|
How bad has the cybersecurity issue become? Well, The Economist, not known for hysteria, published a story in late December with the headline, "How ransomware could cripple countries, not just companies."
The magazine noted that the British Library, one of the most important in the world, had been hacked in October. The data for its catalog of 14 million books, used by researchers around the globe, was encrypted, and the hackers demanded a ransom. The library declined to pay and has only gradually been able to restore its services.
The Economist article said that, while ransomware has largely been a Western problem, "it is spreading globally. America, Australia, Britain, Canada and Germany are the most affected countries, but Brazil and India are not far behind them. Victims span the public and private sectors—in recent weeks attacks have hit an Italian cloud-service provider that hosts government data, Germany’s energy agency and a Chinese bank in New York, among others. An attack on Christmas Eve disrupted emergency care at a German hospital network, and attacks on the education sector are rising. This adds up to a slow-burning but serious national-security crisis.
"'It is the one serious organised crime that could bring the country to a standstill,' warned Graeme Biggar, the director of Britain’s National Crime Agency, recently....
"After a lull in 2022, caused in part by a split between Russian and Ukrainian hackers, ransomware attacks are back at their peak."
Some of the statistics and observations in the article are startling:
--The average ransom payment jumped from $800,000 in 2022 to more than $1.5 million in the first quarter of 2023.
--Ransom payments in the first half of 2023 totaled $449 million, 80% of the total for all of 2022 – and the article says the numbers "might reflect just the top of the problem."
--"The cost of buying a credential, such as an employee’s log-in details for a company network, was typically less than $100, with some going for as little as a dollar," the article says.
--"The median 'dwell time'—the time between an attacker getting access to a network and executing their ransomware—has fallen from 5.5 days in 2021, to 4.5 days in 2022 and to just under 24 hours in 2023, according to Secureworks. In a tenth of cases, ransomware was deployed within five hours of the initial intrusion," according to The Economist/
--"Some research shows that 80% of organisations that pay up get hit again and that 29% of victims of data extortion end up with data leaked anyway," the article says.
--"Technology is giving a fresh boost to attackers. Generative artificial-intelligence
tools like ChatGPT are helping improve everything from the quality of English in phishing emails to the potency of malware.... The online forums used by cyber-criminals already have dedicated AI sections," The Economist writes.
--Hackers are increasingly "exfiltrating" data. Rather than encrypt a target's data – whch can be difficult – they transfer the data into their systems. They threaten to publish it or use it in some harmful way if ransom isn't paid. They create pressure not just on the target but on any customer, supplier or partner whose data they now possess. Hackers can even now target senior executives, such as the CEO, if they've scooped up any embarrassing internal documents.
Tackling the cybersecurity problem has proved difficult, to say the least. It's not just that hackers have become very sophisticated and that the costs of mounting attacks have come way down, letting criminals take a shotgun approach as they look for victims. It's also that hackers tend to work from rogue nations such as Russia and North Korea, where they are beyond the reach of traditional law enforcement. The U.S. government has registered some successes using counterespionage tactics to take down hackers' networks and enjoy an odd advantage that they don't have against many criminal groups: Hackers need to have some sort of public presence in the form of a brand so victims who pay ransoms will believe that the hackers will do as they promise after being paid, and authorities can attack that online presence. Still, the problem is growing faster than authorities can contain it.
That's where insurers come in. Customers, too.
Everyone agrees that the best way to prevent cyber attacks is to harden the targets. Insurers, as they've learned to quantify and price risks, have developed considerable expertise on where the vulnerabilities are, and thus how to reduce them. Customers have great incentive to listen.
To learn more about what insurers can do, I spoke for this month's ITL Focus with Scott Sayce, global head of cyber at Allianz Global Corporate & Specialty and group head of the Cyber Centre of Competence.
He says the key is to never believe that something is set and done. "Once we feel we have solutions, there's always a new way for hackers," he says. "I've been involved with cyber insurance for almost 25 years, and I don't think I've ever used the phrase, 'We've got it nailed.'"
He adds that he thinks cyber insurance has made enormous strides, going from what some considered "a bit of a fad many years ago" to a line that "will be larger than some of the traditional lines over the next 10 to 15 years." Sayce says cyber insurers have been building networks of services that have greatly helped customers understand and reduce their risks. He adds with pride, "Over the last four or five years, ferocious ransomware has hit so many organizations, and cyber insurance proved its worth with the volumes of claims that were paid."
I think you'll find the interview interesting. I also commend to your attention the six articles I've selected for this month's Focus and encourage you to look through the whole library of articles in the cyber section at ITL. It's a very robust collection. I had an awfully hard time picking just six for the Focus email.
Cheers,
Paul
|
