Ransomware was used in 72% of network intrusions last year, says BakerHostetler
Photo: Mikhail Nilov/Pexels
In addition to analyzing client ransomware incidents and other cyberattacks, the privacy and data security specialists at BakerHostetler compared incident response statistics across industries and looked at data breach regulatory response and lawsuits.
Of all incidents Baker Hostetler analyzed, healthcare, biotech and pharma took the lion's share at 28%.
According to the firm's analysts, endpoint detection and response tool usage, patching, and resilient backup strategies helped prevent attacks, mitigate the impacts of successful network instructions and enable restoration without the need to pay for a decryptor.
WHY IT MATTERS
The 2024 Data Security Incident Response Report is based on insights the Ohio-based legal firm gained helping to manage 1,150 data security incidents in 2023.
The analysis found that 48% of all cybersecurity incidents in 2023 resulted in data exfiltration, while 31% saw ransomware deployed and 25% saw email accounts hacked.
Meanwhile, 27% of organizations that were hit with ransomware or that had data extorted last year paid a ransom. The primary reason was buying a decryptor – 41% of incidents – followed by preventing publication of the stolen data – 37%.
Of the sectors the firm serves, the fastest industry to rebound to cyber takedowns was finance and insurance, with a median of 10 days until acceptable restoration, according to the 10th annual cybersecurity response report.
The average cost for needed forensic investigations declined to $78,138 from $90,335 in 2022, the analysts said, due to preexisting EDR tool deployment, more security information and event-management utilization, and increased use of forensic triage packages.
"The tool a company is using is no longer the most important factor in selecting a forensic firm because most firms are now 'tool agnostic' – which was not the case several years ago," Ted Kobus, chair of the firm's digital-assets and data-management group, wrote in the report.
The data analysis also revealed that the average time to detection of a network intrusion incident in 2023 with an EDR tool deployed was 12 days compared with 19.7 days without an EDR tool.
The median time to complete a forensic investigation was 33 days for the companies involved in the incidents. Notifications took 60 median days, and 43% led to lawsuits.
However, reflecting on a decade of annual cyber incident and response analyses, the report indicated that the time from occurrence to detection dropped significantly. In the 2015 report, the average span was 134 days across all incidents, compared to 42 days in this year's report.
Third parties were often liable for the 2023 cybersecurity incidents examined.
While 23% of incidents were attributed to unpatched vulnerabilities and 20% to phishing, 22% had unknown root causes, and 25% involved a vendor.
"Notably, business associates were responsible for 60% of the 500+ breaches reported to the [the Office of Civil Rights] in 2023, compared to 35% in 2022," BakerHostetler analysts said.
Also, the number of individuals affected in large breaches reported to OCR increased by almost 200% between 2022 and 2023, from 56.9 million people to 144.5 million, respectively.
OCR's enforcement actions in 2023 marked a departure from the previous three years, with a notable drop in the number of enforcement actions. The shift "might indicate that the OCR is focusing on other enforcement issues, such as website technologies," the analysts said.
Regulatory actions taken to minimize the use of pixel-tracking tools on websites have driven many organizations to abandon them, they noted.
"Many of our clients have made the difficult decision to remove all third-party technologies from their webpages while they search for alternatives for keeping their websites functional and relevant without transmitting IP addresses to third parties."
THE LARGER TREND
The new report recommended widespread, actively monitored EDR tool deployment, combined with patching of commonly targeted devices, like VPNs, and a resilient backup strategy to help avoid attacks, mitigate impacts and eliminate the need to pay for decryptors.
To better manage patching, a strong vulnerability management program can help organizations deny threat actors the advantage, Tyler Reguly, senior manager of security research and development at Fortr, told Healthcare IT News earlier this month.
"If your security team doesn’t have the second Tuesday of the month blocked off to review the updates and prioritize them, that is a critical change to make," he advised.
ON THE RECORD
"The message is getting through – if you want to avoid (or quickly recover from) a ransomware attack, there is a prescription to follow," BakerHostetler data and security experts said in the report.
"More companies are taking their medicine. Companies that have survived an attack know they do not want to face a second one … Proof that the message is getting through shows up in the data."
Andrea Fox is senior editor of Healthcare IT News.
Email: afox@himss.org
Healthcare IT News is a HIMSS Media publication.