The Thales Data Threat Report

                                                                     The Thales Data Threat Report

Blog Credit: Trupti Thakur

Image Courtesy: Google

About the 2023 Thales Global Data Threat Report

The 2023 Thales Global Data Threat Report was based on a global 451 Research survey commissioned by Thales of almost 3000 executives with responsibility for or influence over IT and data security. Respondents were from 18 countries: Australia, Brazil, Canada, France, Germany, Hong Kong, India, Italy, Japan, Mexico, Netherlands, New Zealand, Singapore, South Korea, Sweden, the United Arab Emirates, the United Kingdom, and the United States. Organizations represented a range of industries, with a primary emphasis on healthcare, financial services, retail, technology, and the federal government. Job titles ranged from C-level executives including CEO, CFO, Chief Data Officer, CISO, Chief Data Scientist, and Chief Risk Officer, to SVP/VP, IT Administrator, Security Analyst, Security Engineer, and Systems Administrator. Respondents represented a broad range of organizational sizes, with the majority ranging from 500 to 10,000 employees. The survey was conducted in November and December 2022.

Ransomware Attacks on the Rise

The report finds that ransomware attacks have seen a significant increase in India and worldwide. In India, more than half (52%) of IT professionals reported a surge in ransomware attacks in the past 12 months. This is higher than the global figure of 48 percent. This highlights the growing threat of ransomware attacks and the need for businesses to be prepared to mitigate such risks.

Main Targets for Cyber-Attacks

The report identifies cloud assets and Internet of Things (IoT) devices as the primary targets for cyber-attacks. In India, 53% of respondents claimed that their IoT devices were the top targets, followed by cloud-based storage (41%) and cloud-delivered applications (SaaS) (40%). This indicates that businesses need to prioritize the security of their cloud assets and IoT devices to protect against cyber-attacks.

Data Loss from Ransomware Attacks Remains a Concern

Data loss from ransomware attacks remains a key concern for enterprises within India. A staggering 82 percent of Indian respondents reported data loss from ransomware attacks, compared to 67 percent globally. This highlights the need for robust backup and recovery strategies to mitigate the impact of ransomware attacks.

• 48% of IT professionals reported an increase in ransomware attacks with 22% of organizations experiencing a ransomware attack in the past 12 months
• 51% of enterprises do not have a formal ransomware plan
• Of those who recently suffered a cloud data breach, 55% of respondents identified human error as the primary cause.

The Thales Data Threat Report 2023 is a comprehensive analysis of cybersecurity trends and threats. It has revealed some concerning findings about ransomware attacks and cloud data breaches in India and globally. The report highlights a significant increase in these attacks, indicating the need for businesses to implement robust security measures to protect their sensitive data.

Thales today announced the release of the 2023 Thales Data Threat Report, its annual report on the latest data security threats, trends, and emerging topics based on a survey of nearly 3000 IT and security professionals in 18 countries. This year’s report found an increase in ransomware attacks and increased risks to sensitive data in the cloud.

Nearly half (47%) of IT professionals surveyed believe that security threats are increasing in volume or severity with 48% reporting an increase in ransomware attacks. More than a third (37%) have experienced a data breach in the past 12 months, including 22% reporting that their organization had been a victim of a ransomware attack.

Respondents identified their cloud assets as the biggest targets for cyber-attacks. Over a quarter (28%) said SaaS apps and cloud-based storage were the biggest targets, followed by cloud-hosted applications (26%) and cloud infrastructure management (25%). The increase in cloud exploitation and attacks is directly due to the increase in workloads moving to the cloud as 75% of respondents said 40% of data stored in the cloud is now classified as sensitive compared to 49% of respondents in 2022.

These are just a few of the key insights from the 2023 Thales Data Threat Report, conducted by 451 Research, which surveyed both private and public sector organizations. It reveals how businesses are responding and planning their data security strategies and practices in light of a changing threat landscape and the progress they are making to address threats.

Human Error and the Impact of Ransomware

Simple human error, misconfiguration, or other mistakes can accidentally lead to breaches – and respondents identified this as the leading cause of cloud data breaches. For those organizations that have suffered a data breach in the past 12 months, misconfiguration or human error was the primary cause identified by 55% of respondents. This was followed by the exploitation of a known vulnerability (21%) and of a zero day / previously unknown vulnerability (13%). The report finds that identity and access management (IAM) is the best defense, with 28% of respondents identifying it as the most effective tool to mitigate these risks.

Meanwhile, the severity of ransomware attacks appears to be declining, with 35% of 2023 respondents reporting that ransomware had a significant impact compared to 44% of respondents reporting similar levels of impact in 2022. Spend is moving in the right direction too, with 61% reporting they would shift or add a budget for ransomware tools to prevent future attacks – up from 57% in 2022 – yet organizational responses to ransomware remain inconsistent. Only 49% of enterprises reported having a formal response ransomware plan, while 67% still report data loss from ransomware attacks.

Human error, misconfiguration, and other mistakes are found to be major causes of cloud data breaches. In India, 52% of respondents who suffered a data breach in the past 12 months cited human error as the main cause. Proper training, processes, and access management can prevent human error-related data breaches.

Addressing the Challenges of digital sovereignty

Digital sovereignty is becoming more top of mind for data privacy and security teams. Overall, the report found that data sovereignty remains both a short- and long-term challenge for enterprises. 83% expressed concerns over data sovereignty, and 55% agreed that data privacy and compliance in the cloud have become more difficult, likely due to the emergence of requirements around digital sovereignty.

Emerging threats from quantum computers that could attack classical encryption schemes are also a cause for concern for organizations. The report found that Harvest Now, Decrypt Later (“HNDL”), and future network decryption were the greatest security concerns from quantum computing – with 62% and 55% reporting concerns respectively. While Post Quantum Cryptography (PQC) has emerged as a discipline to counter these threats, the report found that 62% of organizations have five or more key management systems, presenting a challenge for PQC and crypto agility.

About Thales

Thales (Euronext Paris: HO) is a global leader in advanced technologies within three domains: Defence & Security, Aeronautics & Space, and Digital Identity & Security. It develops products and solutions that help make the world safer, greener, and more inclusive.

The Group invests close to €4 billion a year in Research & Development, particularly in key areas such as quantum technologies, Edge computing, 6G, and cybersecurity.

Thales has 77,000 employees in 68 countries. In 2022, the Group generated sales of €17.6 billion.

 

Blog By: Trupti Thakur