In this insightful episode, cybersecurity experts Mike Crandall and Arun DeSouza join host Patrick Spencer to analyze Kiteworks' Top 11 Data Breaches in 2024 Report. Rather than just focusing on the number of records breached, the report introduces a sophisticated algorithm with seven key factors to score breaches on a scale of 1-10. This method provides a more comprehensive understanding of breach severity by evaluating financial impact, data sensitivity, regulatory compliance implications, ransomware involvement, supply chain impact, and attack vector sophistication. National Public Data topped the list with a score of 8.93, followed by Change Healthcare and Ticketmaster, both scoring 8.7.
A significant finding discussed by the experts is the shift in industry targeting patterns, with financial services overtaking healthcare as the most breached sector. As Arun explains, "Banks have a lot of money... attackers are more likely to get paid," making financial services increasingly attractive targets compared to healthcare organizations that may be less likely to pay ransoms due to regulatory constraints. Mike adds that threat actors constantly adapt their tactics based on which sectors provide the highest return on investment, though healthcare remains highly vulnerable with the Change Healthcare breach creating nationwide disruption.
The conversation emphasizes how credential theft continues to plague organizations despite sophisticated controls. Five of the top 11 breaches resulted from credential compromises, including attacks that bypassed multifactor authentication. Arun highlights that despite years of security awareness training, approximately 25% of incidents remain attributable to human error. He warns of the growing sophistication of social engineering with AI-generated phishing that will soon include voice modulation and deepfakes, making attacks increasingly difficult to detect. Mike recommends leveraging AI defensively to detect anomalous behaviors that humans might miss.
Both experts stress the critical importance of data protection and classification. As Patrick notes, "Zero trust must extend to that data layer." Arun advocates for AI-powered data characterization and governance platforms that can proactively identify sensitive information requiring protection. Mike emphasizes the need for proper data classification, noting that organizations often struggle to differentiate between critical and non-critical data. He recommends data minimization strategies including cold storage for inactive data to reduce the potential attack surface. The experts agree that building enterprise-wide risk awareness requires collaboration across departments rather than treating security as an isolated IT function.
The panel concludes that organizations must prioritize zero-trust architecture implementation, adopt data minimization strategies, and enhance incident response capabilities. Arun frames this as a comprehensive coalition of "people, process, and technology safeguards all working together." Mike adds a sobering perspective for businesses that might not see themselves as targets: "These weren't the 11 hacks of 2024. These were the top hacks... there are literally hundreds of thousands, if not millions more. And that's you." The experts emphasize that breach impact often depends more on data sensitivity than raw numbers, and security resources should be allocated accordingly.
Top 11 Data Breaches in 2024 Report:
https://www.kiteworks.com/top-data-breaches-report/
Arun DeSouza LinkedIn:
https://www.linkedin.com/in/arundesouza/
Mike Crandall LinkedIn:
https://www.linkedin.com/in/crandallmike/
Watch the whole video on Youtube:
