The report provides risk mitigation and compromise response intelligence from more than 1,250 data security incidents the firm helped manage responses to in 2020, including ransomware and vendor incidents.
WASHINGTON – April 30, 2021 – BakerHostetler released the seventh edition of its annual Data Security Incident Response (DSIR) Report, which features insights and metrics from the response to more than 1,250 incidents (and their aftermaths) the firm helped clients manage in 2020. The data and analysis in the report – from security incidents to regulatory enforcement matters, class actions, compliance projects, data governance and advisory matters – can be used by organizations to identify and quantify likely risks and to develop a prioritized security and compliance road map.
The DSIR Report is produced by BakerHostetler’s Digital Assets and Data Management (DADM) Practice Group. This convergence practice addresses enterprise risks, disputes, compliance and opportunities through the life cycle of data, technology, advertising and innovation, including marketing strategies and monetization. The DADM Group’s compromise response intelligence helps clients understand what leads to an incident, how to resolve issues and addresses the potential for regulatory and litigation risks.
“The pandemic and changing technology trends have disrupted the way organizations operate, and the incident response industry was no exception. Our clients and industry relationships rely on the DSIR Report for access to the metrics and insight across the digital landscape to improve their products/services and identify measures to enhance their cybersecurity posture and operational resilience,” said Theodore J. Kobus III, chair of BakerHostetler’s DADM Practice Group. “Each year we add features based on key issues and trends our team has identified, in order to help organizations, develop solutions to the issues data and technology create. This year’s report includes features on ransomware and cybersecurity supply-chain risks.”
Trends in incident cause and response metrics in 2020 include:
- Network intrusion was the leading cause of incidents in 2020 at 58%, displacing phishing, which had been the No. 1 cause the five previous years.
- Ransomware attacks continued to grow in frequency and severity – ransoms demanded and paid increased drastically. In 2020 our incidents involved 75 threat actor groups/variants, compared with 15 in 2019.
- Complications from the pandemic impacted detection, containment, investigation and notification times across the Incident Response life cycle.
- The prior year trend of lawsuits being filed after notifications to 100,000 or fewer individuals continued in 2020.
While infosec professionals were already working on building defenses for technology environments that no longer reside inside a perimeter wall, the COVID-19 pandemic and the resulting WFH mandates heightened the focus on this area of security. The report details a half-dozen consequences of WFH that were evident in the incidents tracked by the firm.
“In 2020 we saw a continued surge in ransomware as well as an increase in large supply chain matters, further stretching the capacity of the incident response industry,” said Kobus. “Organizations worked to quickly contain incidents – despite challenges in simply getting passwords changed and endpoint, detection and response tools deployed to remote workers. Companies with international operations contended with cross-border and regional restrictions on personnel movement. Getting access to facilities to obtain forensic images was a challenge. Necessity, and experience, drove creative solutions.”
Ransomware Rampant and Stats by Industry
Ransomware matters remained a menace in 2020, with many threat actors changing tactics and not only encrypting data, but also stealing it. The report details how this gives attackers two pressure points to extract ransoms – even from companies that can restore systems using a backup. This year’s DSIR Report provides statistics on the average amount of ransomware paid, the largest ransom paid, how often evidence of data exfiltration was present, the timeline on making demand payments and the time lapse from encryption of data to restoration, as well as other statistics. And for the first year, the report breaks ransomware stats down by industry, including healthcare, manufacturing, financial services and hospitality. Also included is a checklist for companies to use during the first day responding to a ransomware matter.
Additional statistics and analysis can be found in the BakerHostetler 2021 Data Security Incident Response Report found here.
The DADM Group marshals the strength of seven service delivery teams – comprising attorneys with technologists and support professionals from the firm’s highly regarded IncuBaker program to help clients navigate the intersection of digital business, emerging technologies and the law. The group was named a 2020-2021 “Pacesetter” in Cybersecurity Services by ALM Intelligence Pacesetter Research, an independent research group focused on professional services. BakerHostetler is the only law firm to achieve Pacesetter status. The firm was also one of four law firms named “Market Leaders” in the report. The group is recognized as a “Powerhouse” by BTI Consulting’s Cybersecurity & Data Privacy 2020 Report and has been named one of BTI’s “Cybersavvy 16,” a nationwide list of the top legal practices in this arena.
Recognized as one of the top firms for client service, BakerHostetler is a leading law firm that helps clients around the world address their most complex and critical business and regulatory issues. With six core practice groups – Business, Digital Assets and Data Management, Intellectual Property, Labor and Employment, Litigation, and Tax – the firm has nearly 1,000 lawyers located coast to coast. For more information, visit bakerlaw.com.
Gabi Valentine +1.202.861.1582 firstname.lastname@example.org