“Attackers only need to be correct once”: tackling the new frontier of ransomware

Expert stays focused on this ever-evolving risk

“Attackers only need to be correct once”: tackling the new frontier of ransomware


By Chris Davies

Of the many ongoing effects of the pandemic, one that is keenly being felt – and, indeed, shows no sign of abating – is the increasing decentralization and digitization of organizations. This was a trend that was gathering pace pre-COVID – and has only been bolstered since in an enforced era of remote working.

But what challenges does this bring regarding increased risk of cyberattacks and ransomware?

“The pandemic forced a swift lockdown of many businesses in March of 2020, pushing many employers to mandate their workforce to function almost entirely remotely,” reflected Jason Glasgow, senior vice president and head of Allied World’s US cyber insurance group. “This definitely had an impact on cyber risks for companies. Resources that may have been put to use in cyber security were instead understandably re-allocated to business functionality, and network security suffered. Threat actors took advantage of this.

“Just as cyber insurance carriers were dealing with the rise in frequency and severity of ransomware claims in 2019 and 2020, along came a few events that reminded everyone of the acute potential for aggregation in this space, with events such as SolarWinds and the Microsoft Exchange exploit. This combination caused the cyber insurance industry to re-evaluate how it underwrites cyber. Subsequently, the Colonial Pipeline event perhaps signalled a slight shift toward threat actors going after critical infrastructure.”

These examples only highlight the dangers posed – but are there particularly significant and topical trends in cyberattacks or ransomware risks?

“Along with the rise of ransomware,” Glasgow said, “other types of cyber events are still occurring as well. Business Email Compromise (“BEC”) and non-ransomware data breaches are still happening. It’s just that ransomware has been so severe it’s dominated the cyber landscape.”

“Unfortunately, we will continue to see ransomware attacks. They are both inexpensive to execute and very effective in regard to a return-on-investment standpoint from the threat actor’s perspective. Where I hope we see change is at the regulatory and law enforcement levels. There needs to be more guidance given to businesses for standards to implement for cyber security. Furthermore, there should be more law enforcement pressure put on the threat actors and any nation-state that chooses to enable them.”

“I don’t think there is any difficulty convincing businesses of the dangers posed by cyberattacks, and attitudes have changed toward more awareness of cyber risks over the past several years, especially during the past 12 months, as ransomware has gotten national news attention. The difficulty comes in how those companies choose to allocate scarce resources in the area of network security.”

It can indeed seem like a daunting area for organizations to deal with – which is why, Glasgow explains, Allied World’s approach is so well-tailored.

“From a cyber security standpoint, the best organizations should constantly evaluate and evolve to protect their environment,” he said. “It’s just incredibly difficult to keep up, as the threat actors only need to be correct once to get in.”

“For more than five years, Allied World has offered its cyber insureds a risk management platform we call FrameWRX at no additional cost to their policy. Allied World reaches out to its policyholders to guide them through meaningful services they receive through expert vendors. Where most risk management services in the insurance industry are in the single digits from an engagement standpoint, Allied World sees nearly 30% engagement. These services enhance our insureds’ ability to cope with the dynamic cyber threat environment both now and moving forward.”

Related Stories

Keep up with the latest news and events

Join our mailing list, it’s free!