Senior executives must be ready to tackle the legal and business risks associated with cyberthreats — even before they happen.
This means companies must establish enterprise-wide tactics to identify risks, appraise response metrics and apply company-specific risk mitigation strategies, according to the “2017 Data Security Incident Response Report,” from BakerHostetler. The study analyzed more than 450 cyber incidents that the firm handled last year.
"It's no longer a question of which industries are most at risk. All industries are faced with the task of managing dynamic data security risks,” said Theodore Kobus, leader of the privacy and data protection team. “Even companies in the retail, restaurant and hospitality industries, while highly regulated, had the fourth-highest rate of data security incidents.”
Phishing/hacking/malware incidents accounted for the plurality of incidents for the second year in a row, at 43% — a 12 percentage point jump from a year earlier. The only category for which phishing/hacking/malware was not the most common incident cause was finance and insurance, where employee action/mistake was the top reason, the report said.
Ransomware attacks — where malware prevents or limits users from accessing their system until a ransom is paid — have increased by 500% from a year earlier.
"Having a regularly scheduled system backup and a bitcoin wallet to pay a ransom will help with operational resiliency,” said Kobus. “Ransomware is not likely to go away, and incidents will probably increase over the short term, so companies should be prepared.”
When it comes to minimizing risk against these attacks — as well as respond promptly and thoroughly should a cyber breach occur —the top strategy is to increase awareness of cybersecurity issues through training and education, according to the report.