2016 Data Breach Guide – Significant Increase in Ransomware Extorting Businesses

The Online Trust Alliance (OTA), today released its Data Protection and Breach Readiness Guide. The guide, which is being released in recognition of Data Privacy & Protection Day, provides prescriptive advice to help businesses optimize online privacy and security practices, and detect, contain and remediate the risk and impact of data loss incidents. 

As part of the report, OTA analyzed key cybersecurity and online privacy trends. OTA found that cybercriminals are increasingly targeting businesses with ransomware – malicious software that prevents or limits users from accessing their computer systems and then forces its victims to pay a ransom in order to get back access. OTA also concluded that recent ransom demands have shifted from opportunistic extortion to being market-based – meaning cybercriminals are targeting businesses with more valuable data and varying how much they are trying to extort from those companies based on a variety of factors.

“Much like surge pricing for taxis, cybercriminals now target and calculate their ransomware pricing based on company size, market value and much more,” said Craig Spiezle, Executive Director and President of OTA. “Cyber-surge pricing of corporate data is becoming widespread, increasing the impact and costs for businesses and their employees worldwide.” 

91 Percent of Data Breaches Easily Avoidable, Beyond Consumer Data
In addition, OTA found 91 percent of data breaches that occurred from January to August of 2015 could have easily been prevented by, for example, patching a server, encrypting data or ensuring employees do not lose their laptops. OTA also announced that when analyzing over a thousand breaches involving the loss of personally identifiable information (PII) in 2015, it found actual hacks accounted for 34 percent of all incidents, while 30 percent were caused by employees – accidentally or maliciously – due to a lack of internal controls. The balance of incidents can be primarily attributed to lost or stolen devices (7 percent) and social engineering/fraud (8 percent). Lost, stolen or misplaced documents accounted for 9 percent of all incidents.

“As companies amass larger quantities of diversified data and increase their reliance on third party service providers, every business must have safeguards in place and be prepared to react strategically in the event of a breach,” said Neil Daswani, Chief Information Security Officer, LifeLock. “Cybercriminals aren’t just targeting companies that collect consumer data, they are going after confidential high-value data from legal, accounting, architecture and engineering firms.”

Series of New Checklists & Tools
New this year to the OTA Data Protection and Breach Readiness Guide are a series of checklists to help organizations prevent, detect, remediate and respond to data loss incidents.

• Operational and Vendor Risk Assessments – Provides organizations, their boards and investors a framework to help assess risk factors of their infrastructure and privacy practices. Assessments need to be conducted regularly to aid in the identification of potential vulnerabilities internally and of cloud providers that organizations are increasingly relying on. 
• Security Best Practices – This list contains OTA’s key steps that every company should take to help secure their business and their data. These controls are a recommended set of actions to help prevent, detect and contain today’s most pervasive threats.
• Forensics Do’s and Don’ts – Immediately after a company has been breached, it is essential to conduct a forensic examination to determine the source and magnitude of a breach. This checklist contains information on what organizations should and should not do during a forensic examination. 
• Law Enforcement Incident Reporting Template – Developed by OTA with input from law enforcement, this tool outlines key questions that will be need to be answered in a breach investigation. By planning in advance, companies can effectively and quickly get law enforcement to help them investigate who is behind a breach.  
• ID Theft Remediation Service Considerations – This checklist evaluates what companies should offer affected individuals or businesses after a breach. Potential remedies include credit report monitoring and identity theft protection.
• Cyber Insurance Checklist – Criteria to consider when reviewing cyber insurance policies. As part of the underwriting process, carriers are increasingly demanding qualitative assessments of their policyholders’ cybersecurity defenses. 

“Annual cyber insurance premiums are projected to grow tenfold from $2 billion today to $20 billion by 2025,” said Pascal Millaire, Vice President of Cyber Insurance at Symantec. “Companies need to heed the advice as outlined in OTA’s guide, including closely examining insurance coverage and any exclusions for failing to adhere to security best practices, procedures and risk controls.”

“Improving data security is imperative for businesses as data breaches continue to expose sensitive data, or compromise an organization’s back-end systems or online presence,” said Danny McPherson, Senior Vice President and Chief Security Officer at Verisign. “As the online threat landscape evolves, businesses of all sizes must continue to enhance their data security practices in order to protect themselves and their customers from falling victim to cyberattacks and ensure they respond appropriately if and when they do.”

The Online Trust Alliance will present its findings during a series of events and webinars in the next month. This includes the Data Privacy & Protection Day event on January 28, in collaboration with the FBI and leading breach response experts, and webinar briefings on January 28 and Feb. 3. 

The 2016 Data Protection & Breach Readiness Guide was made possible by funding from Intersections / Identity Guard, LifeLock, Symantec &Verisign