“In two or three years time, we will not see traditional crime policies, we will see cyber policies.”
That is the opinion of Graeme Newman, chief innovation officer at CFC Underwriting.
In a rapidly evolving market, cyber insurance has found itself to be more in demand than ever. In an October study by Hiscox, UK SMEs had been the target of 65,000 attempted cyber attacks every day on average.
In another study, this time by the World Economic Forum, the threat of a cyber attack was indentified as the most dangerous risk in 2018 by UK business leaders, jumping up two places from third the year before.
Top risks 2018 | Top risks 2017 | |
---|---|---|
1. |
Cyber attacks |
Fiscal crisis |
2. |
Failure of national governance |
Asset bubble |
3. |
Asset bubble |
Cyber attacks |
4. |
Fiscal crisis |
Failure of financial mechanisms or institution |
Joint 5. |
Failure of mechanical mechanisms or institution Terrorist attacks Failure of urban planning |
Terrorist attack |
And with high-profile attacks such as WannaCry, Uber and most recently, Dell computers, ransomware is the most frightening in a vast myriad of threats to company data.
While CFC has offered cyber insurance for around 20 years, other companies have started to notice the increased demand. Firms such as QBE, Hiscox and Barbican have all ramped up their cyber offering recently.
But while hackers would previously use mass-mailing ransomware, where they would scan the whole web looking for metaphorical ‘open-doors’ to company networks, attacks have become a lot more targeted.
Newman continued: ”Mass-mailing ransomware was our biggest source of claims last year, undoubtedly. But that is changing, now it is targeted ransomware.
”People are researching their victims, assessing their vulnerabilities under the network and dropping in ransomware with stronger encryption which is far harder to crack and therefore demanding far larger ransoms.”
Matt Cain, product leader for cyber at HSB Engineering Insurance described how it had seen more malicious attacks, where hackers make it more difficult to recover.
He said: ”We have seen targeted attacks where the network is breached and ransomware is manually injected. The attackers would delete backups, remove the ability to recover virtual machines and delete shadow copies; making data recovery more difficult.”
Who are hackers targeting?
When making an attack, hackers would now target specific types of companies who would be commonplace for particular vulnerabilities which would make it easier for them to gain access to its network.
”Anyone that thinks they aren’t at risk is a potential victim,” Cain said. “As they are less likely to put the appropriate levels of protection in place.
“For cyber criminals this makes them “low hanging fruit” and a source of prospective revenue. SMEs are one of the largest groups in danger of falling into this category.”
Newman agrees: ”A smaller company might not have an IT support specialist working in-house, so they have to outsource it.
“How does that specialist get access? By remote access. That access might be able to be easily exploited by a hacker.”
Newman said CFC has been working on one case where a hacker was demanding £1m in ransom after gaining access to the whole company network and email archive. And a ransom that size can prove difficult to acquire.
He said: ”It is getting access to that money that is proving to be difficult. There are regulatory issues; we cannot be giving money to unknown entities or terrorists, but we have companies who need help.
”So there is a whole myriad of obstacles and problems you face when dealing with this type of claim, and the damage is just going to get worse.”
But every day, a popular technique is targeting email inboxes, known as mailbox scams.
Newman continued: “These types of scams are just an evolution of those Nigerian Prince scams you used to get, but these are far more sophisticated.
“If a hacker can get into your account and see what kind of activity you are doing, looking to buy a house, for example, that is golden for them. They can use whatever information they gather about you against you.”
Targeting information to sell
Nic Hartley, head of business improvement and innovation at Ecclesiatical said he had seen a particular focus on the education sector through research.
“We have seen a lot of headteachers and school staff being targeted because of the amount of information they can receive.
“They would try to get the structure of the headteacher’s email address, then send them a fake email from a company that would entice them to open it. Once they do that, they have the access they need.”
He then described how they would obtain sensitive information, such as passport details, and sell it on the dark web to identity thieves who specialise in that practice, or would contact the school and demand a ransom to not sell it on.
And according to Newman, one school in Australia had been a particularly vulnerable victim of this type of attack.
He said: ”A school in Australia had an open port with a default username and password. Very easy for a hacker to gain access.
“When we were notified, the system had been exploited by 25 different people. This is because the username and password had been posted on the dark web and was up for sale.”
What should companies do?
As well as the typical, almost elementary advice of keeping passwords different and secret, and to never give information such as bank details out over email, what can companies do to help safeguard them from these malicious attacks?
Can said: ”Backup your systems regularly and train staff on what to look out for and what to do if they suspect anything out of the norm.
“Employees are generally the company’s biggest vulnerability and the value of educating them on cyber security should not be underestimated.”
And Hartley said: ”The WannaCry attack happened because a lot of people did not install the update in Microsoft that would have patched up that vulnerability. The update came out in March (2017) and the attack happened two months later.
”If those people had installed that update, they wouldn’t have been infected. So companies need to ensure their software is fully up-to-date because and old system has holes and vulnerabilities, and this is what hackers look for and exploit.”
No comments yet