Despite large investments in security tools, organizations are not confident they can stop data exfiltration

An Osterman Research survey of 255 cybersecurity professionals (CIOs, IT managers, CISOs and security managers), exploring attitudes and perceptions surrounding data exfiltration. Most notably, the research reveals data exfiltration remains a significant threat and despite large investments in security tools, organizations are not confident they can stop data exfiltration.

In addition to underscoring fundamental problems with the industry’s current approach to security, the study introduces a new category of solutions to win the fight against ransomware: anti data exfiltration (ADX).

“The exfiltration of personally identifiable information, intellectual property and classified information remains a common theme in a number of cyberattacks and represents a significant threat to organizations across industries,” said Michael Sampson, Senior Analyst, Osterman Research.

“Existing tools are no longer a sufficient measure to prevent data exfiltration. Anti data exfiltration provides a new approach in the ongoing fight against cyberattacks.”

The growing importance of preventing data exfiltration

The survey highlights the growing importance of preventing data exfiltration, with organizations ranking the current level of importance (73 percent) nearly twice that of 12 months ago (39 percent). Among other findings, the study found:

• Large organizations indicated the highest initial (54 percent), current (77 percent) and forecasted (89 percent) levels of importance for preventing data exfiltration.
• Only 43 percent of respondents were very confident their organization would emerge unscathed from a ransomware attack, with no data exfiltrated.
• 68 percent of respondents said existing data loss prevention (DLP) tools are difficult to configure, 60 percent said they are difficult to maintain and 51 percent said DLP cannot prevent data exfiltration.
• Over the past 12 months,
• 42 percent of organizations have experienced a ransomware attack with no evidence of exfiltration
• 41 percent experienced an employee’s mistake resulting in data exfiltration
• 33 percent experienced a credential theft resulting in data exfiltration
• 31 percent experienced a phishing campaign resulting in data exfiltration

“Despite significant investment in ‘best-in-breed’ security tools (more than 59% of all organizations have from 3-9 tools), it’s clear organizations are still struggling with cyberattacks resulting in data exfiltration. The industry’s current approach to security isn’t working and a new solution is needed,” said BlackFog CEO, Dr. Darren Williams.

“By targeting multiple parts of the kill chain, anti data exfiltration is able to block the activation and spread of cyberattacks. Since cyberattacks – especially ransomware – focus on data theft and extortion, it has become an important technique to thwart modern polymorphic attacks.”