Analyzing the 2023 Thales Data Threat Report [Interview]

The 2023 Thales Global Data Threat Report recently uncovered insights from nearly 3,000 respondents across 18 countries in a world increasingly defined by digital transformation and shadowed by escalating cyber threats.

Spanning a spectrum from senior executives to individual practitioners, it offers a unique window into how enterprises are navigating the intricate balance between security, privacy, and technological advancement.

We sat down with Robert Burns, Chief Product Security Officer at Thales Cloud Protection and Licensing, to unpack the perspectives, challenges, and strategies shaping cybersecurity’s future.

Key Takeaways

Surge in Ransomware Incidents: 48% of IT professionals globally have observed a notable increase in ransomware attacks, highlighting the escalating threat landscape in the digital era.
Underprepared for Ransomware: Despite the rise in ransomware attacks, less than half of the organizations have a formal response plan, underscoring a significant gap in preparedness and response strategies.
Evolving Threat of Double Extortion: The sophistication of ransomware tactics, including double and triple extortion methods, poses new, complex challenges for businesses, demanding more advanced and dynamic defense strategies.
Financial and Operational Impact: The growth of ransomware, particularly double extortion tactics, not only threatens data security but also has severe financial implications, emphasizing the need for robust and proactive cybersecurity measures.
Prevention and Protection Strategies: With the changing landscape of ransomware threats, businesses must evolve their data protection strategies, focusing on prevention tactics and updating outdated security measures to combat these sophisticated cyber attacks.

Rising Tide of Ransomware Attacks

Q: The report revealed that 48% of respondents had observed increased ransomware attacks. What do you attribute this increase to? Are there any broader industry-specific trends that stand out?

A: In the past, many companies weren’t as forthright about any potential attacks they might have seen. But now, people feel more comfortable admitting this. They have the industry’s support and can speak more about those particular threats.

We’re also seeing that ransomware groups are very profitable. So, they have many incentives to advance their craft, improve their technology, and continue their attacks at scale.

But this parallels an industry that has yet to improve its cybersecurity hygiene. I’ve yet to see any advancement where the ransomware attackers have to use advanced tech or burn zero days [over-use an under-the-radar exploit to the point it becomes widely-known and closed] to make their attack successful.

Instead, they have been successful at scaling and broadening their attack surface by using the same old tricks and taking advantage of things that have been known as vulnerable for years. So, it’s a consequence of the industry needing to move forward as fast as the attackers.

Revenue Loss and Operational Disruption

Q: 5% of respondents reported a significant impact on their external operations due to a ransomware incident. We have seen a few high-profile attacks like the MGM group in Vegas. Can you expand on what these significant impacts often entail?

A: It represents an overall industry trend of digitizing everything and making it scalable and available. Therefore, the consequence of a successful ransomware attack in the MGM case took out large parts of the entire business. It wasn’t just an affected customer database or a reservation system. It impacted their ability to operate their business on-premises, such as running their slot machines and a lot of their digital infrastructure.

There was an anecdote of the head of the FTC, the Federal Trade Commission to the US, who happened to be staying at an MGM property in town to talk about cybersecurity. She reported that she had to write down her credit card number on a slip of paper to someone behind the counter because they could not charge her for her room at that time.

It’s no longer just about the ransom the attackers are asking for. A successful attack can involve a massive loss of revenue and operational capability that is required to move your business forward.

It’s a double whammy of not only considering paying your way out of the ransom but also how it can impact your daily operations and ability to operate and bring in revenue.

READ MORE:

Essential Components of a Ransomware Plan

Q: Only 49% of organizations have a formal ransomware plan. What essential components should be included in a plan for anybody who wants to take this seriously and move it forward?

A: Every business generally has a plan for what happens if the internet goes down. The ransomware piece is just a tabletop exercise that adds an element of other areas you must consider. But you have to ask those difficult questions, like: “Would we pay? What would be the impact on the business if we didn’t pay? Are we allowed to pay due to legal constraints and regulations?”

It’s taking that extra step of your business continuity that says, assuming we lose a part of our business to a ransomware attack, what are the variables we must consider? And what would we need to answer in the heat of the moment that will allow us to maximize our business continuity and value?

The Ransom Payment Conundrum

Q: Interestingly, 21% of the respondents said they would pay or have previously paid a ransom. But what legal and ethical dilemmas could organizations face in such a situation?

A: One aspect of a ransomware attack is creating a sense of urgency and panic. You don’t want to make those heavy legal or ethical decisions in the heat of the moment because you’ll be playing into the attackers’ hands.

Attackers want you to take the easiest path for them, not necessarily the right path for you.

It would help if you always had one of the dangers of considering paying the ransom in the back of your mind, concluding that it’s the best decision for the organization and ensuring it’s within the proper legal framework.

All too frequently, once attackers have successfully extracted money from an organization, they become a continued target. So, you have to understand this and think about your risks from a business standpoint. But first and foremost, ensure that you have some excellent legal advice and that they’re part of your discussions about setting up your ransomware preparedness plan.

The Myth of the Silver Bullet in Cybersecurity

Q: The report shows a marginal increase in budget allocation for ransomware prevention tools from 57% last year to 61%. Based on some of the responses that you’ve received, what types of tools and approaches are businesses adopting?

A: Ransomware attackers are not using a novel technique and don’t have a unique ransomware attack tool. They’re taking advantage of general cyber hygiene. They scan the entire surface area of your digital presence, looking for flaws, openings, or small cracks to get their foot in the door and get into your enterprise.

It doesn’t surprise me that you wouldn’t see a big jump in spending on those tools because, in large part, there is no silver bullet you can buy.

Appropriate business continuity planning helps you understand how to act ahead of time rather than in the moment. When we talk about protecting from ransomware, it’s really about improving your security posture and cyber hygiene, which is an organizational and technology-wide endeavor rather than solving one particular problem.

Thoughts From the 2023 Thales Data Threat Report

The surge in ransomware incidents, coupled with the under-preparedness of many organizations, signals an urgent need for a shift in cybersecurity strategies. The evolution of ransomware into sophisticated double extortion tactics threatens data security and has profound financial and operational impacts on businesses. This situation calls for a proactive and comprehensive approach to cybersecurity, emphasizing the importance of robust prevention and protection strategies.

The insights from the report and our discussion underscore cybersecurity is no longer just a technical issue but a strategic imperative encompassing legal, ethical, and business continuity considerations. As ransomware attackers continue to exploit vulnerabilities with age-old tactics, the onus is on businesses to enhance their cyber hygiene and develop resilient, multi-faceted defense mechanisms.

It’s a timely reminder that vigilance, preparedness, and adaptability are key to safeguarding our digital infrastructures’ integrity, privacy, and operational efficacy. As we navigate these challenging waters, the insights and strategies discussed here will be invaluable for businesses looking to stay ahead of the curve in a world increasingly defined by digital transformation and escalating cyber threats.

About Robert Burns

Robert Burns has more than two decades of experience in designing, developing, and delivering high-assurance security products, combining a formal education in computer science with extensive expertise in cryptography projects for IBM and the U.S. Department of Defense.

In his role at Thales CPL, he leads a team of cloud security, product security, and certification specialists as they build the next generation of products and technologies for enterprise cloud security.

To hear Neil Hughes and Robert Burns in a longer discussion, visit Apple Podcasts or search Tech Talks Daily wherever you get your podcasts.