Phishing Still No. 1 Cause of Data Incidents, Ransomware Attacks on the Rise

A takeover of Microsoft Office 365 accounts may be the first item on the to-do list of bad actors who have breached an organization’s cybersecurity. Baker & Hostetler released its 2020 Data Security Incident Response Report on Thursday, indicating that ransomware is thriving with the help of stolen contact lists pilfered from unprotected accounts.

BakerHostetler released its sixth annual Data Security Incident Response (DSIR) Report, which contains incident response metrics and related insights from over 950 incidents the firm helped clients manage in 2019. The DSIR Report also addresses the data breach litigation landscape and cybersecurity strategy. The intent of the DSIR Report is to use incident response data to demystify incident response and serve as a resource to help organizations use risk-prioritized decision-making to take practical steps to improve their cybersecurity posture and operational resiliency.

“This year’s DSIR Report provides an enlightening analysis of the cyber landscape before COVID-19 came into the picture. Threats continue to evolve, and the compromise intelligence our report offers can help organizations with their preparation efforts,” said Theodore J. Kobus III, chair of BakerHostetler’s Digital Assets and Data Management Practice Group. “Cybercriminals are already taking advantage of the situation created by COVID-19, and employees will inadvertently expose sensitive data or facilitate a ransomware attack. Organizations are rapidly evolving their working from home (WFH) guidelines due to the stay-at-home orders around the globe.”

Unique among law firms, the DSIR Report includes comparative statistics for key areas of concern in privacy, cybersecurity, and compliance for organizations of all sizes and in all industries – especially healthcare, finance, insurance, education, professional services, energy, government, manufacturing, technology, retail, and hospitality.

“Every organization is – in some form – a technology organization dealing with data. The issues highlighted in this year’s report are central to all organizations’ operations, which have become increasingly more regulated,” said Kobus. “Our report provides insights on the myriad issues that organizations face and can help them limit their digital risk exposure.”

Trends in incident cause and response metrics in 2019:

  • For the fifth year in a row, phishing remained the leading cause of incidents at 38%.
  • Ransomware attacks are up, and there is no foreseeable slowdown. All industries segments are impacted, with top targets in manufacturing, professional services, healthcare, education, and government.
  • The average cost of forensics investigations is decreasing because of increased reliance on technology.
  • More organizations are self-discovering incidents.
  • Healthcare breaches continue to attract regulatory scrutiny.

“Until you have worked through the investigation of an incident, it is hard to appreciate the practical challenges organizations face in quickly and accurately determining what occurred so notification obligation decisions can be made, and appropriate communications prepared. Over and over, we have leveraged these response timeline metrics to guide clients on setting appropriately aggressive response time plans, context for how peers performed, and after the incident is over, identify opportunities for improvement,” explained Kobus.

The 2020 DSIR Report also includes informative sections on the History of Problems, Litigation, Healthcare Regulatory Investigations, and Implementation of “Reasonable Security.”

Other Key Findings Include:

  1. Properly implemented multi-factor authentication (MFA) significantly reduces risk, yet many organizations are still not utilizing it.
  2. Privacy and security are board-level issues, and boards like metrics, so providers and organizations are increasingly using them to engage with executives and boards on risk-based approaches to these issues.
  3. The ransomware epidemic has brought business continuity and resilience to the forefront.
  4. Ransomware forces new targets like manufacturing, schools, municipalities, professional services, and other industries that were not targeted in the past (because they did not have data worth stealing) to prioritize and fund enhancements to their cybersecurity measures.
  5. Each year, new risks emerge, and there are new tactics, techniques, and procedures (TTPs). It is important to watch what is happening to others and adapt.

Delgado, Ivette. (30 April 2020). BakerHostetler’s 2020 Data Security Incident Response Report Shows Phishing Still No. 1 Cause of Data Incidents, Ransomware Attacks on the Rise. Baker Law.