The cyber risk landscape is constantly in flux, as evidenced by a recent report from Chubb about emerging trends in the field, including an increase in Biometrics Information Privacy Act (BIPA) lawsuits, the targeting of financial institutions by cyber criminals, and a newly-detected ransomware called iEncrypt.
In fact, ransomware continues to infiltrate companies’ networks, and has evolved significantly since these types of programs made a name for themselves in the early days of the internet.
“Ransomware has really evolved from the old school days of, you click a link and it encrypts your local machine, to ransomware that is built with vulnerabilities in the ransomware, which allow it to spread throughout an entire network,” said Brad Fuller (pictured), director of operations at HORNE Cyber. “One of the first big ones in that space was WannaCry, which uses the EternalBlue exploit, and we still see that today on a large scale. It really speaks to the lack of understanding of what people have on their network, and the bad practices of not updating everything.”
This vulnerability has been out for two years now, added Fuller, so you would assume companies would be patched for it by now, but the HORNE team still sees it every day in their incident response – this vulnerability is being exploited by WannaCry, as well as scores of other ransomware programs.
The degree of damage that can be inflicted on a business if it’s impacted by ransomware can be significant. While ransom demands are climbing, and often make headlines for their growing figures, these can actually be the smallest part of the final cyberattack-related bill.
“Ransomware in general is a spray-and-pray approach – it’s a volume approach – so they don’t know who they have, and the reason that they get you to send them usually three files is that they want to prove that they can decrypt them for you, but also, what they’re trying to do in those files is figure out who you are,” explained Fuller. “That will generally determine the ransom that they’re asking for. A lot of times, we’re seeing that maybe one of our clients that is potentially a multibillion-dollar public company is hit, but the ransomware authors have no idea who they’ve got, so the ransom they’re asking for is actually fairly small.”
As a result, it’s the backend of a cyberattack where the costs really add up. Once a business is hit with this infection, all the components of incident response quickly need to follow, such as cleaning systems of the infection, sending out consumer notifications, and implementing credit monitoring. Fuller pointed to a recent ransom demand made to the city of Baltimore.
“It was miniscule compared to the projected $18 million that it’s going to take them to recover from the attack,” he said. “We’ll see that a lot, where it may be $10,000 that was asked for in a ransom, usually in Bitcoin, but the costs associated with coming back from that are usually going to be five to 10 times (at least) of what the ransom was, and, in some cases, it’s much higher than that. So, it’s not just the ransom that you have to think about in coming back from that.”
In light of the intensification of cyber risks, it’s no surprise that the Girl Scouts of America have come out with nine new badges focused on cybersecurity. One expert, who was a Girl Scout for 12 years, told Insurance Business why this was an important move for the organization.
“It’s a huge step because the Girl Scouts have always tried to stay on top of teaching girls what they need to know in today’s world. I remember working on the computer science badge and earning that, and that was more about typing, using Word, and getting generally used to using a computer,” said Linda Hamilton, client operations manager and OFAC compliance officer at global data recovery firm Proven Data. “Now we’re seeing them go even more in-depth and say, ‘Well, we’ve seen computers for a while, we understand that, what’s the next step?’ And that next step is more cybersecurity awareness.”
Being ‘cyber-aware’ can make today’s youth great employees in the future, who already know not to click on suspicious links in emails, as well as lead to interesting careers in this growing field. Not only do most insurers have a cyber division today, but the number of companies providing incident response services is also growing. Moreover, if any Girl Scouts want to, down the road, own a business, they need to be tech-savvy enough to know whether their IP provider is following proper protocol, and what their business’s cybersecurity approach looks like.
“It’s a crucial part of this world because the minute we’re connected to the internet, we need to protect ourselves from the internet,” said Hamilton. “For them to stay on top of what’s going on is really important. They’re seeing that there are changes in what everyone does day-to-day, [and they’re saying], we’re going to adapt with that and try to stay on top of it.”