BakerHostetler, a leading law firm, has recently released their 2022 Data Security Incident Response Report to provide organizations with valuable insights into current state of data security incidents and the mounting challenges organizations face in protecting their data. Don’t be caught off guard, learn the facts and find out how to strengthen your defense against data security incidents.
According to the report, ransomware is still the leading cause of data security incidents, with attackers constantly adapting their methods to escalate their extortion efforts. The report reveals that 37% of all incidents in 2021 were ransomware attacks, a significant increase from the 27% reported in 2020. Furthermore, attackers claimed to have stolen data in 82% of ransomware attacks, up from 70% in the previous year. The report also discovered that network intrusions accounted for 45% of data security incidents, followed by business email compromise at 30% and accidental disclosure at 12%. The root cause of these incidents was largely unknown in 25% of cases, while unpatched vulnerabilities and social engineering were also significant contributors. The healthcare industry was the hardest hit, accounting for 24% of incidents, followed by finance and insurance at 17% and business and professional services at 15%. It’s worth noting that 16% of the incidents reported involved vendor incidents, highlighting the importance of ensuring the security measures of all parties involved in an organization’s operations.
In addition to the increase in ransomware attacks, the report sheds light on the rise in litigation, particularly for smaller incidents. In 2021, 23 incidents resulted in one or more lawsuits, with over 1.2 million individuals being notified in eight of those lawsuits. The researchers identified a persistence of fraudulent fund transfer incidents and an increase in the number of business email compromise incidents, putting organizations under increased pressure to provide notification of such incidents. This highlights the importance of having robust security measures in place and being prepared to respond to data security incidents.
The report also found a growing trend of ransom demands and payments, especially in the healthcare sector, where the median ransom demand reached $1,475,000 in 2022 with an average ransom demand of $3,257,688. The average payment amount also rose by 78% to $1,562,141, with a median payment of $500,000. Across all industries, the average ransom payment increased by 15% to $600,688. This trend emphasizes the significance of having a solid business continuity plan and being ready to handle ransomware attacks.
Threat actors continue to evolve and adapt their tactics, finding new ways to evade the security measures that organizations put into place to protect their data. Despite organizations implementing a range of security measures such as multi-factor authentication, endpoint detection and response tools, patch management solutions, and security incident and event management tools, among others, threat actors have found new ways to evade these measures, such as using social engineering to trick employees and creating fraudulent websites. To improve their cybersecurity posture and become more resilient in the face of data security incidents, BakerHostetler recommends that organizations segment their networks, identify a list of critical applications, and ensure that all critical systems are backed up using immutable backups. Companies should also use widely deployed and properly configured security tools that are monitored 24/7 by internal or external security operations centers, and have the anti-uninstall feature enabled. Organizations should also ensure that their business continuity plans identify manual workarounds in the event key systems are encrypted, and conduct cross-functional training and testing exercises involving activation of all teams in the Business Continuity/Disaster Recovery Plan.
The chair of BakerHostetler’s DADM Practice Group, Theodore J. Kobus III, stresses the significance of having an adaptable security approach. He notes that implementing efficient security measures is challenging due to the ever-changing threat landscape, and that organizations must keep track of both threat intelligence and implementation. A nimble security strategy, he says, leads to greater resilience and the ability to effectively utilize technology to achieve organizational goals. Craig Hoffman, co-leader of BakerHostetler’s national Digital Risk Advisory and Cybersecurity team also emphasizes the importance of having the proper tools in place to handle ransomware attacks. He notes that organizations that have experienced significant ransomware events were more likely to have used a fully deployed endpoint detection and response tool with the anti-uninstall feature enabled. “Ransomware attacks are not going away”, stated Kobus III. “In addition to an EDR tool and a robust business continuity plan, effective measures to combat this risk include multifactor authentication, effective patch management, and addressing coverage deficits.
The 2022 Data Security Incident Response Report reveals the pressing need for organizations to improve their cybersecurity posture. With ransomware attacks on the rise and the threat landscape constantly evolving, it’s crucial for organizations to stay informed and continuously update their security measures. By following the recommendations in the report, organizations can become more resilient in the face of data security incidents and better protect their operations and customers. Act now to improve your cybersecurity posture and stay ahead of the ever-changing threat landscape.