Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

BakerHostetler's Fifth Annual Data Security Incident Response Report Released

April 9, 2019

On April 4th, BakerHostetler announced the release of its fifth annual Data Security Incident Response Report providing insights from 750 data breaches and cyberattacks that the firm handled in 2018.

The 20-page DSIR report includes statistics from incidents impacting entities of all sizes and from many industries, including healthcare, finance, insurance, education, retail and hospitality, among others.

Among the trends highlighted in this year’s report are:

  • Phishing remains the leading cause of incidents tracked by the report, and roughly one-quarter of all incidents BakerHostetler responded to in the past year were caused by lost devices, inadvertent disclosures or system misconfigurations. Across the 750 incidents analyzed, 55% had employees involved as the responsible party, through a mix of simple mistakes, to falling for phishing or being socially engineered.
  • Forensic investigations on the rise. In 2018, forensic investigations were conducted in 65% of all incidents analyzed in the report. Across the 750 incidents analyzed, 55% had employees involved as the responsible party, through a mix of simple mistakes, to falling for phishing or being socially engineered.
  • Entities continue to improve their detection capabilities in-house. In 2018, 74% of incidents were detected internally, a marked rise from only 52% in 2015.
  • Increasing scrutiny from regulators. In 2018, 34% of the incidents that required consumer notification received inquiries by state attorneys general, compared to just 16% in 2015.
  • Companies make gains in some response metrics. A historical look at the response timeline for incidents shows that entities have made steady improvements in containment which has remained in the range of six to eight days over the past five years, but the length of forensic investigations has been significantly reduced, from 47 days in 2015 to 28 days in 2018.

Despite new regulations pushing entities to notify quickly, the report shows a 67% increase in the time from discovery to notification, averaging 40 days over the past few years to 56 days in 2018.

Nation-state attacks are drawing more attention. Nation-state cyber operations continue to support espionage, economic development (through IP and trade secret theft) or sabotage, and collateral damage to unintended victims has been significant. It has become increasingly difficult to differentiate between the tactics, techniques and procedures used by nation-state actors and criminal actors. Good data on how often these attacks occur is hard to find, partly because they go undetected or unreported.

Not precisely a cheery report, but it helps to know all of the above. Leverage the mistakes of others to elevate your own cybersecurity.

E-mail:    Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology
https://www.senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson