Ransomware and Cyber Insurance Trends in 2022
Spurred by a lasting shift to a hybrid office model due to the COVID-19 pandemic, an ever-growing online presence, the transitioning of traditional infrastructures to online and cloud-based solutions, advanced interconnectivity, and the exploitation of new features of emerging technologies such as Artificial Intelligence (AI), ransomware attacks have grown in terms of sophistication of attacks, their complexity, and their impact.
As we head into 2022, there is, unfortunately, no sign of this letting up. This is why it’s essential for businesses to be aware of the ever-growing avenues of attack and what can be done to mitigate the risks! So let’s take a look at the most important cyber security trends companies should be aware of, particularly around ransomware and cyber insurance in 2022.
What’s Ransomware?
Ransomware typically involves infecting devices with a virus that locks files away behind unbreakable cryptography and threatens to destroy them unless a ransom is paid, usually in the form of an untraceable cryptocurrency. Alternatively, the software virus may threaten to publish the data publicly, leaving the organization liable to enormous fines.
Over the past few years, we’ve seen ransomware operators evolve from disorganized splinter groups and individuals to highly sophisticated operations, with separate teams collaborating to target everything from SMBs to software supply chains.
Rise in Software Supply Chain Attacks
Supply chain attacks were up 650% in 2021, according to a report from a software supply chain management company Sonatype. Ransomware is a volume business and for threat actors looking to exert maximal impact with minimal effort, breaching one-third party IT or software provider represents an opportunity to impact the hundreds or even thousands of that victim’s clients – and their client’s clients, and so on – all at once. The well-known SolarWinds supply chain attack stands out in 2021 due to its scale and influence, but other sophisticated supply chain attacks have occurred, such as the Kaseya ransomware attack. The REvil ransomware gang exploited the company to infect over 1,000 customers with ransomware and demanded a ransom of $70 million to provide decryption keys for all affected customers.
Supply chain attacks are extremely dangerous because once a hacker gains access to a significant software supplier, they can also reach the data and code of their subscribers and customers. This provides multiple routes to new targets, including those once considered well-protected. Another advantage for attackers is deniability, as they can use the supply-chain company as a proxy for another target.
Security experts predict that supply chain attacks will continue to rise over the next year as threat actors search for weak links in software supply chains, targeting software being used widely and globally or used by a specific company. Attackers will proactively inject new threats into open-source libraries that feed into software supply chains, leading to more companies being compromised, regardless of whether they have a secure perimeter or good overall posture.
Triple Extortion Ransomware
Triple extortion is one of the latest strategies in the cybercriminal’s arsenal to maximize the value of successful ransomware attacks. Traditionally, ransomware attacks consisted of a single stage – a victim faced a ransom demand in return for the decryption key to unlock their systems and data. However, since ransomware developers evolved the capability to lock down systems and exfiltrate data simultaneously, ransomware attacks started using a double extortion strategy where they stole the data and then threatened to leak it if a ransom wasn’t paid.
Threat actors have recently added another layer to ransomware attacks, building on this methodology. In essence, this latest development in ransomware means that a ransomware attack doesn’t just stop at the initial target. Under triple extortion, ransom demands may now also be directed at a victim’s clients or suppliers. At the same time, further pressure points such as DDoS attacks, or direct leaks to the media, are also brought into the mix. The ripple effect of triple extortion ransomware attacks will force businesses to scrutinize and audit their supply chains’ access to their data and the security and policy controls surrounding their trusted relationships.
Cyber Insurance Trends
Cyber insurance has grown in popularity over the past few years as a way for companies to mitigate risks and liabilities, including the costs associated with ransomware attacks, such as response costs and the costs of retaining experts to advise you through the incident, investigation, and next steps, lost business income as a result of interruptions to networks or encryption, and in many cases, coverage for the ransom itself.
Throughout 2019 and 2020, most organizations could obtain cyber insurance with relative ease and at relatively low cost, as the insurance market saw intense competition for customers. However, as ransomware attacks have increased in terms of volume and monetary value, insurers have experienced significant losses causing this dynamic to change – insurance firms are not as willing to underwrite the risks associated with cyber security as they once were.
Cyber insurance claims in 2021 exploded, and there is no sign of that trend abating in 2022. As a result, renewals are expected to be especially challenging as insurers seek to limit exposure and enforce stricter underwriting standards. For example, many cyber insurers are imposing higher deductibles and sub-limits while dramatically increasing premiums. Nearly all cyber insurers are also increasing underwriting scrutiny and demanding more detailed submissions from policyholders, including supplemental ransomware questionnaires or applications and instituting demands on policies that require compliance with key security measures.
We see among the new trends that insurance companies now require companies to use Managed Detection and Response Services and have regular Employee Cybersecurity Training. They’re getting so specific to the point of asking if the customers on Microsoft 365 have an Advanced Threat Protection license. Some insurers are also limiting or eliminating specific types of coverage, such as coverage for state-sponsored attacks, while other cyber insurers are limiting coverage for contingent business interruption loss – losses resulting from a cyberattack impacting another company’s system, on which you rely to do business.
The upshot is, to secure coverage, organizations will have to tighten up their security posture and be able to justify the extent to which it mitigates risk. Prevention and cyber preparedness will become ever more important in 2022 as organizations are forced to take more responsibility for their own security.
How to Protect Yourself Against Ransomware
Here are a few ways to prevent and mitigate ransomware risks:
- Conduct regular employee cybersecurity awareness training. Education is the most effective method of tackling the ransomware threat – employees who are aware of the dangers of ransomware are less likely to fall victim. Provide training and simulation scenarios for identifying social engineering and phishing campaigns for employees.
- Establish and maintain an incident response team and evaluate incident response plans frequently. Tabletop exercises or cyber range experiences can provide your team with the critical experience to improve reaction time, reduce downtime, and ultimately save money in the case of a breach.
- Regular patch management is crucial. With new vulnerabilities being discovered every day, it’s more important than ever for companies to consistently scan for vulnerabilities and immediately patch those that pose the most significant threat. Consider using a centralized patch management system or outsourcing your patch management to a service provider like OnPar Technologies.
- Implement zero-trust solutions such as multifactor authentication (MFA) and Application Whitelisting (AW) to limit user access privileges under the need-to-know principle.
- A Business Continuity Plan (BCP) is critical in the event of a data breach. This plan outlines the type of data stored, its location, and potential liabilities when implementing data security and recovery actions. A BCP entails an effective incident response, which aims at addressing, managing, and rectifying the damage due to such an incident.
- Invest in cyber insurance. Cyber insurance is a crucial investment that could help your company minimize damage and keep the business running in the event of a breach.
Protect Against Ransomware with OnPar Technologies
No one is immune to a ransomware attack, and every company, regardless of size, domain, or region of activity, is a potential target for ransomware. At OnPar Technologies, we provide comprehensive cybersecurity services that offer robust protection to your business-critical systems, workloads, and data against ransomware and other cyberattacks. Contact us today to schedule a consultation with our cybersecurity experts and let us improve your security posture!
Thanks to the team at Orbis Solutions in Las Vegas for their help with this research. Check them out at https://www.orbissolutionsinc.com/las-vegas-it-services/.