September 2023 had 71 cyber incidents, accounting for more than 3.8 billion compromised records. This brings the year’s total to over 4.5 billion. This makes it the worst month for breached data this year, even outperforming January which had a whopping 277.6 million records breached. September saw the biggest data breach of the year by miles, when digital risk protection company DarkBeam exposed an astounding 3.8 billion records.

This compares to 79 million in August, 146 million in July, 14 million in June, 98 million in May, 4.3 million in April, 42 million in March and 29.5 million in February.

Here’s the other top stories you need to read:

Organisations left vulnerable

Cyber attacks went up 38% globally from 2021 to 2022, with an increasing number of businesses admitting that they don’t really understand the risks they may face. Across all UK businesses, there were 2.4 million instances of cybercrime in the last 12 months. Read the full report +

Technology anxiety for businesses

Many business leaders are experiencing anxiety over the use of technology such as AI, with cyber security showing as the biggest concern for senior leadership, according to a survey by Kin + Carta.

Threefold increase of security breaches

UK financial services firms reported a more than a threefold increase in the number of cyber security breaches to the Information Commissioners Office (ICO) in 2023 compared to the previous year. 

Two key ransomware trends to be aware of

Since July 2023, the Federal Bureau of Investigation (FBI) has noticed two key ransomware trends:

• dual ransomware attacks on the same victim, occurring in close proximity of one another.

• new data destruction tactics.

The former sees threat actors releasing a ransomware wave against victims, before following up with a second ransomware attack, using an alternative ransomware to compromise the victims a second time, typically within 48 hours. It is essential therefore that businesses respond comprehensively to attacks.

The latter highlights a growing trend in data removal from compromised system, with threat actors using custom data theft, wiper tools, and malware to pressure victims to negotiate. The ambition is to force victims to pay ransoms, countering the guidance that says ransoms should not be paid.

Ransomware, extortion and the cyber crime ecosystem

This new white paper from the NCSC and the National Crime Agency (NCA) is a fascinating read with many warnings for UK businesses.

Ransomware thrives as cyber security remains lax, according to the report. Multibillion-dollar cybercriminals have developed specialised areas while businesses have been slow to keep pace according to new research. 

Ransomware attack on Greater Manchester Police

More than 20,000 details – including police officers’ names and photos – are “potentially at risk” after a data breach, a senior officer at Greater Manchester Police has said. A firm in Stockport, which makes ID cards was targeted in a ransomware attack last month.

The risks and opportunities of AI

Leading names from national security to computer science will advise the UK government on the risks and opportunities from AI as the Frontier AI Taskforce gathers momentum.