The Cybercrime Challenge for Agents
Ransomware is all over the news of late — Colonial Pipeline, CNA and JBS plus hospitals, municipalities and many other businesses. If only reading the headlines, you might conclude that ransomware affects primarily either large or high-profile companies, so agents and small commercial policyholders need not be overly concerned. This view is not just dangerously wrong but also diverts attention from the overall cybercrime threat that agents and their clients depend on – their digital ecosystem.
In a ransomware attack, a hacker “kidnaps” data, assumes control of an organization’s computer system and then demands a payment to give back that control. These attacks have increased in frequency and severity over the past two years. Chainalysis, a blockchain research firm, estimates ransom payments jumped 341% during 2020 alone.
Many cybersecurity experts believe the pandemic has driven the spike in ransomware in part because so many employees have been working from home with less-than-ideal protection. Ransomware attacks accounted for 41% of the total number of filed cyber insurance claims in the first half of 2020, according to a report released last year by Coalition.
Insurance companies have responded by raising premiums and tightening underwriting standards just as demand for cyber coverage has risen. Premiums increased from 10% to 30% in late 2020, according to a survey cited by the U.S. Government Accountability Office. In some cases, annual premiums may rise as much as 50%, according to Joshua Motta, founder of Coalition. A group of cyber insurers including American International Group Inc. and Chubb Ltd. have joined to form CyberAcuView LLC, a consortium aimed at enhancing cyber risk mitigation efforts across the industry.
The emphasis on ransomware is not misplaced, as it represents the largest cybercrime segment. The Coalition report also reported that 59%of cyber insurance claims were not due to ransomware, but to other cyber events including funds transfer fraud and email compromise. At the same time, reports have surfaced that hackers have also gained access to personal identifiable information (PII) through agency vendors, such as quoting software and through policyholder groups, particularly contractors.
Every agency must step up its efforts to address its own cybersecurity vulnerabilities and those of its clients. Cybersecurity experts agree the best defense involves using a layered approach by combining multiple authentication methods with more secure systems and protocols. Some insurers offer security audit services to agents and others are revising agency agreements to require greater attention to cybersecurity.
A good starting point is specialist insurer Beazley’s “Steps to Protect Against Ransomware,” which applies to most types of cyber events. Beazley advises:
- Start with a risk assessment. Addressing risks starts with identifying what they are, where they are, and how severe the consequences are.
- Email content and delivery. Enforce strict Sender Policy Framework (SPF) checks for all inbound email messages, verifying the validity of sending organizations. Filter all inbound messages for malicious content including executables, macro-documents and links to malicious sites.
- Manage access effectively. Ransomware doesn’t have to go viral in an organization. Put in place appropriate measures for general user and system access across the organization: privileged access for critical assets (servers, endpoints, applications, databases, etc.) and enforce multi-factor authentication (MFA) where appropriate (for example remote access/VPN, externally facing applications).
Back-up key systems and databases. Ensure regular back-ups that are verified and stored safely offline. Use strong, unique back-up credentials, and secure them separately. Test backups to ensure restoration from them.
- Educate users. Most attacks rely on users making mistakes. Train users to identify phishing emails with malicious links or attachments. Regular phishing exercises are a great way to do this.
- Patch systems and applications. Conduct regular vulnerability scans and rapidly patch critical vulnerabilities across endpoints and servers – especially externally facing systems.
- Secure remote access. Do not expose Remote Desktop Protocol (RDP) directly to the Internet. Use Remote Desktop Gateway (RDG) or secure RDP behind a multi-factor authentication-enabled virtual private network (VPN).