Ryan van de Coolwijk, iTOO Product Head: Cyber
Cybercrime has surged fourfold since the start of the government ordered lockdowns to curb Covid-19. From credential theft to phishing and ransomware, hackers of all skill levels have looked to cash in and have done very well for themselves. Companies of all sizes are exposed, cyber-crime is not purely a corporate problem, we have seen many small companies affected too.
Smaller companies face the challenge of limited budgets and hiring skilled personnel from a small generally expensive talent pool. As a result, many use outsourced providers, alas not all providers are created equal and sometimes you get what you pay for.
Ransomware grows up
Ransomware has surged in terms of frequency and sophistication over the past year. 2020 saw the rise of the industrialised ransomware teams with established organizational structures to ensure the efficiency not only of conducting their attacks but also client engagement teams to provide world class service for fast and efficient collection of funds. While law enforcement agencies globally work to bring down these ransomware organisations and are at times successful, as was the case with Netwalker who were regularly successful in 2020 in South Africa, new ransomware organisations often with members from old organisations are continually cropping up. The incentive schemes in these are such that key individuals can become multi-millionaires overnight from the comfort of their homes.
Double extortion ransomware has come to the fore, whereby attackers first steal data from their victims before encrypting their environment. This increases the attacker’s ransom payment leverage and significantly increases the impact to the victim who is now faced with paying not only to decrypt their data but also not to have sensitive data published or sold. This has seen a dramatic increase in ransom demands, regularly into the 10’s of millions.
The threat is real
Among this heightened cyber activity, we have seen 0-day vulnerabilities on widely used platforms being leveraged for large scale compromises at breakneck speed leaving security teams under pressure to apply critical patches as quickly as possible. Notably Google Chrome, Solarwinds, Fortinet VPN and more recently Microsoft Exchange on premise, all of which had to urge their clients to take quick action to patch vulnerabilities.
Industries in virtually all segments have become increasingly vulnerable as their perimeters extend to employees’ homes to support remote and distributed workforces. Patching across the environment along with training and awareness remains critical, perhaps now more than ever before.
The Covid-19 enforced work-from-home environment and social distancing has resulted in increased online spending, encouraging companies to explore online sales and customer engagement models. For many this is unchartered territory, resulting in companies opening and exposing their environments and services, generally on limited budgets and at breakneck speed (not always with much consideration to security) to reduce the lockdown financial impacts and beat competitors to market. This has the natural result of increasing risk exposures and eliciting the interest of hackers.
As lockdown measures and economic pressures continue globally, we are likely to see a continued upwards trajectory in cybercrime. For many looking to find a source of income or feeling disenfranchised cybercrime becomes an attractive and lucrative option.
This should be a stark warning to companies of all sizes to be vigilant in securing their networks from this evolving threat.
Managing the exposure
Companies are not alone in needing to adjust their thinking to deal with the changing risk landscape. Underwriters around the world have the challenge of ensuring the ongoing viability of their cyber insurance portfolio. These challenges call for increased collaboration between risk managers, underwriters, brokers, and clients, opening a platform for underwriters to better share risk and trend insights for clients to mitigate against and for underwriters to better understand the client environment and underwrite accordingly.
Industry expert underwriters is not new to the insurance industry and with the specialist nature of cyber security, it stands to reason that there is value in having cyber underwriters with a strong cyber security understanding. Cyber insurance needs to mature and evolve from being purely an insurance purchase to an integrated part of a cyber risk management strategy bringing together underwriters, security partners, risk managers, brokers, and clients. The days of simple tick box proposal forms are numbered and more automated solutions with greater insights and continuous monitoring should be sought out.
The digitisation of organisations and online client engagement is set to continue, opening more opportunities for hackers. The cyber risk landscape will continue to become treacherous necessitating a change in mindset and cooperation to battle against the evolving cyber risk landscape.