the remote work environment

Tackling security breaches and data breaches

As remote and hybrid work models become more prevalent, data breaches have become a more significant concern. It’s vital to review and update security settings regularly to prevent such incidents. A robust approach to detecting and addressing security gaps, especially in unsecured Wi-Fi networks, is essential for protecting sensitive information.

Secure home Wi-Fi networks

With many employees working remotely, the security of home Wi-Fi networks is more crucial than ever. Encourage employees to strengthen their home network’s security, emphasizing the importance of using secure and unique passwords and staying vigilant against unauthorized access.

In summary, managing cybersecurity in a hybrid and remote work environment requires a comprehensive approach. Balancing security with usability is key for businesses. Encouraging users to stay aware and use systems and services that protect personal and corporate data is important. It’s essential for organizations to manage their network and devices effectively.

To learn more about how to manage these challenges and keep your business secure, watch our webinar. It offers practical advice and expert insights to guide you through the complexities of hybrid work and remote work security.

As we navigate through the rapidly evolving landscape of cybersecurity in 2024, it’s crucial to recognize the dynamic nature of cyber threats. Gartner forecasts that worldwide end-user spending on security and risk management will reach $215 billion in 2024, a 14.3% growth from 2023. This investment reflects the increasing complexity of digital risks. 

We explore the top 10 cybersecurity trends, each of them presents unique challenges and requires nuanced responses from cybersecurity professionals.

Key takeaways

• Global cyber conflicts are escalating rapidly.

• Data breaches in healthcare are increasing.

• Remote work brings new security challenges.

• Human error is the main reason for cybersecurity breaches.

• Ransomware attacks require better response strategies.

Cyber warfare: an evolving threat in cybersecurity

In 2024, cyber warfare mirrors global tensions, growing in sophistication.

Russian cybercriminals disrupt Ukrainian and European supply chains, impacting aid delivery. A new group, “Cyber Toufan,” believed to be backed by Iran, attacked Israeli companies.

The U.S. grapples with cyber threats from Chinese state-linked threat actors. They have infiltrated about 25 organizations, including U.S. government agencies. Such cyber strikes demonstrate the growing scope of state-sponsored cyber-attacks and emphasize the need for robust cyber defenses.

Impact on the 2024 presidential elections

In the 2024 presidential elections, the shadow of past cyber intrusions looms large. The 2016 election was marred by Russian state-sponsored cyber-attackers who stole and leaked emails from the Democratic National Committee (DNC) and Hillary Clinton’s campaign chairman, John Podesta.

The trend persisted into 2020, when Fancy Bear, the Russian military intelligence-linked unit involved in the 2016 breaches, attempted to gain access to accounts of both Republican and Democratic political consultants, advocacy organizations, and think tanks. Although a specific attack on a Democratic presidential candidate’s advisory firm was thwarted, these incidents signal potential risks for the 2024 elections.

Healthcare sector vulnerabilities

The Health Insurance Portability and Accountability Act (HIPAA), established in 1997, sets strict rules for patient data protection in the healthcare sector. Despite this, healthcare continues to face significant cyber threats.

Recent trends in healthcare cybersecurity show both challenges and progress. The breaches, often due to unauthorized data access, underscore how vulnerable the sector is to cyber-attacks. In 2022, the U.S. healthcare sector saw 344 data breaches. By October 2023, this number decreased to 69 cases, a decline from the peak in 2015.

The consequences of these cyber-attacks are profound. They not only cause financial and reputational damage but also affect patient care. Recent data links ransomware attacks to higher mortality rates and longer hospital stays.

The high cost of health data breaches

From March 2022 to March 2023, the healthcare industry faced the highest costs for data breaches. On average, each breach cost nearly 11 million U.S. dollars. The financial sector ranked second in comparison, averaging 5.9 million U.S. dollars per breach. Across all sectors, the global average data breach cost was 4.45 million U.S. dollars.

Cybersecurity challenges in the hybrid work environment

In the hybrid work model, several cybersecurity risks are evident. The introduction of various devices and networks expands the potential for cyber threats. Limited control over remote workers and workspaces makes securing devices a challenge. Using public Wi-Fi, especially when traveling, increases exposure to cyber-attacks. Additionally, working across borders can lead to compliance issues with different data privacy laws.

