Ransomware: A growing threat to organizations of all sizes
This year's uptick in ransomware attacks is problematic for insurance professionals and policyholders alike. Here's how to respond.
During 2020′s increased remote working environment, there has been a drastic uptick in the number of ransomware attacks. It follows that ransomware claims are continuing to grow in frequency and severity, according to Coveware.
The average ransomware demand was $233,817 in Q3 2020, up 31% from Q2 2020 alone.
In 2019, ransomware claims account for 31% of all cyber insurance claims, according to a NetDiligence report.
Even at organizations where IT teams are proactive in patching software and protecting systems, things slip through the cracks. This is problematic for everyone — the organizations, their customers and vendors, cyber insurers, and insurance brokers trying to help their clients stay safe.
Proprietary problems
More than half of today’s ransomware attacks can be traced back to vulnerabilities in Remote Desktop Protocol (RDP).
Security gaps like poorly secured RDP ports are found so frequently in part because of the size and complexity of modern IT systems. Just one lonely server with an unsecured port among dozens, hundreds or thousands is potentially enough to let an attacker into the network.
What can be done to mitigate cyber risks when they’re so common and hard to defend against?
When it comes to mitigating cyber risks, brokers can now lean on AI and machine learning-based tools to automatically detect vulnerabilities in an organization’s IT infrastructure. With so many attack vectors, such as RDP vulnerabilities, outdated software, phishing and many more, leveraging these tools to detect potential gaps in security is becoming more imperative as cyber attacks ramp up.
Security scanning and alerting technology offers brokers an opportunity to bring additional value to clients in two ways: They can help identify present threats at the point of purchase of insurance, and give clients peace of mind knowing that, throughout the policy year, any significant new threats will be brought to their attention.
Getting ahead of cyber threats
Being able to scan an organization’s IT infrastructure is a useful tool to combat cyber risks, but what’s next? Once alerted to vulnerabilities, what steps can companies take to protect themselves?
There are many ways for companies to secure their network, which can include closing down open RDP ports that are no longer necessary or moving needed ports that were vulnerable behind Virtual Private Networks (VPN). This not only helps the organization itself secure its network; it also helps make the web safer for everyone. The more fully secured networks there are, the harder it is for criminals to get their hands on easy credentials, affecting the supply on the dark web. This makes their job more difficult, and more expensive.
Additionally, in our experience at Corvus Insurance, the majority of clients who have been alerted to vulnerabilities often respond positively and act quickly to fill any identified gaps in security. As RDP vulnerabilities continued to play a prominent role in ransomware attack trends, we updated our Corvus Scan in April to specifically detect these types of vulnerabilities. This update allowed for the use of automated scans to locate threats like unprotected RDP ports upon quoting for new business, and then notifications to the broker and policyholder to address any issues. During the first six months after launching the update, we found that overall ransomware claims among policyholders dropped a staggering 65%, from 26% of all claims to a rate of just 9% among new policies. Of the ransomware claims that received during this time, zero related to vulnerabilities in RDP.
Leveraging today’s tech tools
Especially in today’s remote working environment, brokers need to leverage AI and machine learning tools more than ever. This demand will extend past the length of the pandemic, as companies further digitize workplaces and even choose to operate completely remotely.
With the evolution of the workplace, however, comes increased cyber risk. When insurance brokers choose to lean on technology, they can not only keep up with the rapidly evolving digital landscape, they also can provide extraordinary value for current clients and attract new ones.
Lauren Winchester is vice president of Smart Breach Response for Corvus Insurance. In this role, Lauren guides policyholders of all sizes through cybersecurity incidents, ensuring efficient coordination of counsel, digital forensics firms, and other key incident response resources. She also manages Corvus’s risk mitigation services, such as tabletop exercises and incident response planning, that are designed to minimize the frequency and severity of data breaches. Lauren has handled over 1,000 cybersecurity incidents for organizations in healthcare, financial services, higher education, retail, professional services and more. To get in touch, contact info@corvusinsurance.com.
Keep reading…