Thales has released the 2023 Thales Data Threat Report, an annual report that surveys nearly 3000 IT and security professionals in 18 countries to identify the latest data security threats, trends, and emerging topics. According to this year's report, there has been an increase in ransomware attacks and increased risks to sensitive data in the cloud.
The report found that 52% of IT professionals surveyed in India believe that security threats are increasing in volume or severity, with a higher percentage of IT professionals in India reporting an increase in ransomware attacks (52%) than the global figure (48%). Additionally, 38% of respondents in India (37% globally) have experienced a data breach in the past 12 months, with 23% (22% globally) reporting that their organisation was a victim of a ransomware attack.
Respondents identified cloud assets and IoT devices as the biggest targets for cyberattacks. In India, 53% of respondents said that their IoT devices were the biggest targets, followed by cloud-based storage (41%) and cloud delivered applications (SaaS) (40%). At the global level, 28% of respondents said SaaS apps and cloud-based storage were the biggest targets, followed by cloud-hosted applications (26%) and cloud infrastructure management (25%). This increase in cloud exploitation and attacks is due to the increase in workloads moving to the cloud, with 75% of respondents globally stating that 40% of data stored in the cloud is now classified as sensitive compared to 49% of respondents in 2022.
The report also highlights the challenges businesses face in light of a changing threat landscape and the progress they are making to address those threats. For those organisations that have suffered a data breach in the past 12 months, misconfiguration or human error was the primary cause identified by 52% of respondents in India and 55% globally, followed by the exploitation of a known vulnerability (21% in India as well as globally), and of a zero day/previously unknown vulnerability (21% in India and 13% globally).
The severity of ransomware attacks appears to be declining, with 35% of respondents globally reporting that ransomware had a significant impact compared to 44% of respondents reporting similar levels of impact in 2022. However, only 48% of enterprises in India (nearly the same as 49% globally) reported having a formal ransomware response plan, while 82% (67% globally) still report data loss from ransomware attacks.
The report also highlights concerns over digital sovereignty, with 82% (nearly the same as 83% globally) of respondents expressing concerns over data sovereignty, and 44% (55% globally) agreeing that data privacy and compliance in the cloud has become more difficult, likely due to the emergence of requirements around digital sovereignty. The report also found that 62% of organisations globally have five or more key management systems, presenting a challenge for Post Quantum Cryptography (PQC) and crypto agility.
Ashish Saraf, VP and Country Director, Thales – India, said that while progress was being made in certain areas, including multi-factor authentication adoption and increased use of data encryption, there are still security gaps regarding data visibility. He urged organisations to maintain better control over their data to serve their stakeholders with greater safety and trust, especially with the increase in cyber-attacks in India and globally. Businesses need to focus on implementing robust security measures to protect against these threats.
“In an increasingly cloud-first world, where cloud based storage is being perceived in India as one of the biggest target for cyber-attacks by the report, organisations must maintain better control over their data so they can serve their stakeholders with greater safety and trust. With half of the organisations surveyed in India observing an increase in cyber-attacks, businesses need to focus on implementing robust security measures to protect against,” Saraf said.