Todd Moore | VP Encryption Products, Thales
As the world is slowly returning to pre-pandemic conditions, the underlying trends that have always driven information security, such as new technologies, greater compliance mandates and more severe security incidents, continue to be significant change agents. The 2022 Thales Data Threat Report, based on data from a survey of almost 2,800 respondents from 17 countries across the globe, illustrates these trends and changes.
Malware and accidental human error are the biggest security threats
Almost half (45%) of respondents reported seeing an increase in the volume, severity and/or scope of cyberattacks in the past 12 months. These perceptions were consistent across all geographies.
When asked about the most frequent types of attacks, 56% of global respondents ranked malware as the leading source of security attacks. Ransomware ranked second (53%) and phishing finished in the top three (40%).
According to global businesses, accidental human error is ranked as the top threat (29%), overall 78% of respondents ranked accidental or human error in their top four threats. 19% of respondents cited attackers with geopolitical goals, such as nation-state affiliated groups, followed by external attackers with financial motivations (17%).
The investigation also asked respondents to identify what they felt were the biggest targets for cyberattacks. Cloud storage (33%), cloud databases (32%) and cloud-delivered hosted applications (28%) were identified as top targets. The continued high ranking of cloud as a target demonstrates a lack of maturity in cloud data security with limited use of encryption, perceived or experienced multi-cloud complexity and the rapid growth of enterprise data.
The quantum computing threat
The risks of quantum computing and the potential to break existing cryptographic algorithms concern global organizations. Although there are no current quantum computing threats that can practically affect any classical encryption scheme, more education on quantum computing, and the on-going proactive initiatives of government, industry and academia, such as the NIST international competition on Post-Quantum Cryptography, have increased the awareness level.
| 2021 Report | 2022 Report |
|---|---|
| 47% of respondents are concerned about security threats of quantum computing | 52% of respondents are concerned with 'tomorrow's decryption of today's data' |
| 58% of respondents are concerned with 'future network decryption' | |
| 15% are not concerned about the quantum computing risks | Only 2% are not concerned about the quantum computing risks |
Awareness of future quantum computing threats is necessary to drive and improve crypto agility strategies. The continued efforts of enterprises to identify, classify and protect sensitive data will prepare them for the eventual need to quickly deploy new encryption algorithms. Organizations should prepare for quantum computing threats today because data protected with today’s encryption algorithms could still be valuable by the time practical quantum decryption becomes available to adversaries.
The ransomware factor
Ransomware’s severity, frequency and impact has altered breach economics. Unlike other data breaches that occur over days and months, ransomware immediately takes data captive and demands immediate action.
21% of all respondents said they had experienced a ransomware attack. Of those attacked, 43% were significantly impacted. Enterprises still prioritize impact based on quantitative and then qualitative ransomware costs. 23% of enterprises surveyed said that financial losses from penalties, fines, and legal expenses are the greatest impact from ransomware. Lost productivity, recovery costs and breach notification impacts were next, while long-term costs such as brand reputation and customer loss were further down the list.
Despite the severity of ransomware attacks, only 48% of the surveyed organizations have a formal ransomware plan in place. This percentage increases to 56% for healthcare companies and drops down to 44% for energy companies. The rapidly changing ransomware landscape, with the proliferation of ransomware-as-a-service leaves no industry untouched. While some industries have reacted faster than others, the inclusion of response actions into generic disaster recovery plans is a possible way to help counter this threat.
Evolving business landscape impacts security posture
Driven by hybrid workforce trends, enterprises are investing heavily into cloud computing solutions and new technology adoption.
| 2021 Report | 2022 Report |
|---|---|
| 16% of respondents use more than 50 SaaS apps | 34% of respondents use more than 50 SaaS apps |
| 16% of respondents use more than 100 SaaS apps |
Despite the opportunities offered by new technology adoption, the attack surface increases and the confidence in established security solutions is diminishing. 79% of respondents indicated they are still ‘somewhat’ or ‘very concerned’ about the evolving security risks, while 40% said they are not confident that their current security systems could effectively secure remote work.
As a response, businesses are gradually making improvements in their security posture. Implementation of security technologies such as encryption and multi-factor authentication (MFA) have slightly increased but most applications and data are not fully protected.
| 2021 Report | 2022 Report |
|---|---|
| 17% of respondents said that more than 50% of their sensitive cloud data is encrypted | 22% of respondents said that more than 60% of their sensitive cloud data is encrypted |
Recommendations
Organizations are reconsidering their security journeys as they recalibrate their expectations for the year ahead. Insights from this year’s research can be useful in identifying how to improve these journeys and ensure better outcomes.
One of the most powerful aspects organizations can focus on is to simplify their operations through automation and orchestration. Doing so can have a twofold impact: not only does it reduce toil but can also reduce risk by minimizing the chance of errors.
There continues to be a need to deploy data security measures such as encryption and MFA more widely. Encryption levels are still below what’s needed for comprehensive protection. Leveraging BYOK and HYOK capabilities to protect data in the cloud or SaaS applications should be some of the most important projects in the year ahead.
As organizations move forward, they’ll need visibility not only across their infrastructure, but throughout their organization. Establishing a common understanding is an important part of effectively setting priorities and executing security projects. When security teams are aligned with the key parts of the business, they can work together to address whatever issues the future holds effectively and efficiently.
Read the full Thales 2022 Global Data Threat Report.