Data Breach Response Essentials for the Ransomware AgeCraig A. Hoffman Shares Takeaways From 1,250 Incidents Probed by BakerHostetler
Network intrusion displaced phishing as the leading hack-attack tactic last year, while ransomware continued to surge and the pandemic complicated incident response efforts.
Those are just some of the trends highlighted by law firm BakerHostetler based on 1,250 incidents that it helped clients manage in 2020, as encapsulated in its latest Data Security Incident Response Report. While those efforts were U.S.-based, the firm notes that at least 20% of the incidents also had a global component.
Ransomware, in particular, is one of the costliest challenges facing organizations, not least if they choose to pay a ransom. "When our clients paid a ransom in 2018 they were, on average, paying about $30,000. When they paid in 2019 it jumped to about $300,000 and in 2020 it jumped … to almost $800,000," says Craig A. Hoffman, a partner at BakerHostetler who authored the DSIR Report.
"Ransomware groups have been extraordinarily effective at getting in and getting leverage to force companies to pay, and they get leverage by stealing data and then encrypting a lot of devices all at once," he says. "So you've seen the number of ransomware groups proliferate. We tracked 25 groups in 2019; there were 75 different groups that were involved in incidents we had last year."
In this video interview with Information Security Media Group, Hoffman discusses:
- Attack trends, dwell time and the continuing surge in ransomware;
- Must-have defenses, including next-generation endpoint security tools, an effective backup strategy and better visibility;
- Essential incident response steps in the event of a breach, and the importance of tabletop exercises for speeding response.
Hoffman is an attorney who co-leads BakerHostetler's digital risk advisory and cybersecurity team and serves as the Ohio digital assets and data management leader. He has assisted organizations in dealing with thousands of data security incidents. He also has worked with numerous organizations to create or improve their incident response plans as well as to respond to investigations by U.S. state attorneys general, multistate attorneys general groups, the Federal Trade Commission, EU supervisory authorities and other international data protection regulatory authorities.