The battleground between threat actors and network defenders is increasingly coming down to one thing: data. It could be the sensitive personal information of customers and employees, which is highly regulated in many regions, or it could be intellectual property—less regulated but a critical driver of competitive advantage. Either way, defenders have it, and the bad guys want it. They have an increasingly wide range of tactics, techniques, and procedures (TTPs) to get it. And as recent events have shown, the threat from malicious third parties today is more acute than ever.
This is where data-centric security makes a lot of sense. Apply the strongest possible protection to the data itself, and even if other controls fail—as they often do—the organization remains safe.
Breaches galore
Security breach risks aren’t just confined to external attacks. Internal causes were behind 18% of data breaches analyzed by Verizon over the past year, while partner organizations accounted for a further 39%. However, that leaves external sources comprising the vast majority (73%). And threat actors have been out in force lately. Most recently we’ve seen:
- Tech giant Samsung report an incident in which an undisclosed number of customers’ data was stolen. It said names, contact and demographic information, dates of birth, and product registration information were taken
- Financial services firm KeyBank suffer a serious breach via a third-party insurance provider. Social Security numbers, addresses, and the account numbers of home mortgage holders were among the information stolen
- Italian state-owned energy services firm GSE lose an estimated 700GB of internal data in an attack by the BlackCat (ALPHV) ransomware group. Information on projects, contracts, and accounting was claimed to be part of the haul
The cybercrime economy has a vast and impressively efficient supply chain, meaning that monetizable customer data often finds its way from breaches like this to underground marketplaces, where it’s bought by fraudsters. It can then be used directly in identity fraud attacks such as account takeover, or deployed in phishing attempts to elicit more valuable info like bank details. Cybercrime sites enabling this are widespread. The US and Portuguese recently dismantled one of the most notorious, WT1SHOP, which had nearly six million records up for sale.
Ransomware increases risk
The threat from malicious third parties has surged of late thanks to one particular trend on the threat landscape: double extortion ransomware. There was a time when ransomware actors were relatively thin on the ground, as launching attacks took a fair amount of skill and sophistication. Their means of monetization were confined to deploying ransomware to encrypt victim systems, thereby force them into paying up.
That has changed thanks to two trends. First, the proliferation of double extortion, in which threat actors steal data before they encrypt it, in order to increase their chances of monetizing attacks. Second, ransomware-as-a-service (RaaS), which has driven a surge in new “affiliate” threat groups with less technical ability. Every week we see multiple new victims added to these groups’ data leak blogs, where a small sample of stolen victim data is published to show they mean business.
There’s no suggestion that all of the following have had data stolen, but in just the past fortnight, we’ve seen victims including:
- UK transportation giant Go-Ahead
- Hotel chain Holiday Inn
- The LA Unified School District: the second largest school district in the US
- Portuguese national carrier TAP Air
- The Chilean government
According to one estimate, 66% of global organizations were hit by ransomware in 2021, a 29% increase on the previous year.
The power of data-centric security
It’s clear from this rapidly growing list of corporate breach victims that current cyber defenses are not doing their job. Threat actors have too many opportunities to target what is in many organizations a highly distributed and under-protected attack surface. That means IT leaders should go back to basics by protecting what is most at risk: the data itself.
Data-centric security applies this protection, in the form of tokenization or format-preserving encryption, to any sensitive information. If it is breached and exfiltrated, threat actors will simply have in their possession a useless pile of scrambled data. As long as enterprises find a technology partner to deliver continuous data discovery, classification and protection across any environment, they will be in a strong position. It’s a position they can then build on to digitally transform and grow the business with confidence.
