Use the below code to add this video to your website.
Cyber criminals aren't just stealing passwords and data. They're stealing the spotlight.
Amid the ongoing COVID-19 pandemic that has been a global focus since government shutdowns began in March of last year, insurers and businesses all over the world are now being forced to grapple with another damaging epidemic: ransomware.
Ransomware attacks accounted for nearly one quarter of all cyber incidents globally last year, according to software company Bitdefender, and they're on the rise. So far this year, ransomware incidents have afflicted businesses, hospitals, schools, local governments, critical infrastructure and even insurance companies' own operations.
An explosion of attacks this year has led state regulators and federal government officials to elevate their focus on ransomware, with The White House ramping up its discussions about the issue in the wake of recent incidents, Reuters reported.
"I think the takeaway is hopefully help is on the way and that companies are not being left to simply fend for themselves because the government is going to make enforcement and pursuit of these actors a priority," says Peter Halprin, partner at New York-based law firm Pasich in the most recent episode of the Insuring Cyber Podcast.
A spate of recent attacks are of particular concern among U.S. government officials, as they've been attributed to cybercriminals operating from Russia. There was the hack last year in which Russian military cyber criminals sabotaged computer code within a software called SolarWinds. Now, a July ransomware attack has made its way to the center of the conversation, in which the Florida information technology firm Kaseya saw its management system hacked. REvil, a Russia-linked cybercrime syndicate, took credit for the breach.
In June, REvil extorted an $11 million ransom out of meatpacker JBS after compromising its supply chain. Earlier this year, in May, an intrusion by another Russia-linked group at U.S. fuel transporter Colonial Pipeline led to the shutdown of 5,500 miles of critical infrastructure, causing panic buying and gas shortages all along the East coast.
"They're targeting every vulnerable organization you can think of under the sun," says Marc Wallenstein, partner at plaintiffs' complex-litigation firm, Korine Tillery, later in the podcast episode. "That wasn't happening five years ago."
It's been reported that the U.S. Department of Justice is elevating investigations of ransomware attacks to a similar priority as terrorism, with internal guidance sent to U.S. attorney's offices across the country saying information about ransomware investigations in the field should be centrally coordinated with a recently created Ransomware and Digital Extortion Task Force in Washington.
In a press conference following the Colonial Pipeline attack, Deputy Attorney General of the United States Lisa Monaco stated that ransomware and digital extortion pose a national security and economic security threat to the United States.
Wallenstein says a centralized focus on ransomware at the federal level is an important step in the right direction toward tackling the issue.
"By centralizing information, it's the first step to having a template approach and making sure that all the resources necessary are brought to bear quickly," he says.
Wallenstein adds that for businesses, it's critically important to invest now in the infrastructure, technology, staff and training necessary to prevent ransomware attacks from happening in the first place. Halprin agrees.
"[Businesses] simply can't hide from it," he says. "I think they need to be proactive."
Halprin says incident prevention is a four-fold effort. Businesses need to implement both strong password protection and a robust incident response plan in case of an attack to limit its impact. Then, they need to consistently test their response plan and take action to address any vulnerabilities.
"It's your security against the outside world. How do you protect people from getting in? What can you do?" he says. "…there are instances where underwriters are simply saying, 'No, you're just too risky and we're not going to underwrite you.' I think those are the kinds of things that will promote companies saying, 'Oh, wait a minute. If we're not even worthy of being underwritten right now, there are a lot of things we need to do to improve our systems.'"
Wallenstein says insurers also need to be proactive with their clients to ensure they have the correct products and proper protocols in place to prevent a hack.
"If you have larger clients, you probably want to audit their IT infrastructure and their cybersecurity infrastructure," he says. "If it's not good enough, adjust your premiums accordingly, because this is a huge risk."
Check out the rest of the most recent Insuring Cyber Podcast episode to see what else Marc and Peter have to say, and be sure to check back for new episodes publishing every other Wednesday along with the Insuring Cyber newsletter. Thanks for listening.