Specialty insurer Beazley reports that ransomware attacks are rapidly increasing and that the dollar value of individual ransom demands is also increasing. Beazley’s analysis and key findings are in line with Cyberhedge findings that most breaches are relatively unsophisticated and the result of poor cyber governance and hygiene by employees. Strengthening employee training is both relatively low-cost and the most effective step that most companies can take to improve their cybersecurity. Beazley also highlights two additional key Cyberhedge findings: 1. that vendors are increasingly becoming a breach vector into companies and 2. that the dramatic increase in COVID‑19‑related remote access into company IT networks has increased companies’ cyber threat surfaces.
Beazley reports that its Breach Response Service saw a 131 percent increase in ransomware incidents in 2019 and that a larger share of ransomware attacks consisted of a combination of tools. This includes pairing programs like Ryuk and Sodinokibi with banking trojans such as Trickbot and Emotet, making incident response more complicated, according to experts. In addition, the dollar value of ransom demands is increasing, and “seven or eight-figure ransom demands are not unusual.”
In addition to the broad increase in ransomware attacks, Beazley also points out that vendors were used as breach vectors in 17 percent of ransomware attacks. Cyberhedge identifies the need for companies to implement rigorous cybersecurity regimes that take into account the cyber governance of their counterparties. Suppliers or customers that have access to company IP, or offer a potential back door into company IT systems, must also be accounted for as part of a more robust approach to cyber governance.
As covered in the September issue of Cyberhedge Research, events in the past two years impacting some of the world’s largest managed service providers like WiPro, and the theft of sensitive documents stolen from many major automobile companies (Tesla, VW, Toyota, Ford, Chrysler, GM) via a third-party robotics vendor in 2018 demonstrate that growing digital interconnectedness is making it increasingly difficult to distinguish a corporate network’s threat surface from that of a supplier, partner, or customer.
This again hits at what Cyberhedge calls the third-party paradox—the corporate drive for greater efficiency and cost savings has created additional cyber-related supply chain vulnerabilities most companies haven’t considered when making strategy decisions about outsourcing.
Beazley’s other key findings that the most common ransomware attacks are relatively unsophisticated phishing emails and breach “poorly secured remote desktop protocol” are also in line with Cyberhedge analysis. Cyberhedge data shows that breach risks have increased with the dramatic increase in COVID‑19‑driven remote work and remote access into corporate IT networks. This has dramatically increased cyber threat surfaces in recent weeks and makes companies with poorly managed networks pre-COVID‑19 even more susceptible to a business disruption event like ransomware. More generally, increased and improved training of employees in basic cyber hygiene and improved cyber processes across the organization have the greatest impact on cyber governance performance and the financial value at risk due to cyber.