Cybersecurity startup Titaniam studied ransomware attacks faced by organizations across the United States. The State of Data Exfiltration & Extortion Report indicates that outmoded technology cannot keep up with the constantly changing ransomware techniques.
Threat actors aiming to breach security measures like data backups are succeeding with the double extortion technique used during ransomware attacks. About 60% of organizations that experienced data theft due to a ransomware attack consented to pay the demanded ransom to recover their data and systems and prevent the release of their stolen data.
Consequently, 59% of those who were the targets of a ransomware attack paid the ransom. Titaniam’s findings reiterate that data backups can help only to ensure business continuity when faced with ransomware attacks but prove ineffective under newer techniques, tactics, and procedures.
Double extortion was pioneered by the Maze ransomware gang in 2019 but is now hugely popular among ransomware gangs and has become a mainstay of most such attacks. According to Titaniam’s reportOpens a new window , 65% of those who have experienced a ransomware attack have also experienced data theft or exfiltration due to the incident.
Moreover, data exfiltration during ransomware attacks for double extortion has shot up by 106% from five years ago. In total, 40% of organizations suffered a ransomware attack last year, while 70% over the previous five years. This is despite 70% of organizations having prevention, detection, and backup solutions.
Besides backup and recovery, and prevention & detection, organizations also rely on data masking (54%), encryption at rest (49%), encryption in transit (49%), and tokenization (25%) to keep ransomware attacks at bay. But that’s not enough.
Arti Raman, CEO and founder of Titaniam, said, “It is unfortunate that organizations continue to believe that investing in detection, backup, and recovery solutions constitutes the complete solution to ransomware. These organizations overlook data security, which, when not implemented adequately, becomes the ultimate reason attackers gain excessive leverage and win—the results of this survey highlight this enormous gap in current cybersecurity solutions.â€
90% think that their organizations have a sufficient budget for data security tools, while 59% claim data security has the highest allocation of security expenditure.
However, only 10% of respondents said budget decisions are driven by their experience of being attacked. Meanwhile, 33% of budget decisions are based on observing peers being attacked, 29% by management’s request, and 24% by compliance.
Consequently, exfiltration during a ransomware attack isn’t the only threat to data security. In the last 24 months, 47% of respondent organizations discovered publicly exposed data in their systems.
Let us know if you enjoyed reading this news on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!
MORE ON RANSOMWARE