Despite these risks, the shift towards hybrid work persists, making it essential for companies to enhance their cybersecurity strategies to navigate the changing environment.

Generative AI: a new frontier in cyber threats

Generative artificial intelligence, particularly in the form of deepfakes, has emerged as a novel threat in the cyber world.

In August 2023, Mandiant, a cybersecurity firm owned by Google, reported a groundbreaking discovery. They found deepfake video technology being explicitly crafted and marketed for phishing scams. Remarkably, the cost for these deceptive tools was minimal: $20 per minute, $250 for an entire video, or even $200 for a training session.

This development signals a trend in the cybercrime landscape, where advanced artificial intelligence becomes a tool for fraud at surprisingly low prices. This marks a new challenge in cybersecurity.

Supply chain attacks: a growing concern

In June 2023, a North Korean cybercriminal group breached JumpCloud, a SaaS provider, targeting cryptocurrency companies. A report by Chainalysis states that North Korean-linked groups stole about $1.7bn in digital cash through multiple attacks last year.

Supply chain attacks have surged, with a 633% increase in 2022 alone, becoming a prominent part of cybersecurity trends. Factors driving this trend include complex, global supply chains and the sophistication of cyber-attacks.

Cloud security and the threat of cloud jacking

Cloud jacking, where attackers hijack cloud accounts, surged in 2023. Cybercriminals exploited cloud vulnerabilities, used phishing or stolen credentials. Once inside, they could steal data, plant malware, or disrupt services. The growing reliance on cloud services widened the potential for such attacks.

Key trends in 2023 included more frequent attacks on SaaS applications and increased automated scanning for cloud weaknesses. Ransomware became a favored tool, locking organizations out of their own cloud data. In 2022, API security lapses contributed to the risks, with a 286% increase in API threats and 34% of organizations without a strategy to protect APIs, leaving 91% of APIs exposed to data theft.

Double and triple extortion

The trend of double and triple extortion in cybercrime has escalated. Techniques combining encryption, data theft, and DDoS attacks are more frequent. Data exfiltration is on the rise, with an increase from 40% in 2019 to 77% in 2022, with 2023 on course to surpass 2022’s total. With this upward trajectory, 2024 is likely to see a continuation of these cyber extortion tactics.

Social engineering and user privacy: the human factor

The human element is a significant factor in cybersecurity incidents, with 95% of breaches attributed to human error. This makes it not only a common issue but also a costly and serious one.

In 2023, several major security breaches occurred due to human errors. On January 11, 2023, MailChimp employees fell victim to social engineering by an external party, affecting 133 customers. This incident involved WooCommerce, a widely-used eCommerce plugin for WordPress, leading to the exposure of customer names, store URLs, and email addresses. MailChimp responded by restricting access and informing those affected. They assured that no credit card or password information was compromised. However, the breach highlighted the risk of potential phishing attacks aimed at obtaining credentials or introducing malware.

Ransomware threats: evolution and response

In 2023, ransomware attacks continue to threaten organizations, with attackers demanding payment to decrypt critical data. The impact is growing; U.S. healthcare organizations faced an average downtime of 18.71 days due to these attacks, up from 16 days in 2022. This underscores the evolving nature of cybersecurity trends in ransomware.

The rise of mass ransomware attacks

This year also witnessed a surge in mass ransomware attacks, with ransom-as-a-service groups exploiting software vulnerabilities to target numerous companies simultaneously. Notable incidents include the MOVEit and GoAnywhere software breaches, affecting hundreds of companies. Such widespread cyber-attacks signal a significant challenge for the cybersecurity and insurance sectors, potentially changing the industry’s approach to risk assessment and claims management.

Advancements in Zero Trust security

In the context of current cybersecurity trends, a positive development is also emerging. Zero Trust security, once a strategic goal, is rapidly becoming standard practice. By 2026, it’s expected that 10% of large enterprises will fully implement mature Zero-Trust programs, a significant rise from less than 1% currently.

Implementing Zero Trust is complex, requiring the integration of various components. The key to success lies in demonstrating its business value. Beginning with a simple, scalable approach allows organizations to progressively understand and adopt the framework, managing its complexity step by step.

