January sees huge spike in cyberattacks

IT Governance research shows a 779% increase in attacks compared to December 2022

Posted 2 February 2023 by Christine Horton

January saw a massive surge in cybersecurity incidents. In its monthly analysis of the latest data breaches and cyberattacks across the world, IT Governance identified 104 publicly disclosed security incidents in January – which accounted for 277,618,767 compromised records. This is a 779% increase compared to December 2022.

This accounts for more breached records than found in any calendar month in 2022, and it’s among one of the highest incident numbers IT Governance said it has ever recorded.

Alan Calder, founder and chairman of IT Governance, said the huge spike in data breaches should serve as a reminder to businesses to review their cybersecurity plans immediately.

“It may be a New Year – but cybercrime is here to stay, and it’s only going to become more costly and difficult to effectively manage if organisations put off their New Year’s resolution to get their cyber security processes reviewed and strengthened now,” he said.

The numerous high-profile data breaches and cyberattacks in January ranged from supply chain hacks to ransomware. IT Governance said organisations need to implement a strong, multi-layered defence in depth security strategy, that covers the whole spectrum of potential threats.

“Organisations must focus their efforts on the five elements of a strong cyber defence in depth strategy: detection, protection, management, response and recovery,” it said.

Managing cybersecurity risks

Regular vulnerability scanning is a critical component of a risk-based approach to security as it detects and identifies security vulnerabilities in computers, internal and external networks, and communications equipment. 

Certification to basic security schemes such as Cyber Essentials helps protect organisations from the most common cyber threats and demonstrate their commitment to cybersecurity. Training and professional certification helps ensure you have the skilled staff you need to implement and maintain your security measures.

For many organisations, managing cybersecurity risks requires a more intensive approach than simply implementing basic protections. Cybersecurity is an ongoing process, requiring continual evaluation, maintenance and revision. ISO 27001 – the international standard for an ISMS, encompasses people, processes and technology and includes measures such as embedding risk-based security controls into corporate processes, managing the security of supply chains and carrying out regular audits to ensure security controls remain up to date.

“The security measures you have implemented should minimise the impact of a successful attack, but how you respond is critical to limiting disruption and costs. This is especially important when it comes to breaches of personal data, which must be reported to the data protection authorities within 72 hours of being discovered under the GDPR and DPA 2018,” said the firm.

“Ultimately, the focus for organisations should be on ensuring the necessary safeguards are in place – continuously testing for any gaps in your frontline of defence will set your business up well for 2023.”