Research shows data security tools fail against ransomware 60% of the time

Today, data security provider, Titaniam Inc., released the State of Data Exfiltration & Extortion Report, which revealed that while over 70% of organizations have an existing set of prevention, detection and back solutions, nearly 40% have been hit with ransomware attacks in the last year. 

The findings suggest that traditional data security tools, like secure backup and recovery tools, solutions that offer encryption at rest and in transit, tokenization and data masking, are failing to protect enterprises’ data against ransomware threats 60% of the time.

Above all, the research highlights that organizations cannot afford to be reliant on traditional data security tools alone to defend against data exfiltration and double extortion ransomware attacks, they need to be able to encrypt data-in-use to stop malicious actors in their tracks. 

The problem with traditional data security tools 

The problem with traditional data security tools isn’t that they don’t have robust security measures, but that attackers can sidestep these controls by stealing credentials to achieve privileged access to critical data assets. 

“These traditional tools are ineffective against ransomware and extortion because the most common attacks aren’t about attackers “hacking” in but rather attackers “logging in” using stolen credentials. When this happens, traditional security tools view attackers like they would valid users,” said founder and CEO of Titaniam, Arti Raman. 

“In this scenario, as attackers move through the network, they can use their credentials to decrypt, detokenize and unmask data like a legitimate user or administrator would as they went about their day-to-day work. Once the data has been decrypted, attackers exfiltrate it and use it as leverage for extortion,” Raman said. 

Raman notes that the shift toward exfiltration occurred around mid- to late-2020, when cybercriminals started incorporating data exfiltration to gain more leverage over victims using backup and recovery solutions. 

The only way to defend against the intrusions typical of modern ransomware attacks is for organizations to deploy data security solutions with encryption-in-use. Encryption-in-use can help obscure data so that it can’t be exfiltrated by attackers who’ve obtained privileged access to enterprise resources. 

The data encryption market 

The need for enhanced data protection has contributed to a significant growth in the data encryption market, which researchers valued at $9.43 billion in 2020 and anticipate will reach a value of $42.3 billion by 2030, as more organizations seek to keep out unauthorized users. 

Gartner [subscription required] also anticipates that data encryption will grow more popular in the future, suggesting that by 2023, 40% of organizations will have a multisite, hybrid and multicolor data encryption strategy, up from less than 5% in 2020. 

Titaniam is one of the latest entrants to the market, providing enterprises with a data security platform with encryption-in-use to protect it from unauthorized users who’ve gained privileged access, and raising $6 million as part of a seed funding round at the start of this year. 

It’s competing against providers like IBM Security Guardium Data Encryption, which offers enterprises encryption, tokenization, data masking and key management capabilities to protect data in cloud, virtual and on-premise environments. IBM recently reported raising fourth quarter revenue of $16.7 billion. 

Likewise, Fortanix occupies a significant position in the market with its Runtime Encryption platform that uses encryption to protect data from being exposed in plaintext. Fortanix most recently raised $23 million as part of a series B funding round in 2019. 

The main differentiator between Titaniam and other data encryption providers is that it doesn’t rely on tokenization. This means encryption-in-use doesn’t disrupt full-feature search and analytics applications, providing an answer that balances greater security controls without impeding the user experience.