SECURITY
SECURITY
SECURITY
Report finds more than a fifth of S&P 500 firms hit by data breaches in 2023
A new report out today from security ratings firm SecurityScorecard Inc. today on security at S&P 500 companies finds that 21% experienced a data breach in 2023, as new regulations heighten the urgency of cybersecurity.
The targeting of S&P 500 companies is said to be due to attackers chasing money, with ransomware operators viewing top companies as particularly valuable targets thanks to their market value and demand accordingly high ransoms. Attackers know that bigger targets are typically capable of paying high ransoms.
Of the S&P 500 companies that experienced a breach in 2023, 25% were financial services and insurance companies. Although the report notes that financial institutions have some of the most robust security programs given the substantial money and assets they handle, the interconnected nature of the financial sector means that compromising one institution or commonly used product can lead to broader impacts across the entire industry.
Among the companies breached, 52% of attacks involved companies that exposed personal information. Attackers are particularly focused on gaining access to employee information to facilitate social engineering attacks, with skilled threat actors able to combine various sources to tailor their social engineering attacks for maximum impact or to impersonate employees.
Perhaps not surprisingly, given the level of data exposure and attacks, the average social engineering risk grade for the S&P 500 was found to be a “F.” The report explains that social engineering poses a significant risk to many companies, even those with otherwise healthy risk profiles and strong security posture and that many threat actors use social engineering attack vectors because they enable attackers to circumvent technical security solutions by manipulating human users.
Other findings in the report include that ransomware demands from S&P 500 victims are now often in the eight-figure range, with ransomware operators basing their ransom demands on the company’s size in terms of the number of employees and market cap.
The report also warns that attackers are going through a company’s vendors and partners if they can’t access them directly. SecurityScorecard research has found that 98% of companies have a relationship with a third party that has been breached.
The findings come following the introduction of cybersecurity disclosure requirements mandated by the U.S. Securities and Exchange Commission in December. Companies are now required to disclose cybersecurity incidents, with some exceptions, within four days of their occurring.
Image: SecurityScorecard
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
