Connect with us

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website. .

Top Stories

Will your cyber insurance protect you during COVID-19
Will your cyber insurance protect you during COVID-19

Published : , on

By Jacqueline Jayne, Security Awareness Advocate, KnowBe4

Let’s talk for a moment about the exciting world of cyber insurance. Well, I suppose it’s not really that exciting until things go wrong. But that’s exactly what is happening all over the world with cyber criminals exploiting the situation with COVID-19 to ramp up their attacks. According to recent reports, coronavirus-related phishing attacks went up 667% in the month of March and every single country around the globe has now been hit with at least one phishing attack related to the pandemic.

With that in mind, cyber insurance has never been more important in an organisation’s survival strategy than it is now. But getting adequate cyber insurance in place has become harder in the last few months. Purchasing cyber insurance was finally becoming less difficult as precedents were set and costs were becoming more predictable with respect to ransomware and data disclosure cases. Due to this refinement, it has been far easier to figure out how much coverage was needed to recover from an event, whether it was ransomware or a data breach.

That has all changed with the new trend in ransomware infections – data exfiltration.

The New Ransomware Landscape

In the past, the ransomware would simply kick down the door and take data hostage, requiring a payment to gain access to it again. Initially this caught a lot of organisations off guard and the rewards for attackers were high. However, organisations quickly realised the importance of data backups and with the increased attention on the ability to restore data quickly and even to operate in absence of digital systems, the need to pay the attackers when ransomware did raise its ugly head dropped dramatically. This cut into the attackers’ wallets and they have decided to fight back.

Late 2019 saw the first real case of ransomware coupled with data exfiltration. The Maze ransomware strain released 2GB of data said to be exfiltrated during the ransomware attack earlier that month. No longer does the ability to restore data protect an organisation from these cybercriminals; now the risk includes unauthorised data disclosure. Thanks to COVID-19, the associated risk of data disclosure is suddenly even larger with the move to telehealth and online learning providing juicier targets for cyber criminals.

Impact on Cyber Insurance Planning

Under the old ransomware attack model, perhaps an organisation budgeted $1 million to cover recovery. This is often calculated on the costs associated with reimaging machines, digital forensics and monetary loss due to downtime while the environment has come to a screeching halt. Now, if in fact the attackers have exfiltrated data and exposed it publicly, organisations will have to deal with a different type of response.

If customer data is exposed, it may have to set up a call centre and response website, deal with legal issues and potential regulatory fines, hold press conferences and involve public relations firms as well. Now that $1 million policy isn’t going to go far. Some of the costs can be shared, however often even shared services such as digital forensics will have additional charges. Now for example, they not only have to look in to how the attackers got in (hint, it is usually a phishing email or remote access portal) and what malware or back doors they left behind, but now they also have to find out what data was exfiltrated and the extent of customer data impacted.

Other Impacts of the New Ransomware Threat

Previously, ransomware attacks would often go unreported. This makes sense because if no data left the organisation, the attack was limited to a few machines and operations were brought back online quickly, in most cases there would be no reason to report the event outside of the organisation. It had become just like any other annoying malware infection. Data exfiltration changes all of that. Now, if customer data is exfiltrated, especially if not encrypted on the disk, you have a totally different set of reporting and notification requirements.

Defending Against the Attacks

Focusing on data backup and restoration is no longer enough to dodge the impact of ransomware. In fact, it never was. A better approach has always been to stop it before the infection. While some believe the issue is too big to prevent, this is simply not true.

There is no security control in an organisation that is 100% effective all the time. That “silver bullet” just does not exist, yet it is often an excuse to focus on recovery rather than prevention. That is a huge mistake and one that, now that data is being exfiltrated and exposed, is even more costly.

When it comes to defence, you do need to have good backups, however addressing the root cause is always required. With ransomware, the attacks almost always occur through a phishing email or through a remote access portal (such as Windows Remote Desktop Protocol or RDP) being insecurely exposed to the internet.

The most effective way to deal with phishing is through user awareness training, and technical people are often not the best trainers for non-technical employees. Not many people like to put together and deliver end-user training, but it is far too important to ignore.

With respect to the remote access issue, wherever possible, enable Multi-Factor Authentication (MFA), make sure to log all authentication attempts, lock accounts after multiple attempts and quickly report failures. This will help security professionals spot brute force attacks and reduce the chance that the attackers will be able to log in using credential stuffing techniques or common passwords (ironically two behaviours that should be addressed in training as well).

Ransomware is not going away any time soon and COVID-19 is making things worse than ever. Organisations would be wise to review current cyber insurance coverage to ensure that it meets the new threats of ransomware attacks. In addition, it makes more sense than ever to tackle preventative measures such as new-school security awareness training and reviewing the configuration and controls around remote access portals to avoid these types of issues in the first place.

Uma Rajagopal has been managing the posting of content for multiple platforms since 2021, including Global Banking & Finance Review, Asset Digest, Biz Dispatch, Blockchain Tribune, Business Express, Brands Journal, Companies Digest, Economy Standard, Entrepreneur Tribune, Finance Digest, Fintech Herald, Global Islamic Finance Magazine, International Releases, Online World News, Luxury Adviser, Palmbay Herald, Startup Observer, Technology Dispatch, Trading Herald, and Wealth Tribune. Her role ensures that content is published accurately and efficiently across these diverse publications.

Global Banking & Finance Review

 

Why waste money on news and opinions when you can access them for free?

Take advantage of our newsletter subscription and stay informed on the go!


By submitting this form, you are consenting to receive marketing emails from: . You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Post