Fraud Management & Cybercrime , Incident & Breach Response , Next-Generation Technologies & Secure Development

Data Breach Response Essentials for the Ransomware Age

Craig A. Hoffman Shares Takeaways From 1,250 Incidents Probed by BakerHostetler
Craig A. Hoffman, partner, BakerHostetler

Network intrusion displaced phishing as the leading hack-attack tactic last year, while ransomware continued to surge and the pandemic complicated incident response efforts.

See Also: Building Better Security Operations Centers With AI/ML

Those are just some of the trends highlighted by law firm BakerHostetler based on 1,250 incidents that it helped clients manage in 2020, as encapsulated in its latest Data Security Incident Response Report. While those efforts were U.S.-based, the firm notes that at least 20% of the incidents also had a global component.

Ransomware, in particular, is one of the costliest challenges facing organizations, not least if they choose to pay a ransom. "When our clients paid a ransom in 2018 they were, on average, paying about $30,000. When they paid in 2019 it jumped to about $300,000 and in 2020 it jumped … to almost $800,000," says Craig A. Hoffman, a partner at BakerHostetler who authored the DSIR Report.

"Ransomware groups have been extraordinarily effective at getting in and getting leverage to force companies to pay, and they get leverage by stealing data and then encrypting a lot of devices all at once," he says. "So you've seen the number of ransomware groups proliferate. We tracked 25 groups in 2019; there were 75 different groups that were involved in incidents we had last year."

In this video interview with Information Security Media Group, Hoffman discusses:

  • Attack trends, dwell time and the continuing surge in ransomware;
  • Must-have defenses, including next-generation endpoint security tools, an effective backup strategy and better visibility;
  • Essential incident response steps in the event of a breach, and the importance of tabletop exercises for speeding response.

Hoffman is an attorney who co-leads BakerHostetler's digital risk advisory and cybersecurity team and serves as the Ohio digital assets and data management leader. He has assisted organizations in dealing with thousands of data security incidents. He also has worked with numerous organizations to create or improve their incident response plans as well as to respond to investigations by U.S. state attorneys general, multistate attorneys general groups, the Federal Trade Commission, EU supervisory authorities and other international data protection regulatory authorities.

About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.