For the past 12 years I have observed cyber risk evolve from a malicious, disruptive tool used by hackers to interfere with a company’s ability to transact business, stealing personal identifiers, and credit card information that would be sold on the Dark Web to the type of insidious and existential risks like viruses, ransomware and social engineering. Vulnerable networks provide pathways for hackers to corrupt data, steal Intellectual Property and extort money as well as the challenges of recovering from the aftermath of a cyber event – all threatening a business’ very survival. This underscores the challenge of identifying and thwarting a cyber event.
Fortunately, organizations are becoming more aware of cyber risk and the need to be more vigilant in protecting their digital assets. For guidance, Chubb Cyber North America reports on the top 2019 cyber trends. With two decades of experience providing cyber insurance policies and drawing on that experience Chubb foresees the nature of this year’s cyber security predictions to be in the following areas:
1. To become better prepared, organizations are taking a proactive, offensive approach to mitigate cyber losses. The strength of pre-incident cyber security strategies will determine the extent of potential damage after a breach or attach has occurred. Those activities are comprised of
a. Risk Vunerability Assessments and fixed
b. 24 hour monitoring
c. After breach / attack response and Business Continuity Planning For example, ransomware’s ability to shut down a network impairs the ability to process mission critical activities that can lead to a large loss of business income.
2. Government entities will become ever more focused on cybersecurity regulation. The EU’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) are examples. Organizations not only need to ensure they are in compliance with the laws of the state in which they physically operate, but also determine if they are subject to laws of other locations where they virtually operate.
3. Cyber criminals will continue to become savvier about monetizing their nefarious acts. During the past 20 years a vast majority of cyberattacks have largely focused on accessing Personal Identifiable information (PII) – Social Security Numbers, passwords, financial account and health information. While potentially lucrative, it is a numbers game requiring a great deal of time and energy to infiltrate and export this critical data. Moving forward, Cyber criminals will prioritize attacks that result in direct and quicker monetization as they operationalize PII that they’ve already obtained. In order to pursue these types of attacks, criminals will continue to employ ransomware and spoofing.
4. Financial fraud through the use of cryptojacking, the unauthorized use of a computer to mine cryptocurrency like Bitcoin, Monero and ZCash. The victim is unaware of the silent attack by malware, as there has been no data theft or demand. The result in stealing computing power to mine a variety of virtual currencies.
5. The exponential increase in connectivity through smart phones and Internet of Things (IoT) will increase vulnerable as hackers have more avenues through which to mount an attack. This proliferation of inter-connectivity cuts across all of society through smart homes, vehicles, manufacturing equipment, copiers, communication equipment and yes…fish tanks. Criminals were able to steal a casino’s high-roller database by gaining access to its computer network via a smart thermostat in its tropical aquarium.
When it comes to cyber threats, and how they continue to evolve, businesses are faced with the known and massive unknown. As such, buyers of Cyber Insurance need broader and better solutions, not just more insurance products. (I know, this is a curious statement from an insurance guy) As cyber perils loom, the focus must shift from a reactive position of obtaining cover from products to a proactive approach engaging risk management, incident prevention and response. To truly maximize the benefits of Cyber Insurance, success is about integrating technology and forging relationships with third-party providers.
Many businesses are under-prepared and/or under-insured for their growing cyber peril. Therefore, it’s imperative for businesses to have a quantifiable way to understand their own digital network security posture. This was the reason Orion rethought the traditional insurance approach and established Cyber Protection Reimagined. Along with our technology partner, this end-to-end solution identifies an organization’s network vulnerability, closes those gaps, educates employees on how to avoid exposing their network to hackers, provides 24×7 monitoring and establishes a post-incident event plan. These best in class attributes reduce the chance of cyber disruption for an improved risk profile, resulting in more favorable Cyber Insurance terms and conditions.
Cyber Protection Reimagined is a holistic approach and powerful solution transforming the way our clients view their cyber exposure to better manage this risk.
An attacker doesn’t have to be good every time, they just need to be successful once! Offense wins and defense loses.
Stephen Paulin, CIC
Cyber Risk Strategist
Orion Risk Management
an Alera Group Company