Many organizations paid ransoms despite having made investments in prevention, detection, and backup solutions

Published: Tuesday, 05 July 2022 08:34

Titaniam’s new ‘State of Data Exfiltration & Extortion Report’ finds that while over 70 percent of organizations have an existing set of prevention, detection, and backup solutions, nearly 40 percent of organizations have been hit with ransomware attacks in the last year. The report says that this shows that ‘existing solutions are woefully inadequate in managing the risks and impacts from these attacks’.

According to Titaniam we are seeing the emergence of a new trend where cybercriminals are no longer limiting themselves to just encrypting entire systems — they are making sure to steal data ahead of the encryption so that they can have additional leverage on the victim.

The survey found that 65 percent of those who have experienced a ransomware attack have also experienced data theft or exfiltration due to the incident. Of those victims, 60 percent say the hackers used the data theft to extort them further, known as double extortion. Most of them, i.e., 59 percent of victims, paid the hackers, implying that they were not helped by their backup or data security tools to prevent this fate.

Data is being exposed for theft and extortion in other ways too. Nearly half (47 percent) uncovered publicly exposed data in their systems in the last 24 months. It was found that respondents have a mix of data security & protection (78 percent), prevention & detection (75 percent), and backup and recovery (73 percent) in their cyber security stacks. Still, exposure and extortion numbers imply a missing puzzle piece regarding attacks, says the report.

Interestingly, observing peers being attacked (33 percent), management’s request (29 percent), and compliance (24 percent) are mostly driving budget decisions, while just 10 percent say it’s learning from their own attacks. 90 percent agree or somewhat agree that they have a sufficient budget for data security tools. 59 percent claim data security has the highest security spend. Yet, in the face of these attacks and data exposures, nearly all (99+ percent) respondents would be interested in data security solutions that protect sensitive data at all times, including while active and in use.

Promisingly, the survey revealed organizations have enough budget to improve which solutions security and data teams are using. This indicates that boards and executives appear to recognize the importance of cybersecurity to business success.

Survey details

The report survey was conducted by CensusWide, polling 100 IT security professionals.

More details.