A new report released today by business risk intelligence startup Flashpoint warns that organizations must adapt to a rapidly evolving threat landscape, one marked by significant increases in data breaches, vulnerabilities and ransomware attacks.

The 2024 Global Threat Intelligence Report from Flashpoint, officially EJ2 Communications Inc., is based on data and insights from the dark web, open sources such as public reports and social media, and proprietary technology platforms. It sheds light on cyberthreats, geopolitical turmoil and other risks to help organizations strengthen defenses, ensure operational resilience and proactively confront multifaceted threats.

Leading the list of findings was that data breaches grew 34.5% year-over-year in 2023, with more than 17 billion records compromised. The figures get worse, as the report details a 429% spike in stolen or leaked personal data in the first two months of 2024 from the same period in the previous year.

Not surprisingly, the U.S. represented more than 60% of the global data breach total. Through 2023, Flashpoint observed 3,804 data breaches in the U.S. in 2023, up 19.8% compared to 2022. Flashpoint determined that the MOVEit attack was alone responsible for 19.3% of all reported 2023 data breaches.

Through 2023, ransomware also grew in volume, with documented incidents increasing by 84% versus 2022. The first two months of 2024 have since seen a 23% increase in public ransomware attacks compared to the same period in 2023. LockBit was found to be the most prolific ransomware group of the year, claiming 1,049 victims — more than a fifth of all known ransomware attacks in 2023.

How attackers are getting through the door also had an unsurprising cause: vulnerabilities. The report finds that over 33,137 vulnerabilities were disclosed in 2023, with more than 52% of vulnerabilities rated high-to-critical according to Common Vulnerability Scoring System version 3.

To combat the increasing risks, the report advises that organizations need to anticipate and adapt to the convergence of cyber, physical and geopolitical threats. As attacks increasingly target where geopolitical and commercial interests intersect, organizations should not get caught in their traditional silos of functions and geographies.

Organizations are advised to raise the bar on data actionability. “More data isn’t the solution to staying a step ahead; it’s about the quality, actionability and tailoring of data to an organization’s specific needs,” the report notes.

Artificial intelligence also gets a mention, with the report advising organizations to harness the power of AI and other technologies, but only with a proviso — that it’s in service of human intelligence, not in place of it.

“AI is already delivering powerful capabilities to help organizations distill overwhelming amounts of information about potential threats,” the report explains. “Amid the hype, however, some have lost sight of the central role of human intelligence in marshaling this power. The adversaries documented in this report will be less effective when matched with the combination of human expertise and technology on the other side.”

Image: Flashpoint