Strategies for business safety in 2024

1. Use multi-factor authentication (MFA) to regulate network access.

2. Add extra authentication factors for administrative accounts.

3. Assign minimal user privileges in line with Zero Trust principles.

4. Secure remote devices with VPNs.

5. Require strong, regularly-changed passwords.

6. Encrypt all high-value data.

7. Use data loss prevention (DLP) tools to track valuable data.

8. Use intrusion detection systems/intrusion prevention systems (IDS/IPS) to track threats in depth.

9. Back up data regularly.

10. Audit backups and threat responses to ensure quick disaster recovery.

11. Regularly test your security systems.

12. Risk assess core threats and create response plans.

13. Train all staff to detect phishing attacks.

In 2023, NordLayer earned seven major awards, showcasing its growth in cybersecurity and network solutions. The awards include honors from the American Business Stevie® Awards, Globee® Cybersecurity Awards, and Cyber Defense Magazine’s Top InfoSec Innovator Awards. These prizes demonstrate that NordLayer is truly stepping up its tech game. The company also received 25 G2 award badges in fall 2023, confirming its rising industry status.

US business recognition: the American Business Stevie® Awards

Known as “The Stevies,” the American Business Awards symbolize US business excellence. Since 2002, they have recognized achievements in various sectors like marketing, IT, and customer service. The awards welcome entries from all US organizations, regardless of their size or type.

The Stevies’ judging involves over 230 global professionals annually. Judges from various fields assess each entry for excellence. The awards feature Gold, Silver, and Bronze levels, reflecting different achievement tiers.

NordLayer’s win in the Stevie® Awards’ Best Business Technology Pivot category, showcases our innovation and adaptability. This achievement places us in a prominent spot within the US business sector. It also confirms our effective approach to business technology and cybersecurity.

Global recognition at the Globee® Cybersecurity Awards

The 19th annual Globee® Cybersecurity Awards are a key global platform for cybersecurity excellence. They cover numerous categories, highlighting important advancements in this area. Over 250 experts rigorously evaluate entries, underscoring the competitive aspect of cybersecurity innovations.

NordLayer’s NordLynx received recognition, demonstrating our impactful role in cybersecurity. This highlights NordLayer’s significant position in the field and our commitment in digital security.

Top InfoSec Innovator Awards by Cyber Defense Magazine

In its 11th year, the Top InfoSec Innovator Awards by Cyber Defense Magazine represent a key accolade in the cybersecurity field. These awards recognize notable advancements in information security, with categories that span threat detection, risk management, and cyber defense strategies. Established in 2012, Cyber Defense Magazine provides a platform for these awards.

NordLayer’s achievement as the Most Innovative Zero Trust highlights our role in developing crucial security measures like the Zero Trust approach.

The SaaS Awards: spotlight on software-as-a-service excellence

The SaaS Awards, established in 2015, have become a key global benchmark in the software industry. They focus on Software as a Service achievements, attracting a diverse range of global companies. The awards span numerous categories, reflecting the diversity and innovation within the SaaS sector.

An international panel of industry experts judges these awards, focusing on innovation, usability, and performance. This guarantees a thorough review of all entries. NordLayer’s finalist position in the Best Security Innovation in a SaaS Product category marks significant industry recognition and underscores the importance of a forward-thinking approach to security in SaaS solutions.

Technological advancement in security: the Computing Security Awards

The Computing Security Awards are a key event in the cybersecurity industry, recognizing excellence in network and information security. These awards attract entries from a wide range of global companies.

NordLayer’s 2023 finalist status for Network Security Solution of the Year highlights our cybersecurity effectiveness.

Effective remote working environments: the RemoteTech Breakthrough Awards

The RemoteTech Breakthrough Awards, part of Tech Breakthrough, honor excellence in remote work technologies. In the digital and remote work era, these awards have become increasingly relevant.

NordLayer’s win as the Best Overall Remote Work Security Solution of the Year in 2023 from over 1,250 nominees showcases our prowess in remote work cybersecurity. This award highlights our commitment to secure and efficient remote work solutions.

