Cyber Security Trends Surrounding Cyber Insurance and Ransomware In 2022
A report done by Checkpoint reported that the first half of 2021 saw a 29% increase in global cyber-attacks. The COVID-19 pandemics fueled these attacks as more people worked from home and hackers exploited this opportunity.
Ransomware attacks increased by 93% in the past six months, powered by the invention of an attack known as Triple Extortion.
What is Ransomware?
To understand triple extortion, you must understand single and double extortion. The conventional ransomware attack consists of one stage-thus a single extortion. In this stage, the hacker encrypted the victim’s files and data, asking for a ransom in exchange for a decryption key.
In 2019, the DoppelPaymer ransomware changed the capability to lock systems and steal information simultaneously. It was the first stage in the extortion hierarchy. The FBI asked companies to watch out for the DoppelPaymer ransomware that first emerged in 2019 when it attacked crucial industries.
This ransomware continued unabated throughout 2020, including activities in the latter half of 2020 that left affected companies struggling to stay afloat.
In double extortion, the malicious actors threaten to publish the exfiltrated data online. In triple extortion, the cybercriminals also direct ransom demands at victims’ suppliers or clients. Ransomware that goes beyond single and double extortion into triple extortion are companies that hold client data. A cyber security trend for 2022 will be a rise in ransomware attacks. These attacks are becoming more lucrative for cybercriminals.
Cyberattacks are a lucrative billion-dollar industry. Data will always be in demand, especially on the dark web, and criminals will stop at nothing to get data. The attacks get more aggressive and sophisticated by the day, which causes companies millions of dollars in payouts for insurance companies and companies offering cyber insurance. A cyber rider’s paperwork and cyber-insurance premiums have dramatically gone up.
A couple of years ago, the paperwork was one paper sheet with a few checkboxes. Today, you have to answer numerous questions and fulfill diverse requirements before an insurance company can grant you a limited insurance cyber-security rider. Companies should approach their cyber-security wholistically and encompass building security, increasing network, and regular employee training on cyber security.
According to a 2021 report by IBM and the Ponemon Institute, modern approaches reduced the costs of breaches to companies. Adopting Artificial Intelligence (AI), encryption, and security analytics were the top preventive measures that reduce the cost of breaches.
Embracing these measures saved organizations between $1.25 million and 1.49 million. Companies that used hybrid cloud tactics experienced lower breach costs of between $3.61 million compared to those who used a primarily public cloud that spent $4.8 million or a private cloud that paid $4.55 million.
Supply Chain Attacks
Supply chain attacks have also gone up. An example is the SolarWinds attack that stood out due to its influence and scale. SolarWinds is an American IT firm that hackers compromised. The attack went undetected for many months and even spread to their clients.
In 2020, hackers covertly infiltrated SolarWinds’s systems. They injected malicious code into the firm’s software system called Orion. Most companies use the Orion system to manage their IT resources, and 33,000 of SolarWinds’ clients use Orion.
Supply chain attack popularity is their ability to allow attackers to access many people on a large scale. Instead of attacking one network, the hackers focus on finding a weak spot by attacking trusted sources on that network to target various networks using a similar vendor’s software. ENISA (European Agency for Cybersecurity) had predicted that there would be four times more supply chain attacks in 2021 than in 2020.
You now worry about your vendor’s code security because of supply chain attacks. You should ensure your vendor is also taking the same precautions you are. Most large organizations are reconsidering and verifying their third-party vendors.
They must confirm the vendor’s security posture annually and check that it meets industry standards. Does the vendor take cyber security seriously? The company also has to assess whether its data and access provided to the vendor are adequately secured.
Here are five recommendations for organizations to avoid cyber-attacks in 2022:
1. Secure Your Hardware
Ensure that you have updated your software security patches and use secure passwords. Secure passwords are alphanumeric and include some symbols. If available, use the 2FA (two-factor authentication) where you use a constant password and an OTP (one-time password) generated and sent to a trusted device such as a mobile phone.
Turn on the Bitlocker device encryption for your Windows 10 devices. Enable the remote wipe-data option for all mobile phones if the device is stolen or lost.
2. Encrypt and Back Up Your Data
Encrypt your data to prevent unauthorized access to sensitive and confidential data. Encrypting also renders the data useless to anyone without a decryption key. Data encryption is a fast fix for data breaches, and if one should happen, the data is inaccessible to hackers. Backing the data ensures that you can always get everything back if you lose the data.
3. Network Security Scan
A periodic network security scan checks the connected devices and any security holes. The scan allows you to block any loopholes a hacker might use.
4. Employee Training
The weakest link is your employees. Continuous training is essential to keep up with the ever-changing face of cyber-threats. Purchasing a cyber-security training service, send fake phishing trials to your employees to test their awareness and train them if they don’t pass the test.
5. Invest in Quality Cyber Insurance
Cyber insurance acts as business continuity insurance if any security measures do not work. If your business experiences a ransomware attack, the financial support from cyber insurance ensures your business does not suffer downtime and gets back on its feet as fast as possible.
The prevention of ransomware and other cybercrimes is constantly evolving with the threat of evolution. The current ransomware protection and prevention trends include monitoring the Dark Web, training staff on Cybersecurity and holding phishing simulations, and Zero Trust Policies.
Cyber insurance is an essential requirement for most businesses, and the Cyber policy may offer support if an attack happens, but as the adage goes, prevention is better than cure.
At Kraft Technology Group, we major in Microsoft technologies for the private and public sectors. We help businesses become more competent with network support, top-drawer computer services, and managing IT services. Contact us to book a meeting, request an open service, or schedule a call.
Thanks to our friends at 4BIS.COM in Cincinnati for their help with this article.
Brian Gray, MCP, is the President at Kraft Technology Group, LLC (KTG), an affiliate of KraftCPAs PLLC. Within his role, Brian is responsible for all aspects of service delivery to our clients. Brian has a decade of experience working for managed service providers. He has worked with clients in a variety of industries, including financial services, accounting, legal, healthcare, manufacturing, and retail.