Skip to content

Licensing

2021 Cybersecurity Risks & Trends for the ARM Industry

The ARM industry runs on data and information management. Debt collection and debt buying firms, collection law firms, and repossession partners all control or process large volumes of sensitive personal information. The industry is ready to use the benefits of digital innovation, but ransomware, hybrid work, and an evolving risk landscape make attention and planning worthwhile now.

← All articles
Filed under Licensing

The ARM industry runs on data and information management. That is true at both the macro and micro level. Debt collection and debt buying firms, collection law firms, and repossession partners all control or process large volumes of sensitive personal information.

Within regulatory bounds, the industry is ready to use the benefits of digital innovation. But real threats make planning worthwhile now: ransomware, the challenge of a work-from-home or hybrid setup, and an always-evolving cybersecurity risk landscape.

To that end, consider the following risks and trends. We observed them across 1,250+ incidents handled in 2020. They are covered more fully in BakerHostetler's 2021 Data Security Incident Report (DSIR), with a link at the bottom of this article.

The Scourge of Ransomware

Ransomware surged in 2019. The main tactic was to encrypt as many devices as possible within a network at once. Then the Maze group changed the approach. It started to steal data before encrypting files. That gave the threat actor two pressure points: data encryption and the threat of publishing stolen data.

This let them push for a ransom even when the organization restored its systems from backups. The tactic paid off, and other groups quickly copied it in 2020. Ransom demands rose sharply. See Figure 1 below.

a white background with numbers and text

Across hundreds of ransomware engagements last year, we saw more threat actor groups than ever before. Many splintered from other groups. As a result, extortion tactics spread and demands climbed, sometimes into the eight-figure range.

Threat actors are also getting better at finding and encrypting backups. All of these factors drive up ransom demands and lengthen an organization's recovery timeline.

Most organizations know the risk of ransomware and the need to prepare. But those that have not lived through an event are unsure what actually happens, which makes preparation harder. Two good measures go beyond basic security recommendations: build a ransomware playbook, and run a tabletop exercise led by someone experienced in responding to these events. The DSIR covers both in more detail.

To help, you can use the ransomware matter data from the DSIR. It lists the many considerations an organization may have to address all at once on the first day of a ransomware matter. Your playbook, which you should test in a tabletop, should include strategies to assess and respond to business continuity impact.

It should also cover potential data theft with a threat to release the data publicly if the ransom is not paid. From there, identify the key response actions, the internal team responsible for managing the response, and the third parties you would bring in to help.

Some actions you can take ahead of time, such as deciding how you would assess revenue impact.

Cybersecurity Challenges of a Work from Home/Hybrid Environment

In the Spring of 2020, IT teams across the country scrambled to enable remote work under hard conditions. In that rushed move, shortcuts were taken and problems followed. IT teams plugged in unpatched appliances. Resources were pulled away from threat monitoring.

Organizations found unexpected security gaps. The pandemic's effect on finances, personnel, and shifting priorities pulled attention further from the security roadmap. As a result, new vulnerabilities appeared, and security events were not caught as quickly.

When an event was found, some of the hardest problems for our clients were core parts of any incident response: proper communication with employees and stakeholders, administrative and electronic containment, and deploying the right resources to investigate the scope of unauthorized activity.

Incident response is hard to manage even in the best conditions. A remote or hybrid environment makes the logistics harder still. To respond efficiently, an organization should develop an incident response plan (IRP). The IRP should identify your legal counsel, insurance, forensics, and IT support partners.

Keep one copy on your network and another off network, so it is always accessible. Maintain a communications strategy that lets you reach employees off of corporate email, so they stay informed and can assist with the investigation as needed.

Also weigh the merits of remote management tools and EDR solutions. They help with visibility, with identifying and terminating unauthorized activity, and with collecting forensic evidence for investigation.

No Easy Answers

Addressing cybersecurity risk is an ongoing effort. Staying one step ahead of sophisticated threat actors is nearly impossible. Still, an organization that invests time and resources to build plans and act on them will be ahead of the curve and ready for an efficient incident response.

The process starts with an effective risk assessment. Understand who is likely to target the organization. Identify the gaps in controls that could detect, prevent, or limit an attack. Then determine which threat and gap combinations are most likely to lead to a significant incident if left unaddressed.

From that baseline, assess and test your incident response plans. Take an honest look at your cybersecurity roadmap, and put the right measures and controls in place to reduce your top risks.

Every year, the BakerHostetler Digital Assets & Data Management Practice publishes a Data Security Incident Response Report (DSIR). It compiles statistics from the cybersecurity incidents we handled the prior year. The goal is to draw meaningful conclusions and insights about security incidents, regulatory enforcement actions, litigation, transactions, digital innovation, compliance projects, data governance, and advisory matters, and to help organizations address the issues that data and technology create.

Link to the 2021 BakerHostetler Data Security Incident Response Report

Found This Useful? Let's Get You Set Up.

Start an application and an expert will tailor the next steps to your situation.

Related reading

Maryland Rent Collection in 2026: 7 Licensing Risks Property Managers Must Avoid

Licensing

Maryland Rent Collection in 2026: 7 Licensing Risks Property Managers Must Avoid

Property managers in Maryland are running into a question that is getting more attention and creating real operational risk. Does collecting rent, especially when a tenant is past due, trigger Maryland's collection agency licensing requirements?

Licensing Challenges for Mortgage Servicers

Licensing

Licensing Challenges for Mortgage Servicers

Mortgage servicers play a central role in the housing finance system. They collect borrower payments, manage escrow accounts, respond to customer inquiries, and step in with loss mitigation or foreclosure processes when borrowers fall behind. Servicers act as the day-to-day managers of loans after origination, ensuring that cash flows properly between borrowers and investors. Since [...]

The Pros and Cons of Outsourcing Debt Collection for Startups and Small Businesses

Licensing

The Pros and Cons of Outsourcing Debt Collection for Startups and Small Businesses

Cash flow is the lifeblood of every startup. When customers delay or default on payments, even the most innovative ideas can stall. Founders often face a critical challenge: Should we collect overdue invoices ourselves, or hand them off to a third-party debt collection agency? Outsourcing debt collection - sometimes called debt recovery outsourcing - has become increasingly common for [...]

3 Factors to Consider When it Comes to CFPB Compliance

Licensing

3 Factors to Consider When it Comes to CFPB Compliance

The Consumer Financial Protection Bureau, or CFPB, was launched with a goal of protecting consumers in financial transactions with banks and lending institutions. However, its reach has extended much further. Not all businesses are aware of the necessary requirements in order to comply with CFPB regulations now. And non-compliance can cost businesses enormous penalties, fees, [...]

3 Reasons You Need E&O Insurance

Licensing

3 Reasons You Need E&O Insurance

Errors & omissions (E&O) insurance is designed to protect a company in the event of a lawsuit stemming from their normal business activities. Also known as professional liability insurance, E&O coverage is especially important in the highly litigious collections industry. Many debtors file lawsuits against collection agencies under the federal Fair Debt Collection Practices Act [...]

4 Reasons Collections Agencies Shouldn't Handle Their Own Licensing

Licensing

4 Reasons Collections Agencies Shouldn't Handle Their Own Licensing

Maintaining your state licenses can be a complicated and time-consuming process. States are continually changing statutory regulations and application requirements making it difficult to stay informed. On top of that, penalties can be serious. However, many collections agencies still choose to handle their own licensing paperwork. This can be a huge risk and cause more [...]

Browse the full insights library, meet our editorial team, or download our whitepapers.

Insights

Found This Useful? Let's Get You Set Up.

An expert will respond within one business day.