Apple commissioned researchers from the Massachusetts Institute of Technology (MIT) to study the state of personal data breaches and found that the number of data breaches is increasing rapidly. From 2013 to 2022, the number of data breaches tripled, and in the last two years alone, 2.6 billion personal data records have been compromised. The report's findings highlight the need for organizations to rethink the amount of unencrypted data they collect and adopt data protection measures such as end-to-end encryption to address the growing threat to personal data.
In the case of U.S. organizations, data breaches are now at an all-time high, with 20% more data breaches recorded in the U.S. as of September 2023 than in all of 2022, and organizations around the world are facing a similar trend. The impact of these attacks is also growing, as businesses, organizations, and organizations of all types collect more personal data, and cybercriminals can exploit or even make huge profits after stealing this private data.
According to the report, there are two main reasons for the increase in threats to personal information, the first is the increase and danger of ransomware attacks, the number and sophistication of ransomware attacks are not the same as in the past, cybercriminals are more organized, often act in teams, and target organizations with sensitive data, such as **, mass-market genetic testing companies or medical institutions. In the past, cybercriminals would encrypt company data until the company made a payment, but now cybercriminals have a higher chance of leaking business and consumer data.
In addition, researchers have also found an increase in attacks against vendors, with cybercriminals exploiting vulnerabilities to attack organizations that depend on them. In today's highly interconnected situation, almost all organizations are dependent on various vendors and software, which makes cybercriminals only need to exploit vulnerabilities in third-party software or vendor systems to access the data of other organizations. According to the report, a whopping 98% of organizations have done business with a business that has experienced a data breach in the past two years.
While organizations invest resources to protect against cybercriminals, as long as organizations continue to collect large amounts of unencrypted personal data, cybercriminals are constantly looking for new ways to obtain that data, and the risk of personal data being stolen, misused, and exposed persists. Data breaches not only harm personal privacy, but can also have significant real-world consequences for victims, such as financial loss, identity theft, and more.
Ensuring the security of personal data is a very important task for organizations, but even so, in today's world of more sophisticated and innovative cyber offender attacks, a single vulnerability in a business system can put hundreds, if not thousands, of organizations and their users at risk.
Researchers point out that an organization's security depends on its least secure link. In this context, the report recommends that organizations must rethink the amount of data they collect, especially by limiting the amount of data that is not encrypted. That's why more and more tech companies are protecting customer data with end-to-end encryption, which ensures that only the sender and receiver can access and modify the data.