Traditional Data Security Tools Fail at 60% Rate

Written by Titaniam.

Titaniam’s ‘State of Data Exfiltration & Extortion Report’ shows that organizations may be less protected from security threats than they believe. Ransomware is becoming more and more about extortion, and current data loss prevention tactics aren’t measuring up to the challenge. Cybercriminals seeking to breach and steal sensitive information are beginning to skip encryption entirely. Instead, we continue to see this trend of bad actors making claims of stolen data by providing evidentiary screenshots, only to threaten exposure if payment is not received. As this becomes more of the norm, companies find that their current toolsets are no match. Encryption-in-use will be the only effective defense against these tactics.

State of Data Exfiltration & Extortion Report revealed:

• Over 70% of organizations have an existing set of prevention, detection, and backup solutions
• A ransomware attack has impacted nearly 40% of organizations in the last year
• Over 70% have experienced ransomware attacks in the last five years.

Defining Data Exfiltration

Data exfiltration can be defined as when an unauthorized person extracts, then shares, or relocates data from secured systems. This can be the result of cyberattackers exploiting vulnerabilities hidden within systems, malicious intruders stealing and using valid employee credentials, and in some cases, paying employees for their information. Valid credentials often come from company employees authorized to access certain data sets, such as system administrators and trusted users.

Cyberattackers looking to exfiltrate organizational data can often choose between physically accessing a computer with all valid credentials or with some inside help, which can easily infiltrate company networks through an automated process. This form of digital attack can also be difficult to detect and defend against as it’s happening. Because the stolen data is only moving within and then outside of an organization’s network, the activity is often mistaken for routine and normal. Once the data has been successfully exfiltrated, bad actors are free to potentially cause massive damage to a company's reputation, ransom it back for money, or worse.

While many companies choose to employ audits that bring any potential exploits to light, this is not a complete method of data loss prevention.

Furthermore, cyberattackers are not just seeking to exfiltrate sensitive company data. Many data thieves also utilize ransomware to attack and exploit companies in exchange for a set currency.

Understanding Ransomware Attacks

Ransomware attacks involve three distinct stages: infiltration, data exfiltration, and system lockup via encryption. Success on any of these stages results in attackers' wins, as they now have additional leverage to extort the victim.

Stage 1 – Infiltration

Once in, attackers can quietly observe behaviors and plant back doors. These can be sold as information or sold as access to other attackers.

Stage 2 – Data Exfiltration

Could represent the most profitable stage as attackers can use stolen data to extract ransom from victims, their customers, partners, board members, and employees.

Stage 3 – System Lockup

This is the most visible and can also be used to extort victims who do not have proper backup and recovery systems in place.

Developing A Complete Ransomware Defense Strategy For Dataloss Prevention

A complete Ransomware Defense Strategy should include prevention and detection technologies, all three types of encryption, and system lockup. Organizations looking to minimize damages in the event of these attacks should pay attention to strategies that leave attackers little opportunities to leave with valuable data.

While data exfiltration often involves social engineering techniques and a simple countermeasure can just be preventing company personnel from clicking suspicious links, this is more difficult in practice. The warning signs are easy to miss in the middle of a busy day, and human error should always factor into cybersecurity.

In order to defend completely against data exfiltration and ensure data loss prevention, organizations should look to new tools and techniques that inhibit cyberattackers at any and every stage of a cyberattack.

Traditional data security tools no longer serve organizations as capable defensive measures against threat actors seeking to exfiltrate and ransom data. Even audits performed by professionals actively looking to help companies develop better data loss prevention habits and cyber hygiene are not enough.

However, the State of Data Exfiltration & Extortion Report also shows that organizations have the budgets to improve which solutions security and data teams use to combat data exfiltration. This indicates that boards and executives appear to recognize the importance of cybersecurity for business success.