Tag Archives: 2017 Data Security Incident Response Report

Ways to Prevent & Prepare for Ransomware Attacks

Photo of BakerHostetlerBy BakerHostetler on Posted in Ransomware
Ransomware was involved in 10 percent of the 450 breaches handled by our Privacy and Data Protection team in 2016. This week’s news about a global ransomware attack is another example that this trend is on the rise. Companies, governments and organizations around the world are grappling with what steps they should take to minimize … Continue Reading

Deeper Dive: Clapper Divide Expands In Data Breach Cases

Photo of Sean McIntyreBy Sean McIntyre on Posted in Privacy Class Actions, Privacy Litigation
As reported in our 2017 Data Security Incident Response Report, plaintiffs allege potential future harm as a basis for injury in 80 percent of data breach lawsuits. But are allegations of future harm sufficient to meet Article III’s cases-and-controversies requirement, specifically with regard to the injury-in-fact element of standing? Despite the prevalence of these allegations, … Continue Reading

Deeper Dive: Vendor Management Crucial for Data Protection

By Alan L. Friel on Posted in Cybersecurity
In our 2017 Data Security Incident Response Report, we found that of the 450+ incidents we worked on last year, network attacks that succeeded due to vendor wrongdoing were significantly more common (15 percent) than those due to employee wrongdoing (9 percent). Vendors were also found to be the cause of technical and security failures and … Continue Reading

Deeper Dive: Security Is a Big Deal for Big Data

By Lavonne Hopkins on Posted in Big Data
In the rapidly expanding landscape of Internet-based data analytic services, companies across all industries with a significant online presence have faced or will face a data breach resulting from their collection and use of Big Data. As more consumer information is digitized and collected by companies for data analytics, the potential for cyberattacks also increases. … Continue Reading

Deeper Dive: Ransomware – WannaCry and the Future of Ransomware-as-a-Service

Photo of Melinda L. McLellanPhoto of James A. ShererBy Melinda L. McLellan and James A. Sherer on Posted in Cybersecurity, Data Breaches, Incident Response, Ransomware
In our 2017 BakerHostetler Data Security Incident Response Report, we addressed the increasingly ubiquitous scourge of ransomware, one of the fastest-growing types of malware causing data security incidents. We noted that ransomware attacks have been steadily expanding in both frequency and severity, and that those trends seemed set to continue for the foreseeable future. Less than a … Continue Reading

Deeper Dive: Forensics

Photo of Patrick H. HaggertyBy Patrick H. Haggerty on Posted in Cybersecurity
A company’s ability to quickly and efficiently conduct a forensic investigation is critical to limiting the impacts of a data security incident and determining the scope of the incident. In BakerHostetler’s 2017 Data Security Incident Response Report, we analyzed data from the more than 450 incidents we worked on in 2016. A forensic investigation occurred … Continue Reading

Deeper Dive: Implementing Basic Security Measures Can Stop Some Network Intrusions and Reduce the Damage From Others

By Randal L. Gainer on Posted in Cybersecurity, Incident Response
In BakerHostetler’s 2017 Data Security Incident Response Report, we analyzed 104 network intrusion attacks that we helped our clients respond to last year. Such incidents typically occur when criminals find a weakness in a company’s internet-facing network, penetrate the network, conduct reconnaissance to find valuable data and export the data before they can be detected … Continue Reading

Deeper Dive: Incorporating Incident Response Into Disaster Recovery Plans

Photo of M. Scott KollerBy M. Scott Koller on Posted in Cybersecurity, Ransomware
Incident response and disaster recovery are both essential components of a comprehensive written information security program. However, too often these plans are implemented in a vacuum, without considering the potential synergies and improvements that can be gained when such plans are developed, deployed and tested together. Incident response and disaster recovery tend to have the … Continue Reading

Deeper Dive: Security Incident Notification Under the New EU General Data Protection Regulation (GDPR)

Photo of Melinda L. McLellanPhoto of James A. ShererBy Melinda L. McLellan, James A. Sherer and Emily R. Fedeles on Posted in Cybersecurity, Data Breaches, Enforcement, International Privacy Law
As noted in the 2017 BakerHostetler Data Security Incident Response Report, the enactment of the EU General Data Protection Regulation (GDPR) represents the most significant change in European data protection law in more than 20 years. Coming into effect on May 25, 2018, the GDPR focuses on a number of core data protection principles and … Continue Reading

Deeper Dive: Be Prepared for Regulatory Investigations in the Wake of a Security Incident

Photo of Eric A. PackelBy Eric A. Packel on Posted in Cybersecurity, Enforcement
Your company had a data security event. After an investigation, it was determined that notifications were required, and the incident was made public as a result. Notification letters were mailed and regulators were notified, all in accordance with the law. Your company also enhanced security measures and took other remedial action, so there is nothing … Continue Reading

Deeper Dive: Phishing/Hacking/Malware Attacks Remain Leading Cause of Security Incidents

By Lavonne Hopkins on Posted in Cybersecurity
During 2016, our BakerHostetler privacy and data protection team worked on data security incidents across virtually all industries. For the second year in a row, phishing/hacking/malware attacks have accounted for the largest percentage of incidents handled by our team. Specifically, security incidents arising from phishing/hacking/malware made up 43 percent of all security incidents we handled … Continue Reading

Deeper Dive: Protecting Paper Records

By Will R. Daugherty on Posted in Cybersecurity, Data Breaches
Our third annual BakerHostetler Data Security Incident Response Report analyzes the more than 450 data security incidents we led clients through in 2016, and includes a number of interesting trends relating to the causes of incidents, how companies are identifying and responding to incidents, and the regulatory and litigation trends after an incident is disclosed. … Continue Reading

Deeper Dive: Frequency and Severity

By Erich Falke on Posted in Cybersecurity, Data Breaches
All industries are affected by cyberattacks, but how often and to what extent they occur vary greatly by industry type. Industry Type As for frequency, the healthcare industry in 2016, for the third year in a row, saw the greatest number of incidents and by a wide margin. Specifically, about 35 percent of the incidents … Continue Reading

Be Compromise Ready: Go Back to the Basics

Photo of Theodore J. Kobus IIIPhoto of Craig A. HoffmanBy Theodore J. Kobus III and Craig A. Hoffman on Posted in Cybersecurity, Mobile Privacy, Online Privacy, Ransomware
We are excited to release our third annual BakerHostetler Data Security Incident Response Report. This report analyzes the more than 450 data security incidents we led clients through in 2016. Companies continued to experience incidents at a record pace, and we expect this will continue through 2017. We have received more calls to our breach … Continue Reading

Crowdsourcing Cybersecurity in 2017

Photo of Craig A. HoffmanBy Craig A. Hoffman and Erich Falke on Posted in Cybersecurity, Ransomware
BakerHostetler began publishing its Data Security Incident Response Report in 2015. Although we were the first law firm to do so, inspiration for the report came from similar reports that cybersecurity firms issue. We will be publishing our 2017 Report on April 13, 2017, containing statistics and insights from the 450+ incidents we led clients … Continue Reading
LexBlog