Merit Awards: recognizing technological innovation

Founded in 2022, the Merit Awards honor global industry achievements with a focus on technology. These awards recognize leaders in innovation and technological progress, assessing cutting-edge technology submissions. Marie Zander, the executive director, emphasizes that the 2023 Technology Award winners have set new standards in technology use.

The selection process involves a diverse panel of industry experts and educators. Winners, categorized into gold, silver, and bronze levels, receive digital badges and promotional tools for recognition. NordLayer’s cybersecurity win at these awards highlights its significant role in driving technology innovation.

Users’ recognition: NordLayer’s achievement in G2 awards fall 2023

G2, a top software marketplace, is known for authentic user reviews on various products and services. With over 90 million users annually, including Fortune 500 employees, G2 is a key software resource. In fall 2023, NordLayer earned 25 G2 awards, showing its excellence in multiple software categories. This user-driven recognition makes NordLayer a top performer in the software landscape.

Business VPN Leader category

In the highly competitive BusinessVPN Leader category, NordLayer won nine awards, demonstrating its strong market position. These awards focus on partnership quality, multi-device usage, customer support, and protocol choices, key to user satisfaction. The range of awards includes:

• Business VPN Momentum Leader

• Business VPN Leader

• Business VPN Leader: Americas

• Business VPN Leader: Asia-Pacific

• Business VPN Leader: Europe

• Business VPN Mid-Market Leader

• Business VPN Mid-Market Leader: Americas

• Business VPN Small-Business Leader

• Business VPN Small-Business Leader: Americas

Best Secure Access Service Edge (SASE) platforms

SASE platforms unify various security solutions into a cloud-native service for modern computing needs. These platforms, evolving from secure web gateways and cloud access security broker (CASB) software, include Zero-Trust networking and secure perimeters. NordLayer stands out on the following categories:

• Cloud Security Leader

• Cloud Security Leader: Americas

• Cloud Security Small-Business Leader

• Cloud Security Small-Business Leader: Americas

Network Access Control (NAC) leader category

In the Network Access Control (NAC) category, NordLayer’s awards demonstrate our prowess in policy control and data protection. G2 evaluates factors like partnership quality and security. So, G2’s recognition reinforces NordLayer’s position with titles like:

• Network Access Control (NAC) Momentum Leader

• Network Access Control (NAC) Leader: Americas

Significance of NordLayer’s diverse awards

NordLayer’s varied awards across different sectors highlight our dedication to solving cybersecurity challenges. These recognitions affirm the effectiveness of our approach, in line with our mission to simplify cybersecurity for organizations. With user appreciation as a key indicator of success, each award marks NordLayer’s progress in the cybersecurity field.

Organizations seeking to strengthen their cybersecurity can rely on NordLayer’s recognized solutions. For more information or assistance, please contact our sales team.

2023 witnessed a series of impactful data breaches, each leaving a unique mark on cybersecurity. This retrospective dives into these incidents, offering insights and underscoring the evolving challenges in data security.

This article will overview the most intriguing and widely escalated data breaches of every month of 2023. We will also look at the tendencies of cyber-attacks and the forecast for the next year (spoiler alert: it’s going to be hot!).

Key facts of 2023’s data breaches we know so far

The year still has a few weeks to go, but everyone is already busy thinking about the holiday season and next year’s plans. Hopefully, malicious actors are also humans and as busy with end-of-the-year errands as possible, leaving businesses some space to breathe and relax, not thinking about cyber-attacks (unlikely, but we all can dream).

KonBriefing Research does a colossal job of collecting information about ransomware and cyber-attacks on businesses worldwide. The data they have so far reveal the scope and impact that follows every month.

Looking into data breach statistics specifically, the total number of breached accounts since 2004 reached a number of over 16.5 billion. According to this Surfshark research, a single email address is breached approximately 3 times.

The average cost of a data breach worldwide continues to rise steadily, reaching 4.45 million U.S. dollars in 2023. According to Statista, the healthcare sector has the highest average cost of a data breach.

IBM Cost of a Data Breach research revealed that the healthcare industry had been the leading sector in data breach costs for 12 years in a row. In 2022, the average cost of a data breach was $10.10 million. Notably, the overall global cost of such breaches has increased by 15% over 3 years.

The United States is at the top of the list of countries most affected by data breach costs, with an average total cost of  $9.48 million per breach. The Middle East follows second with $8.07 million per data breach.

1 U.S. dollar—this is how much higher the average data breach per record cost will be in 2023, reaching $165/record compared to last year’s average cost.

The same IBM research suggests that, on average, companies with incorporated AI and automation solutions save $1.76 million compared to organizations that don’t apply similar measures to mitigate data breach risks.

Organizations that don’t follow compliance requirements tend to pay a 12.6% higher average cost than companies that have a high level of compliance.

Verizon’s 2023 Data Breach Investigations Report revealed that financially motivated external actors induced 83% of breaches. Human error, the most common reason behind successful cyber-attacks, remains a consistent factor in 2023, with a human element present in 74% of breaches.

Verizon research also listed system intrusion as the most popular pattern of breaches. Basic web application attacks, social engineering, miscellaneous errors, privilege misuse, and lost and stolen assets follow it.

Let’s dive into the latest data breach news that happened in 2023. This overview is based on publicly available information about data breaches and is subject to change as more new findings are discovered and revealed over time.

January 2023

MailChimp data breach

MailChimp, an Intuit-owned email marketing platform, suffered a data breach. The breach occurred on January 11, 2023, when an unauthorized actor accessed Mailchimp’s tools used by teams interacting with customers.

• The actor gained access to a tool used for internal customer service and account management, compromising the data of 133 customers​​.

• The breach was executed through a social engineering attack on MailChimp employees and contractors, enabling attackers to obtain employee credentials.

• This incident was first detected when MailChimp noticed an unauthorized person accessing their support tools on January 11. MailChimp temporarily suspended access for accounts exhibiting detected suspicious activity to protect users’ data.

• MailChimp notified the primary contacts for all affected accounts on January 12, less than 24 hours after the initial discovery​​​​.

• MailChimp assured that no credit card or password information was compromised in this incident.

One of the notable customers affected by this breach was WooCommerce, a popular eCommerce plugin for WordPress. WooCommerce informed its customers that the breach exposed their names, store URLs, and email addresses.

Although there was no indication that the data stolen had been misused, there was a concern. Such data could be used for targeted phishing attacks to steal credentials or install malware​​​​.

February 2023

Activision data breach

Activision, a video game publisher known for games like Call of Duty and World of Warcraft, experienced a data breach in early December 2022, which surfaced only in February 2023.

• Attackers gained access to the company’s internal systems through an SMS phishing attack on an employee. Supposedly, the targeted employee belonged to the Human Resources department and had access to a significant amount of sensitive employee information​​.

• Bad actors were able to obtain sensitive employee information, such as full names, email addresses, phone numbers, and financial data like salaries, work locations, and more. The compromised data also included details about upcoming content for the Call of Duty Modern Warfare II franchise.

• This breach was not publicly or internally disclosed until screenshots of the stolen data, including the schedule of planned content for Call of Duty, were shared by the cybersecurity and malware research group vx-underground several months after the accident​​​​.

• Activision’s response to the breach involved swiftly addressing the SMS phishing attempt and conducting a thorough investigation.

The company initially asserted that no sensitive employee data, game code, or player data was accessed. However, the evidence provided by vx-underground and ‘Insider Gaming’ contradicted this claim, showing that sensitive workplace documents and employee information had indeed been exfiltrated​​.

This delay in notification raised questions about whether Activision complied with data breach notification laws. This is particularly relevant as California, where Activision is headquartered, has specific laws requiring companies to notify victims of data breaches when a significant number of state residents are affected​​.

March 2023

ChatGPT data breach

In March 2023, ChatGPT, an AI-driven chatbot developed by OpenAI, experienced a significant data breach.

• The data breach was caused by a bug in the Redis open-source library, which led to the exposure of other users’ personal information and chat titles. This bug allowed certain users to view brief descriptions of other users’ conversations from the chat history sidebar.

• The breach wasn’t directly caused by a threat actor but resulted from a vulnerability in the Redis open-source library. This vulnerability was inadvertently exploited due to a server-side change introduced by OpenAI. This changed to a surge in request cancellations and increased the error rate.

