The State of Data Security is in Critical Condition

Humans don’t deal with uncertainty well. When faced with the possibility of something happening, we like to think in absolutes: “Yes, this will most definitely happen,” or “No, that definitely won’t happen.” Nobody can tell you with 100% certainty if you’ll be hit with a cyberattack, but we can tell you what happened to your peers last year.

Rubrik Zero Labs has released a new report, “The State of Data Security: Measuring Your Data’s Risk,” raising alarms about data risk across organizations while spotlighting one industry that is experiencing some of the toughest data security challenges: healthcare.

Rubrik Zero Labs studies the challenges organizations face when securing their data and how teams can reduce data risk and prepare for the evolving risk cycle before, during, and after a cyberattack. Healthcare is a prime target for cybercriminals, and the impacts of these organizations not being able to access their data are very, very real. Let’s explore the findings further.?

Ransomware Produces Outsized Impacts Against Healthcare

Healthcare organizations are facing a stark reality; they are losing a substantial amount of their sensitive data in every ransomware attack. The report outlines observations, based on Rubrik Telemetry data, that healthcare organizations:

• Lose an estimated 20% of their sensitive data in every ransomware attack
• Experienced 50% more encryption events than the global average last year
• Have an estimated impact of almost five times more sensitive data in ransomware attacks than the global average

Cybercrime Continues to Wreak Havoc across Organizations — and IT and Security Teams

The research also offers insights into real-world risks against data as the pace and volume of cyber events continue to increase globally, aided by the explosion of data in the cloud and the realities of modern computing environments.

The volume of attacks being raised to senior leadership continues to be pervasive across organizations. 94% of IT and security leaders reported their organization experienced a significant cyberattack last year and, on average, faced 30 attacks in that timeframe. One-third of these victims endured at least one ransomware attack.

While security and IT teams are navigating the barrage of attacks their organizations face, their leaders are under a magnifying glass, and they’re feeling the pressure. 96% of senior IT and security leaders reported changes to their emotional and/or psychological state as a direct result of a cyberattack, with 38% worrying about job security.

Those psychological impacts are no coincidence. Senior security leaders’ jobs are on the line. Following cyberattacks, 44% of organizations reported leadership changes, up from 36% in Rubrik Zero Labs’ Fall 2022 report “The State of Data Security: The Human Impact of Cybercrime.”

Measuring your Data Risk with Blind Spots

Another key theme the report explores is the volatility of securing data across the cloud. Rubrik observations show that the cloud is targeted with more frequency—and more success—than its on-premises counterparts. It also contains blind spots, making it difficult to defend.

“The more we talk about cyber threats like ransomware, and its impact on industries like healthcare, the more we can collaborate to minimize the risk calculus and ultimately best cyber attackers trying to impede our businesses.” – Steven Stone, Head of Rubrik Zero Labs.

Organizations are becoming more dependent on the cloud. In 2023, Rubrik observed that cloud architecture stored 13% of an organization’s data, compared to 9% in 2022. Comparatively, data stored on-premises declined from 77% in 2022 to 70% in 2023.

Of the external organizations victimized in a cyberattack in 2023, many reported attacks across multiple aspects of their hybrid environment, with 67% of attacks impacting SaaS data, 66% for the cloud, and 51% for on-premises locations.

The cloud also comes with inherent risk based on security blind spots and vulnerable sensitive data, according to Rubrik Telemetry:

• Blind spot #1: 70% of all data observed in a typical cloud instance is object storage, which typically has a far lower security coverage compared to other areas
• Blind spot #2: 88% of all data observed in object storage is not confirmed as machine-readable or covered by prominent security technologies and services
• Blind spot #3: More than 25% of object storage data observed is subject to regulatory or legal requirements, such as protected health information and personally identifiable information

Dealing with Sensitive Data is a Risky Business

Because of the literal millions of variables involved, you’ll never be able to fully pin down your risk—or completely eliminate it. What you can do is get a handle on the most impactful levers,

work to address predictable outcomes, and take distinct actions to change the risk calculus in your favor.

To learn more, view the new report from Rubrik Zero Labs here and to better understand the context of this report, subscribe to our podcast here.

Rubrik is on a mission to secure the world’s data. With Zero Trust Data Security?, we help organizations achieve business resilience against cyberattacks, malicious insiders, and operational disruptions. Rubrik Security Cloud, powered by machine learning, secures data across enterprise, cloud, and SaaS applications. We help organizations uphold data integrity, deliver data availability that withstands adverse conditions, continuously monitor data risks and threats, and restore businesses with their data when infrastructure is attacked.

Subscribe to Data Security Digest as your destination for all things Zero Trust Data Security.