Crypto-viral criminals are becoming ever more sophisticated, but so are their targets
Digital mobile devices created convenient, anytime-anywhere communications. But they also opened up umpteen avenues for ransomware to exploit. (Photo: iStock)
The decades-long geopolitical struggle known as the Cold War comes to mind when looking at the current, ongoing fight against ransomware.
Sure, the stakes in today’s conflict against the hackers who build and spread data-kidnapping malware aren’t nearly as apocalyptic as those in the superpower showdown. But the comparison remains valid in this crucial respect: Both clashes are characterized by opposing sides engaged in an ever-escalating and seemingly endless battle of weapons and wits, in which a move by one side is met with a countermove by the other. Move, countermove, move again.
The two conflicts, of course, aren’t alike in all ways. But even their differences are strangely revealing. While the two sides in the Cold War never unleashed their most destructive devices, the same can’t be said about hackers and the companies trying to foil them. Both sides are steadily building up their arsenals while also using the biggest bombs at their disposal.
This is the year when ’ransomware will wreak havoc’ on America’s infrastructure community, ICIT warns.
Unlike the simmering late-20th century hostility between the Soviet bloc and the Western allies, however, the ransomware war boiled over immediately. It follows that one popular social media catchphrase sums up the current state of affairs: That escalated quickly.
The hot war between the perpetrators of ransomware and their targets is an obvious by-product of our wireless world. Put simply, digital mobile devices and applications have not only created the convenience and utility of anywhere-anywhere communications, but also opened up umpteen avenues and opportunities for purveyors of ransomware to exploit. As crypto-viral criminals adopt more sophisticated tools and tactics of attack, so do their targets to defend their digital networks and the data accessible through them.
Extortionists ratchet up pressure
Even places with the highest and thickest walls are vulnerable to today’s sophisticated ransomware. This is where insurance providers enter the picture. The insurance industry has been deeply involved in this intensifying struggle from the very beginning. I remember clearly my first ransomware case some five years ago. My company, its vendor partners, and the organization whose data was being threatened worked together quickly to eliminate the data-kidnapping malware and plug the hole through which it entered. No harm done.
If only things had remained that straightforward. Since those innocent days, criminals have become much more active, multiplying the number of attacks each year. On top of that increased activity, extortionists have been ratcheting up pressure on their victims, developing and employing methods that have become increasingly difficult to foil through standard anti-virus programs and backup measures.
Rather than rely strictly on brute force, an increasing number of coders explore data networks meticulously to locate and imperil the most sensitive information, emboldening these extortionists to raise their payment demands. Many companies give in to these shakedowns, chalking them up as yet another cost of doing business. It’s a bluntly effective response, but one that’s unsatisfying and becoming increasingly unsustainable.
Instead, organizations increasingly turn to insurance providers not merely to cover extortion payments, but also to forestall them.
Many insurance providers deliver three key services:
- Perform threat intelligence by researching and analyzing trends and developments in cyber crime, activism and espionage;
- Manage risks by identifying and repairing weaknesses that make organizations vulnerable to ransomware; and
- Build relationships with top vendors — from computer specialists to public relations professionals — that can respond immediately and intelligently when extortionists strikes.
That said, expert claims professionals must be at the forefront of the fight.
Rising to meet tougher demands, expectations
Insurance providers that are truly serious about serving customers and carrying the fight against ransomware should create custom-built claims teams.
Building such teams is a boots-on-the-ground business. It starts by recruiting, hiring and retaining talented claims professionals. The next step is to empower them to become ransomware experts and devote their activities solely to this field. That means giving these people the latitude and resources to attend conferences frequently to learn from other specialists, and to meet regularly with clients, brokers and vendors to share information and concerns.
Placing expert claims professionals at the forefront of the fight against ransomware also means ensuring they have proper answers to key questions that informed clients are going to ask. These people should be able to:
- Explain your ransomware claims philosophy and the principles on which it is based. For instance, do you counsel clients to adopt a zero-tolerance approach to ransomware demands, or is your modus operandi based on flexibility and leaving as many options open as possible?
- Define the process your ransomware claims team follows when clients call for help in emergencies. As a start, will clients be able to reach an actual person at any time day and night, or will their calls go first to an answering machine?
- Outline the kinds of vendors your ransomware claims team will be able to call on when a client’s data system comes under attack.
- Indicate the bench strength and depth of these vendors, so as to specify whether your company can guarantee to supply organizations with the proper kinds and numbers of professionals at a moment’s notice.
Improvement efforts must never cease
My colleagues and I have spent the last several months building a claims team made up of experts who can take their place at the forefront of the fight against ransomware. At the same time, we rewrote our cyber policy form, which covers ransomware incidents, to fully take into account new laws and emerging exposures. While a D&O policy written 10 years ago is likely still competitive today, a cyber policy written just two years ago is now woefully out of date. We also revised our lists of vendors in all areas related to ransomware, based on our ongoing meetings with existing and new vendors. And we reviewed our approach to risk management to make sure we’re always delivering prevention and mitigation services that meet the current and unfolding needs of our clients.
This emphasis on widespread, continual improvement is vitally necessary. The fight against ransomware likely won’t end anytime soon. If anything, it will grow more complex, it will involve higher stakes, and it will require ceaseless activity to get ahead and stay ahead in this ever-escalating battle of wits and weapons. Move, countermove, and move again.
William Kelly is senior vice president of underwriting at Argo Pro: firstname.lastname@example.org
Got questions about your cyber security coverages? Let DDM help. Schedule a complimentary review of your policies today.