• The breach potentially revealed information about 1.2% of ChatGPT Plus subscribers. It included the active user’s first and last name, email address, payment address, the last four digits of a credit card number, and the expiration date. However, it’s emphasized that full credit card numbers were not exposed.

• The first message of a newly-created conversation might have been visible in someone else’s chat history if both users were active around the same time. Additionally, viewing other users’ chat history and conversation titles was possible.

OpenAI promptly addressed the bug soon after its discovery and temporarily shut down the ChatGPT service to manage the issue. The company announced a bug bounty program in April to help detect future issues and prevent similar incidents.

The incident highlighted the potential risks for chatbots and AI technologies and the importance of robust security measures, especially when using open-source libraries.

April 2023

Shields Healthcare Group data breach

Shields Healthcare Group is a Massachusetts-based medical services provider. It specializes in MRI and PET/CT diagnostic imaging, radiation oncology, and ambulatory surgical services. In 2023, the company experienced a significant data breach.

• The data breach involved unauthorized access to Shields’ systems. The breach was detected when suspicious activity suggesting a data compromise was observed.

• The exact method used by the attackers to gain access is unclear, but possibilities include exploiting a network software weakness or using a phishing attack to compromise an employee account​

• The attackers accessed a wide range of sensitive patient information and confidential data. This included full names, Social Security numbers, dates of birth, home addresses, provider information, diagnoses, billing information, health insurance information, medical record numbers, patient IDs, and other medical or treatment information.

• Approximately 2.3 million people were affected by this breach. Shields’ business model, which involves partnerships with hospitals and medical centers, meant the breach had far-reaching consequences, impacting 56 facilities and their patients.

Upon discovering the breach, the healthcare provider took immediate steps to contain the incident. They initiated a thorough investigation with the help of third-party forensic specialists. They secured their systems, including rebuilding certain systems, to prevent further unauthorized access.

Shields has continued reviewing the potentially impacted information and notifying individuals and regulators. Additionally, they have committed to enhancing their data security measures and protections.

May 2023

MOVEit data breach

MOVEit Transfer software, a file transfer tool developed by Progress Software, transfers large amounts of often-sensitive data over the internet. It’s employed by organizations worldwide to manage file transfers, including pension information, social security numbers, medical records, and billing data. The MOVEit data breach of May 2023 was a significant cybersecurity incident.

• The breach involved a zero-day vulnerability in MOVEit Transfer. This critical-rated vulnerability allowed attackers, particularly the “cl0p”, a ransomware and extortion gang, to raid MOVEit Transfer servers and steal customers’ sensitive data stored within​.

• The attackers, identified as the group “cl0p”, exploited the MOVEit software vulnerability starting around May 27, 2023. Progress Software became aware of the compromise in the computer systems the next day after a customer noticed strange activity.

• As of August 2023, over 1,000 victim organizations and more than 60 million individuals were impacted by this high-profile data breach.

• Victims ranged from New York public school students to Louisiana drivers to California retirees, indicating the vast variety of data compromised​​. Other significant victims included the French government’s unemployment agency, Pôle emploi, multiple federal agencies, and U.S. state departments.

• Approximately one-third of hosts running vulnerable MOVEit servers belonged to financial service-related organizations, with significant percentages in the healthcare, IT, government, and military sectors.

• The estimated total cost of the MOVEit mass-attacks so far is about $9.9 billion, based on the average cost of data breaches and the number of individuals affected. This figure could potentially scale to at least $65 billion.

Progress Software acknowledged the cyber-attack and focused on supporting its customers. They issued a patch to fix the vulnerability and alerted users to the issue​​.

Not all organizations could deploy the patch in time, resulting in varying levels of data compromise​. The breach is notable for its scale and the variety of victims affected, demonstrating how a flaw in a single piece of software can trigger a global privacy disaster​.

June 2023

JumpCloud data breach

JumpCloud, an identity and access management firm, experienced a data breach incident in June 2023. The company offers a directory platform that enables enterprises to authenticate, authorize, and manage users and devices.

• The breach was the result of a sophisticated nation-state actor’s intrusion. The attackers gained access to JumpCloud’s systems to target a small and specific set of customer accounts. The attack vector was a data injection into the commands framework, and it was highly targeted.

