Top 10 data security risks faced by businesses in 2023

Protecting data has become increasingly challenging
With data breaches, leaks and hacks ing the news each week, Cyber Magazine looks at 10 of the top data security risks organisations are facing in 2023

In today’s digital age, data is the lifeblood of an organisation. However, many organisational stakeholders remain unaware of how to properly protect their company’s valuable data - which leaves the door ajar for cyber attackers. 

Data security is the process of protecting corporate data and preventing data loss through unauthorised access. This includes protecting your data from attacks that can encrypt or destroy data, such as ransomware, as well as attacks that can modify or corrupt your data.

We look at 10 of the top data security risks currently faced by businesses.

10: Identity sprawl

The volume and variety of data generated and exchanged by businesses continues to grow exponentially, making it harder to track, classify, and secure sensitive content. Last year a report by Radiant Logic found that an alarming 67% of respondents know they have identity sprawl, but don’t know how to fully address it. Identity sprawl also increases the risk of accidental exposure, loss, or theft of private data due to human error, mismanagement, or negligence.

9: Data privacy

Youtube Placeholder

Businesses face increasing pressure from governments and regulators to comply with various data protection and privacy laws that govern how they collect, store, use, and share personal data. As Chris Waynforth, AVP Northern Europe at Imperva warns, the smallest slice of personal data can pose a serious threat to personal privacy if it ends up in the wrong hands.

An analysis of the 100 biggest breaches by Imperva Research Labs found that 76% of the data stolen was personally identifiable information (PII). “Until recently, many people simply trusted that organisations were securely protecting their data,” Waynforth explains. “However, high-profile data breaches are wearing down this trust.”

8: Crime-as-a-Service

According to Help Net Security, Crime-as-a-Service (CaaS) is the practice of experienced cybercriminals selling access to the tools and knowledge needed to execute cybercrime. CaaS enables cybercriminals to outsource various aspects of their operations, such as malware development, ransomware distribution, botnet rental, or data theft. The cost of global cybercrime has been estimated by Statista to reach US$10.5tn by 2025.

7: Securing the cloud

As more businesses migrate their workloads and data to the cloud, they also face new challenges in securing their cloud environments. 

Cloud data security refers to the technologies, policies, services and security controls that protect any type of data in the cloud from loss, leakage or misuse through breaches, exfiltration and unauthorised access. According to Crowdstrike, a robust cloud data security strategy should include:

  • Ensuring the security and privacy of data across networks as well as within applications, containers, workloads and other cloud environments
  • Controlling data access for all users, devices and software
  • Providing complete visibility into all data on the network

6: Multi-vector cyber attacks

Cyberattacks are becoming more complex and coordinated, using different methods and channels to compromise systems and data. For example, attackers may combine ransomware with distributed denial-of-service (DDoS) attacks or data exfiltration to increase their leverage. “Multi-vector cyber attacks are still a relatively new occurrence, only emerging for the first time in 2017,” explains a post by Securiwiser. “However in the time since then, they have become increasingly common in the digital threat landscape.”

5: Smart devices as a hacking target

Youtube Placeholder

As more devices become connected to the internet, they also become vulnerable to cyberattacks. With 75.4 billion IoT devices predicted to be installed worldwide by 2025 according to Statista, these devices are predicted to increasingly become a cyber attack target throughout 2023. Hackers can exploit weak security measures or unpatched software to gain access to sensitive data or disrupt operations.

4: Phishing and social engineering

Phishing attacks are still some of the most common and effective ways of tricking users into revealing their credentials, clicking on malicious links or attachments, or transferring money to fraudsters. According to the UK Government’s Cyber Security Breaches Survey 2022 report, of the 39% of UK businesses who identified an attack, the most common threat vector was phishing attempts (83%).

3: Third-party access

Youtube Placeholder

Businesses often rely on external partners, vendors, contractors, or customers to access their systems and data. However, this also creates potential entry points for hackers who can exploit weak security controls or compromised credentials of third parties.

According to a post-pandemic workforce trends report, over 50% of businesses were more willing to hire freelancers as a result of the shift to remote work caused by COVID-19. The cybersecurity firm CyberArk reported that 96% of organisations grant these external parties access to critical systems, providing a potentially unprotected access route to their data for hackers to exploit.

2: Cyberattacks by nation states

Youtube Placeholder

State-sponsored actors pose a serious threat to businesses that operate in critical sectors such as energy, healthcare, finance, or defence. These actors have advanced capabilities and resources to launch sophisticated cyber espionage campaigns that aim to steal intellectual property, disrupt infrastructure, or influence political outcomes.

"Clandestine cyberwarfare is rapidly becoming a thing of the past,” Nadir Izrael, CTO and Co-founder of Armis told us recently. “We now see brazen cyberattacks by nation-states, often with the intent to gather intelligence, disrupt operations, or outright destroy data.

“Based on these trends, all organisations should consider themselves possible targets for cyberwarfare attacks and secure their assets accordingly.”

1: Lack of cybersecurity knowledge

Youtube Placeholder

Despite increased awareness and investment in cybersecurity solutions, many businesses still lack the skills and expertise to effectively manage their security posture.

Companies tend to invest most of their time and finances into the right cybersecurity infrastructure and tools, often overlooking the importance of training all teammates on how they can protect themselves and the company from security threats. The move to remote work in response to the COVID-19 pandemic increased the workloads for skilled IT professionals, and combined with the rising rate of ransomware attacks, many security pros are suffering from burnout.


Featured Lists

Top 10 CISOs in APAC

Cyber Magazine considers some of the leading CISOs across APAC who are committed to ensuring their respective companies have robust security strategies

Top 10 CISOs in North America

Cyber Magazine considers some of the leading Chief Information Security Officers (CISOs) who are committed to protecting sensitive business data

Top 10 CISOs in EMEA

We consider some of the leading CISOs within the EMEA region who are committed to developing and implementing security policies to protect critical data

Top 10 cyber unicorns

Application Security

Top 10 cyber consultants

Network Security

Top 10 cyber insurance companies

Operational Security