Ransomware remains one of the top ways that organizations' data is exposed, and data exposure accounts for over two thirds of reported security breaches, according to research group Omdia.

In addition to ransomware, hacking and supply chain attacks are the leading ways that bad actors obtain corporate data for exposure, said Omdia in its third-annual report on Data Privacy Day, which occurred on January 28.

The impact of ransomware can be expensive and have far-reaching impacts. Omdia noted that the impact of the 2021 Colonial Pipeline attack in the US even shocked hackers, explaining that "the attackers appeared genuinely surprised by how much disruption had been caused, apologized and took the surprisingly low ransomware payment of around $4.5 million, some of which has since been recovered."

In a recent Light Reading podcast, Mike Frane, VP of product management for Windstream Enterprise, echoed concerns that ransomware will be on this rise in 2022: "We're going to see an increase in ransomware attacks, malware and exploits ... make sure your security is evolving as fast as your business model and your network."

On this episode of the Light Reading Podcast, Mike Frane provided his forecast for enterprise trends in 2022.

"Ransomware continues to be a scourge on society, not only making corporate data inaccessible until a ransom is paid (including personally identifiable information, or PII) but also threatening to expose this data if the ransom isn't paid," said Data Privacy Day report authors Maxine Holt, senior director of cybersecurity; and Bradley Shimmin, chief analyst of AI platforms, analytics and data management for Omdia, a research group that's part of Light Reading's parent company, Informa.

In years past, the threat of ransomware stemmed mainly from the potential loss of data – now bad actors often threaten to release sensitive data, in addition to holding data hostage.

"Now you not only lose access to your data but they can give it to other people … we've seen the commoditization of ransomware, giving out ransomware-as-a-service and how mature these marketplaces have become," Suzanne Widup, senior principal threat intel analyst for Verizon, told Light Reading in a recent podcast.

On this episode of the Light Reading Podcast, Verizon's Suzanne Widup provided insight into cybersecurity trends and shared key findings from the service provider's annual Data Breach Investigations Report (DBIR).

However, enterprises are increasingly placing more value on data protection – Omdia's annual IT Enterprise Insights Survey for 2021-22 revealed that management of security, identity and privacy is the leading IT trend for nearly 20% of organizations. Even though more organizations are recognizing the importance of data privacy and security, only 48% or enterprises have a fully developed or well-advanced approach to cybersecurity and digital risk, and 52% have a substantially inadequate approach, according to the survey.

To better protect their data, Holt and Shimmin encouraged organizations to focus on the information lifecycle (create, process, store, transmit and destroy) to identify which data should be protected and how and where it should be stored.

"Furthermore, classifying data appropriately is important as all data is not equal: some data will require strong protection and other data will not," said the authors. The use of artificial intelligence (AI) can also reveal data patterns that can alert organizations to potential threats."

Omdia analysts also recommend organizations regularly review and improve their strategies to protect against potential ransomware attacks and invest in AI tools to identify and respond to data privacy risks.

"AI techniques such as unsupervised deep learning (DL) can help organizations understand attack targets and vectors by encouraging observability across the data lifecycle," they explained.

— Kelsey Kusterer Ziser, Senior Editor, Light Reading