A new survey from Thales, one of the world’s leading advanced technology and Eval partner, reveals that malware, ransomware, and phishing continue to plague companies globally when it comes to data protection and privacy. And that few have an anti-Ransomware plan.
One in five businesses (21%) suffered a ransomware attack last year, with 43% of them experiencing a significant impact on operations. The severity, frequency and impact of ransomware attacks impact the life cycle of organizations.
2022 Thales Data Threat Report
conducted by 451 Research, including more than 2,700 IT decision-makers worldwide, found that less than half of respondents (48%) have implemented an anti-Ransomware plan.
In addition, a fifth (22%) of organizations admitted that they have paid or would pay a ransom for their data.
Even against this backdrop, 41% of respondents said they had no plans to change security spending, even with greater ransomware impacts.
Healthcare was the most prepared at 57% with an anti-Ransomware plan, and energy was the least at 44%, despite both sectors experiencing significant breaches in the last twelve months.
Anti-Ransomware Plans: The Cloud Has Increased Complexity and Risk of Attack
The accelerated move to the cloud is also causing more complexity and risk. According to the report, 34% of organizations are using more than 50 SaaS applications.
However, 51% of respondents said it was more complex to manage privacy and data protection requirements, such as LGPD (General Data Protection Act), in a cloud environment than on-premises networks, up from 46% last year.
Only 22% of respondents said they have more than 60% of their sensitive data encrypted in the cloud.
Threats and compliance challenges from ransomware attacks
Throughout 2021, security incidents remained high, with nearly one-third (29%) of companies experiencing a breach in the past 12 months. In addition, almost half (43%) of IT leaders admitted to having failed a compliance audit.
Globally, IT leaders ranked malware (56%), ransomware (53%), and phishing (40%) as the top source of security attacks.
Managing these risks is an ongoing challenge, with nearly half (45%) of IT leaders reporting an increase in the volume, severity, and/or scope of cyber attacks in the past 12 months. This makes anti-Ransomware initiatives more difficult.
Ransomware: Paying the High Price for the Attack
Cybersecurity Ventures expects global cybercrime costs to grow 15% annually over the next five years, reaching $10.5 trillion per year by 2025, up from $3 trillion in 2015.
This represents the largest economic wealth transfer in history, risks the incentives for innovation and investment.
The risk is exponentially greater than the damage caused by natural disasters in a year, and will be more profitable than the global trade in all the major illegal drugs combined.
The damage cost estimate is based on historical cybercrime figures, including recent year-over-year growth.
This means a dramatic increase in the activities of organized crime gangs and hostile nation-state sponsored cybercriminals and a cyber attack surface that will be an order of magnitude larger in 2025 than it is today.
The costs of cybercrime include:
- Damage and data destruction;
- Stolen money;
- Loss of productivity;
- Theft of intellectual property;
- Theft of personal and financial information;
- Miscellaneous fraud;
- Post attack interruption;
- Forensic investigation;
- Restore and delete hacked data;
- Reputational damage.
Anti-Ransomware and malware defense should be deep and cover separate approaches, including antivirus, phishing recognition, and data encryption.
In practice, the best protection against these attacks is preparedness, frequent cyber security crisis simulation exercises, and a strong awareness campaign for your users.
This is when investing in anti-Ransomware solutions makes the difference
CipherTrust Data Security Platform implements the right anti-ransomware strategy
According to IDC, more than 175 zetabytes of data will be created by 2025, and today more than half of all corporate data is stored in the cloud.
To handle the complexity of where data is stored, CipherTrust Data Security Platform provides strong capabilities to protect and control access to sensitive data in databases, files, and containers. Specific technologies include:
CipherTrust Transparent Encryption
Encrypt data in on-premises, cloud, database, file, and Big Data environments with comprehensive access controls and detailed data access audit logging that can prevent the most malicious attacks.
CipherTrust Database Protection
It provides transparent column-level encryption of structured and confidential data that resides in databases such as credit card, social security numbers, national identification numbers, passwords, and e-mail addresses.
CipherTrust Application Data Protection
It offers APIs for developers to quickly add encryption and other cryptographic functions to their applications, while SecOps controls the encryption keys.
It offers application-level data tokenization services in two convenient solutions that provide customer flexibility – Token without Vault with dynamic policy-based data masking and Tokenization in Vault.
CipherTrust Batch Data Transformation
Provides static data masking services to remove sensitive information from production databases so that compliance and security issues are alleviated when sharing a database with a third party for analysis, testing, or other processing. Critical for companies looking for anti-Ransomware strategies.
It centralizes keys, management policies, and data access for all CipherTrust Data Security Platform products and is available in FIPS 140-2 Level 3 compliant physical and virtual formats.
CipherTrust Cloud Key Manager
It offers its own key lifecycle management (BYOK) for many cloud infrastructure, platform, and software-as-a-service providers.
CipherTrust KMIP Server
It centralizes key management for the Key Management Interoperability Protocol (KMIP) commonly used in storage solutions.
CipherTrust TDE Key Manager
Centralizes key management for encryption found in Oracle, SQL and Always Encrypted SQL.
Regarding anti-Ransomware initiatives, the portfolio of data protection products that make up the CipherTrust Data Security Platform solution enables companies to protect data at rest and in motion across the entire IT ecosystem and ensures that the keys to this information are always protected and only under your control.
It simplifies data security, improves operational efficiency, and accelerates compliance time. Regardless of where your data resides.
The CipherTrust platform ensures that your data is secure, with a wide range of proven, industry-leading products and solutions for deployment in data centers, either those managed by cloud service providers (CSPs) or managed service providers (MSPs), or as a cloud-based service managed by Thales, a leading security company.
Portfolio of tools that ensures protection against cybercriminals
With data protection products from the CipherTrust Data Security Platform, your company can regarding anti-Ransomware investments:
Strengthen security and compliance
CipherTrust data protection products and solutions address the demands of a range of security and privacy requirements, including electronic identification, authentication and trust, Payment Card Industry Data Security Standard (PCI DSS), General Data Protection Act (LGPD), and other compliance requirements.
Optimizes staff and resource efficiency in data protection and privacy
CipherTrust Data Security Platform offers the broadest support for data security use cases in the industry, with products designed to work together, a single line for global support, a proven track record of protecting against evolving threats, and the industry’s largest ecosystem of data security partnerships.
With a focus on ease of use, APIs for automation, and responsive management, the CipherTrust Data Security Platform solution ensures that your teams can quickly deploy, secure, and monitor the protection of your business.
In addition, professional services and partners are available for design, implementation, and training assistance to ensure fast and reliable implementations with minimal staff time.
Reduces total cost of ownership
CipherTrust Data Security Platform’s data protection portfolio offers a broad set of data security products and solutions that can be easily scaled, expanded for new use cases, and have a proven track record of protecting new and traditional technologies.
With CipherTrust Data Security Platform, companies can prepare their investments for the future while reducing operating costs and capital expenditures.
Eval has been developing projects in the financial, health, education, and industry segments for over 18 years. Since 2004, we have offered solutions for Authentication, Electronic and Digital Signature, and Data Protection. Currently, we are present in the main Brazilian banks, health institutions, schools and universities, and different industries.
With market recognized value, Eval’s solutions and services meet the highest regulatory standards for public and private organizations, such as SBIS, ITI, PCI DSS, and LGPD. In practice, we promote information security and compliance, increase companies’ operational efficiency, and reduce costs.
Innovate now, lead always: get to know Eval’s solutions and services and take your company to the next level.
Eval, safety is value.