Earlier this year, the law firm BakerHostetler released its 2024 Data Security Incident Response Report, providing insights into more than 1,150 reported security incidents in 2023. The report findings show that despite many businesses implementing more and stronger cybersecurity safeguards, threat actors continue to adapt — finding new (or repurposing old) methods to bypass security controls and gain access to networks.
Here, we’ll highlight the report’s key findings and critical insights to help businesses develop and bolster their cybersecurity measures and incident response plans.
Network intrusions on the rise
According to the report, network intrusions continued to be the leading type of cyber incident (51%) in the past year, followed by business email compromise (26%) and inadvertent disclosure—the unintentional exposure of sensitive/confidential information by an individual (11%).
The root causes of network intrusions are 36% unknown, and 26% result from security flaws or weaknesses in software, hardware, or systems that have not been corrected through an update or patch. When a network intrusion does occur, 72% result in ransomware deployment, followed by data theft (57%), malware installation (46%), and email account access (2%). The result can be a ransomware attack that causes an operational disruption, a theft of sensitive data, or a fraudulent theft of funds.
Strengthening your cybersecurity tactics
“There is no ‘silver bullet’ for preventing network intrusions and attack vectors. Phishing, social engineering, and vulnerabilities in remote access tools such as virtual private networks and secure file transfer protocol systems continue to plague organizations.” — BakerHostetler 2024 Data Security Incident Response Report
While it is impossible to prevent every network intrusion 100% of the time, businesses are urged to implement and strengthen their cybersecurity efforts to prevent and mitigate risks.
Strategies for consideration include:
- Enabling Multifactor Authentication (MFA)
MFA is a security process that requires more than one authentication method from a set of credentials to verify a user’s identity for a login or other system transaction. By requiring multiple forms of verification, the process enhances the security of accounts and sensitive data, significantly reducing the chance of unauthorized access.
While a critically important cybersecurity measure, MFA is only partially effective in stopping network intrusions such as phishing or business email compromise, as hackers actively use a wide range of communication methods beyond email, such as phone calls, to breach email systems. MFA bombing, where, after obtaining an account’s username and password, the threat actor repeatedly sends authentication notices until the user finally approves the request, has become a highly prevalent tactic in allowing the threat actor access. - Airgapped Backup
An airgapped backup is a robust cybersecurity measure that involves creating backups of your data and software on systems that are entirely disconnected from your network and day-to-day operations. This physical separation ensures that your backup remains untouched and secure even if a ransomware attack compromises your primary systems.
By regularly performing full backups on airgapped systems, businesses can significantly enhance their ability to recover from aggressive cyber threats. This tactic helps restore critical data and minimizes downtime, ensuring your company can quickly return to normal operations. - Making Software Upgrades & Patching Automatic
Regular patching and upgrades of all systems are foundational to maintaining robust cybersecurity. Many cyberattacks exploit vulnerabilities in outdated software and systems that could have been prevented with timely updates. By consistently applying patches and performing system upgrades, businesses can close security gaps that hackers often target.
This proactive approach not only protects against known threats but also strengthens your network’s overall security posture, reducing the likelihood of successful cyber incursions. Ensuring that all software, from operating systems to third-party applications, is up-to-date is a critical step in mitigating risks and safeguarding your business. - Using Endpoint Detection and Response (EDR)
EDR is a critical component of cybersecurity strategies and a step up from traditional antivirus solutions. It continuously monitors endpoints to detect and respond to cyber threats such as ransomware and malware. To be effective, EDR must be configured appropriately (almost one-third of endpoint detection tools that include EDR are not) and deployed across all critical assets to avoid leaving systems vulnerable. Advanced measures provided by EDR include identifying an intrusion before encryption (in a ransomware attack), continuous monitoring, response actions, and investigation and remediation. - Isolating or Dividing Networks
Network segmentation is a tool that divides a company’s systems and data into smaller, isolated sections or subnetworks and aims to improve network security. Implementing these tools can significantly enhance a business’s ability to prevent, detect, and respond to cyber threats. - Ensuring Proper Data Management
Effective data management, such as reducing the amount of personally identifiable information (PII) and protected health information (PHI) collected and stored on a system, can help mitigate a breach’s impact while reducing the cost of cyber insurance. Examples of PII and PHI include customer names, Social Security numbers, addresses, emails, and phone numbers.
Implementing strong cybersecurity measures protects your business from cyber threats and can lead to significant savings on your cyber insurance premiums – as companies with robust security practices are often considered lower risk. This proactive approach can result in more favorable insurance terms, including lower premiums and broader coverage options, ultimately benefiting your bottom line while enhancing your security posture.
Businesses worldwide utilize the BakerHostetler report to help develop their cybersecurity measures, best practices, and incident response plans. For more information, you can view the full report on BakerHostetler’s website.
Looking for comprehensive insurance coverage and the best rates? eSpecialty knows how to present your business’s cybersecurity measures to underwriters effectively. Our access to top insurance providers, combined with our knowledge and expertise, can lead to more comprehensive coverage at lower rates.
About eSpecialty Insurance and Bob Sargent, Founder & CEO
eSpecialty Insurance was established to revolutionize the customer journey in specialty insurance. Bob is a founder and early-stage investor with decades of experience as an underwriter and broker addressing unusual, complex, and challenging exposures. He helps businesses to secure the most comprehensive insurance solutions at competitive rates.
Email [email protected] or call (435) 252-1077 to learn more.