Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


04:20 PM
Dark Reading
Dark Reading
Products and Releases

BakerHostetlers 2020 Data Security Incident Response Report Shows Phishing Still No. 1 Cause of Data Incidents, Ransomware Attacks on the Rise

Firm's sixth annual report shares insights and statistics from more than 950 incidents managed in 2019

WASHINGTON – April 30, 2020 – BakerHostetler released its sixth annual Data Security Incident Response (DSIR) Report, which contains incident response metrics and related insights from over 950 incidents the firm helped clients manage in 2019. The DSIR Report also addresses the data breach litigation landscape and cybersecurity strategy. The intent of the DSIR Report is to use incident response data to demystify incident response and serve as a resource to help organizations use risk-prioritized decision-making to take practical steps to improve their cybersecurity posture and operational resiliency.

“This year’s DSIR Report provides an enlightening analysis of the cyber landscape before COVID-19 came into the picture. Threats continue to evolve, and the compromise intelligence our report offers can help organizations with their preparation efforts,” said Theodore J. Kobus III, chair of BakerHostetler’s Digital Assets and Data Management Practice Group. “Cyber criminals are already taking advantage of the situation created by COVID-19, and employees will inadvertently expose sensitive data or facilitate a ransomware attack. Organizations are rapidly evolving their working from home (WFH) guidelines due to the stay-at-home orders around the globe.” 

Unique among law firms, the DSIR Report includes comparative statistics for key areas of concern in privacy, cybersecurity and compliance for organizations of all sizes and in all industries – especially healthcare, finance, insurance, education, professional services, energy, government, manufacturing, technology, retail and hospitality.

“Every organization is – in some form – a technology organization dealing with data. The issues highlighted in this year’s report are central to all organizations’ operations, which have become increasingly more regulated,” said Kobus. “Our report provides insights on the myriad issues that organizations face and can help them limit their digital risk exposure.”
Trends in incident cause and response metrics in 2019:

  • For the fifth year in a row, phishing remained the leading cause of incidents at 38%. 
  • Ransomware attacks are up, and there is no foreseeable slowdown. All industries segments are impacted, with top targets in manufacturing, professional services, healthcare, education and government.
  • The average cost of forensics investigations is decreasing because of increased reliance on technology.
  • More organizations are self-discovering incidents. 
  • Healthcare breaches continue to attract regulatory scrutiny.

“Until you have worked through the investigation of an incident, it is hard to appreciate the practical challenges organizations face in quickly and accurately determining what occurred so notification obligation decisions can be made, and appropriate communications prepared. Over and over, we have leveraged these response timeline metrics to guide clients on setting appropriately aggressive response time plans, context for how peers performed, and after the incident is over, identify opportunities for improvement,” explained Kobus.

The 2020 DSIR Report also includes informative sections on the History of Problems, Litigation, Healthcare Regulatory Investigations and Implementation of “Reasonable Security.”

Other Key Findings Include:

  1. Properly implemented multi factor authentication (MFA) significantly reduces risk, yet many organizations are still not utilizing it.
  2. Privacy and security are board-level issues, and boards like metrics, so providers and organizations are increasingly using them to engage with executives and boards on risk-based approaches to these issues.
  3. The ransomware epidemic has brought business continuity and resilience to the forefront.
  4. Ransomware forces new targets like manufacturing, schools, municipalities, professional services and other industries that were not targets in the past (because they did not have data worth stealing) to prioritize and fund enhancements to their cybersecurity measures. 
  5. Each year, new risks emerge, and there are new tactics, techniques and procedures (TTPs). It is important to watch what is happening to others and adapt.

Earlier this year, BakerHostetler launched the Digital Assets and Data Management Practice Group, which marshals the strength of seven service delivery practices, and the firm’s innovative legal technology R&D team, IncuBaker, to provide clients enterprise risk solutions. The DADM Group provides comprehensive counsel on the full range of complex and evolving issues associated with data and technology, including digital innovation, e-commerce, fintech, cybersecurity, consumer privacy, transactions, governance, risk management and more.

About BakerHostetler
Recognized as one of the top firms for client service, BakerHostetler is a leading law firm that helps clients around the world address their most complex and critical business and regulatory issues. With six core practice groups – Business, Digital Assets and Data Management, Intellectual Property, Labor and Employment, Litigation, and Tax – the firm has nearly 1,000 lawyers located coast to coast. For more information, visit www.bakerlaw.com



Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 6/4/2020
Abandoned Apps May Pose Security Risk to Mobile Devices
Robert Lemos, Contributing Writer,  5/29/2020
How AI and Automation Can Help Bridge the Cybersecurity Talent Gap
Peter Barker, Chief Product Officer at ForgeRock,  6/1/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: What? IT said I needed virus protection!
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-06-04
In MiniShare before 1.4.2, there is a stack-based buffer overflow via an HTTP PUT request, which allows an attacker to achieve arbitrary code execution, a similar issue to CVE-2018-19861, CVE-2018-19862, and CVE-2019-17601. NOTE: this product is discontinued.
PUBLISHED: 2020-06-04
The MQTT protocol 3.1.1 requires a server to set a timeout value of 1.5 times the Keep-Alive value specified by a client, which allows remote attackers to cause a denial of service (loss of the ability to establish new connections), as demonstrated by SlowITe.
PUBLISHED: 2020-06-04
Portable UPnP SDK (aka libupnp) 1.12.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted SSDP message due to a NULL pointer dereference in the functions FindServiceControlURLPath and FindServiceEventURLPath in genlib/service_table/service_table.c.
PUBLISHED: 2020-06-04
Castel NextGen DVR v1.0.0 is vulnerable to CSRF in all state-changing request. A __RequestVerificationToken is set by the web interface, and included in requests sent by web interface. However, this token is not verified by the application: the token can be removed from all requests and the request ...
PUBLISHED: 2020-06-04
Pydio Cells 2.0.4 web application offers an administrative console named “Cells Console� that is available to users with an administrator role. This console provides an administrator user with the possibility of changing several settings, including the applicat...