Cyber attackers are evolving their business models to create more sophisticated, three-staged attacks.
They use data exfiltration and encryption, followed by extortion, to steal organisations’ funds.
Forensic investigator Darren Hopkins, a partner with McGrathNicol, told an Emergence Insurance webinar, attended by 1,849 brokers and their clients, the attackers, or threat actors, are now likely to be organised crime or state sponsored, rather than sole operators.
McGrathNicol is a member of cyber specialist Emergence’s incident response team.
Outlining trends in the “cyber-threat pandemic”, Darren said threat actors will compromise a system, exfiltrate private and confidential information, then encrypt it and extort a ransom for return of the data and a decryption code. If no ransom is paid, they auction the data on dark web marketplaces.
“A surge in revenue means threat actors can invest in research and development of new tools to evade detection and bypass security systems,” he said.
Threat actors engage in professional business correspondence with victims, negotiating deals and spelling out the business risks. In a case McGrathNicol investigated, the threat actor showed a CEO a stolen copy of his company’s own cyber insurance policy.
Threat actors research target companies and tailor their demands according to the business’s ability to pay and the likely impact. They even employ voice actors who speak the same language, telling CEOs and CIOs to “pay up, or else”.
Darren said SMEs more frequently fell victim to cyber scams because low budgets meant they did not spend sufficient funds on security, but larger businesses that did not invest enough in the right security and risk management were also attacked and the disruption caused was more costly and the impact more damaging.
Ransom demands were getting higher because threat actors could compromise back-up systems, increasing vulnerability.
McGrathNicol partner Shane Bell said data was “the new superpower” and easily monetised. He urged organisations to implement data protection plans and regularly stress test them.
Businesses need to:
• Understand their information assets and data
• Assess their material risk and vulnerabilities
• Update business critical systems and test data backups
• Classify information assets and third-party arrangements
• Test and update incident and breach response plans
• Ensure logs capture useful information for incident investigations
• Establish rigorous oversight of outsourced services and third-party risks
• Implement continuous awareness training programs.
Emergence’s National Head of Sales Gerry Power analysed data from the Office of the Australian Information Commissioner’s Notifiable Data Breach Scheme, which continues to show the key drivers of data breaches are malicious or criminal attacks and human error.
Social engineering doubles
“Human error is within our control,” he said. Gerry urged brokers to work with their clients to implement risk management which could potentially reduce their cyber insurance premiums. “Employees are the last line of defence and too many still don’t recognise a phishing email or a dodgy invoice.”
Gerry said social engineering claims had doubled since 2018. “Email vulnerability is the greatest risk to businesses today; there’s a huge need for employee security awareness training.”
He said Emergence researched the cyber threat landscape and updated its cyber policies to reflect new threats, which assisted brokers in providing insurance solutions for their clients.
Emergence is an award-winning underwriting agency, exclusively focused on providing flexible, innovative cyber insurance solutions to help protect Australian businesses, ranging from SMEs to ASX-listed companies.
Emergence was awarded the 2019 Insurance Business magazine Underwriting Agency of the Year. It was a finalist in the same category at the 2019 ANZIIF-Asia Insurance Review awards and the 2020 Insurance Business magazine awards.
Last year Emergence was awarded Insurance Business’s Brokers Pick for the fifth time in six years and won its third consecutive gold medal in the Cyber & IT category of the magazine’s brokers on underwriting agencies awards.
To access the broker portal to obtain Emergence cyber quotations for your clients, email firstname.lastname@example.org.