• The exact number of affected customers and the types of organizations targeted have not been disclosed. However, JumpCloud provides its software to more than 180,000 organizations and counts over 5,000 paying customers, indicating a potentially large impact.

• The initial attack was traced back to a spear-phishing campaign initiated on June 22, 2023. The adversaries leveraged domains such as nomadpkg[.]com and nomadpkgs[.]com, likely related to a Go-based workload orchestrator used to deploy and manage containers.

• The extent of the damage and the specific details about the customers impacted have not been fully disclosed, but the breach highlights the importance of robust cybersecurity measures against sophisticated and persistent nation-state actors​

JumpCloud reset customers’ API keys as a precaution. The company took security steps to shield its network, rotating credentials and rebuilding systems. After detecting unusual activity, JumpCloud forced the rotation of all admin API keys and started notifying affected customers​​​​.

The company has published a list of indicators of compromise (IoCs) to help other organizations identify similar attacks and is enhancing its own security measures​

July 2023

Indonesian Immigration Directorate General data breach

The Indonesian Immigration Directorate General is responsible for managing immigration-related matters in Indonesia, including issuing and managing passports. In July of 2023, the institution fell victim to a major data breach.

• The data breach involved the unauthorized access and leakage of passport data of more than 34 million Indonesian citizens. The leaked data included the full names, passport numbers, expiry dates, dates of birth, and genders of the passport holders​.

• The breached data of 34.9 million Indonesian passport holders was offered for sale for $10,000. A sample of the stolen data was also made available on a hacker platform, showcasing passport data from 2009 to 2020. The data is considered valid based on the given sample.

• The leaked data potentially included National Identity Community Identity Card (NIKIM) information, a digital identity used to secure electronic passports containing personal data such as names, addresses, and identity numbers​.

• The specifics of how the breach was achieved were not detailed in the available sources. However, the data was reportedly leaked and sold on the bjork.ai website, indicating that it may have been a sophisticated cyber attack or hacking incident​.

• The ministry noted differences in the data structure between the breached data and the data in the national data center, indicating ongoing investigations to understand the extent and nature of the breach​.

The available sources did not fully detail the outcome of the investigation and the broader impact of the breach. However, the breach underscores the importance of robust cybersecurity measures for government databases, particularly those containing sensitive personal information like passport details.

August 2023

UK Electoral Commission data breach

The Electoral Commission, an independent body overseeing elections and regulating political finance in the UK, fell victim to hostile actors in August 2023. This complex cyber-attack involved unauthorized access to internal emails, control systems, and copies of electoral registers, which contain voter data.

• A malicious actor gained access to the Electoral Commission’s systems in August 2021, but the breach was only identified in October 2022 after suspicious activity was detected.

• The accessed registers held the names and addresses of UK voters registered between 2014 and 2022, including those registered as overseas voters. Notably, the details of anonymous voters were not included in these registers.

• Predicting the exact number of people impacted is challenging, but it’s estimated that the register for each year includes details of about 40 million individuals.

• While the full extent of the damage is not conclusively known, the Electoral Commission acknowledged that they could not determine exactly what files may have been accessed.

• The attack is considered to be sophisticated, with hostile actors attempting to use software to evade the systems.

• In response to the breach, the Electoral Commission collaborated with the National Cyber Security Centre (NCSC), law enforcement officials, and external experts to investigate and secure its systems. Subsequently, they have made improvements to the security of their IT systems.

The outcome of this breach reiterates the vulnerability of democratic institutions to cyber threats. It emphasizes the importance of robust cybersecurity measures, especially for bodies involved in the electoral process.

September 2023

T-Mobile data breach

In September 2023, T-Mobile, one of the largest mobile carriers in the United States, experienced a significant data breach. This incident is part of a series of security lapses that have affected the company in recent years.

The breach in September 2023 involved two separate security incidents:

• Employee data exposure: on September 21, 2023, 89 gigabytes of data primarily related to T-Mobile employees, including email addresses and partial Social Security Numbers, were posted on a hacker forum.

• This data was tied to an earlier breach in April of Connectivity Source, a T-Mobile retailer. T-Mobile itself denied being directly hacked as part of this incident, indicating the breach occurred at a third-party service provider. The exposed employee confidential data could pose risks of identity theft or fraud.

• Customer data exposure: the second data breach occurred later in September when a system error in the T-Mobile app exposed customer payment data of fewer than 100 customers. Users of the app inadvertently accessed other customers’ personal information, including phone numbers and billing addresses. T-Mobile attributed this to a glitch related to a technology update.

• The glitch in the T-Mobile app exposed the personal information of several customers, including names, phone numbers, physical addresses, account balances, and partial credit card details.

• Though the company initially claimed the breach affected fewer than 100 individuals, later reports suggested the personal information of millions could have been exposed. However, the company has not released the exact number of T-Mobile customers affected.

The September 2023 T-Mobile data breach underscores the ongoing cybersecurity challenges faced by large corporations, especially in sectors handling vast amounts of personal data. This incident, stemming from a system glitch rather than a direct hack, reveals the multifaceted nature of data security threats. It also emphasizes the importance of robust and continuously updated security measures to protect against both external attacks and internal vulnerabilities.

October 2023

23andMe data breach

The 23andMe is a genetics testing company that offers DNA testing services to help users learn more about their ancestry. Users can discover their ethnic backgrounds and connect with relatives through shared DNA. A data breach in October 2023 was a significant event, revealing vulnerabilities in the protection of sensitive genetic and personal information.

• The breach involved unauthorized access to the “DNA Relatives” feature of 23andMe, where users can share personal data, including ancestry reports and matching DNA segments, with other users globally.

• The breach exposed personal information, including display names, birth years, sex, and details about genetic ancestry results. Initially, data of one million users of Ashkenazi Jewish descent and another 100,000 users of Chinese descent were claimed to be stolen. This later expanded to include records of four million more general accounts. However, genetic data itself was not included in the breach.

• Bad actors likely used a technique called ‘credential stuffing attack,’ where actors tried combinations of usernames and passwords from previous data breaches on other websites, hoping people had reused passwords.

• 23andMe responded by requiring all customers to utilize email two-step verification (2SV), temporarily disabling some features within the DNA Relatives tool for added security, and advising users to change their login information and enable multi-factor authentication.

The company launched an investigation with third-party forensic experts. 23andMe also emphasized its commitment to security, highlighting its ISO certifications and continuous monitoring and auditing of the company’s systems. They assured us they would notify customers directly if their data were accessed without authorization.

November 2023

Idaho National Laboratory (INL) data breach

The Idaho National Laboratory (INL), a key component of the U.S. Department of Energy, suffered one of the most recent data breaches in November 2023. As part of the U.S. Department of Energy, INL is one of the country’s premier advanced nuclear energy testing labs. Its work includes research and development in nuclear and non-nuclear energy sources, national security, and related fields​.

• The breach involved the compromise of INL’s Oracle Human Capital Management servers, which are used for human resources applications. It was executed by the SiegedSec hacking group. The attackers managed to access “hundreds of thousands of user, employee, and citizen data.”

• The leaked data included sensitive personal information like Social Security numbers, bank account and routing numbers, health care details, marital status, and account types. This data related to current, former, and retired employees of the laboratory.

• The attackers targeted a federally approved third-party vendor system outside INL that supports the lab’s cloud-based human resources services.

• INL took swift action to bolster employee data protection following the breach. They also communicated with federal law enforcement agencies, including the FBI and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, to investigate the breach’s impact​.

The investigation into the breach is ongoing. INL is working with federal law enforcement to fully grasp the extent of the impacted data and implement measures to prevent similar security incidents.

December 2023

Soon to be updated.

What to expect in 2024?

The latest data breaches served as stark reminders of cyber threats’ dynamic and relentless nature for gaining access to sensitive data. They reinforced the necessity for businesses and organizations across all sectors to prioritize and continuously update their cybersecurity measures, ensuring their data protection and stakeholders’ trust.

To prevent a potential data leak or breach, think two steps ahead and implement a robust cybersecurity strategy to protect sensitive data and avoid reputational and financial consequences that follow the breach.

Comprehensive network access security solutions like NordLayer provide organizations with the best in the industry-based security frameworks and models known as Security Service Edge (SSE) and Zero Trust Network Access (ZTNA). Choose simple and effective security by design and protect your network and teams in all ways of working.