“Corporate cyber insurance will fuel ransomware growth in 2018” warns WatchGuard

While the increasing number of publicly disclosed breaches and successful ransomware incidents is driving growth in cyber insurance, there’s a risk that this will encourage criminals to target companies with extortion insurance to demand increased payments. That’s the belief of researchers at WatchGuard Technologies.

In countries that require mandatory breach disclosure, cyber insurance helps cover the costs and, sometimes, the lawsuits that result from these breaches. More recently, insurers have promoted optional extortion insurance packages that cover the costs of ransomware and other cyber extortion payments.

“We find it concerning that insurers sometimes pay ransoms to recover their customers’ data,” explained Corey Nachreiner, CTO at WatchGuard Technologies. “While we understand the business decision, insurers currently have no long-term actuarial data for cyber incidents and ransomware. It’s possible that paying ransoms will encourage this criminal business model and increase the number of incidents insurers have to handle or the cost of ransoms.”

As most studies show that at least one-third of ransomware victims already pay on demand, smart ransomware authors will target insurers to identify organisations with extortion insurance and then attack them directly.

“We expect SMBs to continue to adopt extortion insurance in 2018, but cyber insurance shouldn’t replace security controls and Best Practice,” urged Nachreiner. “We predict that insurance providers will start to implement guidelines that require companies to have strong security controls in place as a prerequisite. When combined with other layers of security, cyber insurance represents a great addition to a company’s cyber security strategy.”

*View the WatchGuard predictions videos online at: https://www.watchguard.com/wgrd-resource-center/2018-security-predictions

More compromises in evidence

Online security is seemingly becoming more compromised with each passing year. 2017 has witnessed some of the worst security breaches in history, such as the breach of Equifax, which impacted over 143 million clients in the US and abroad. There were also three major state-sponsored ransomware attacks affecting hundreds of thousands of targets around the world. Unfortunately, it looks like this is just the beginning.

“Ransomware assaults seem to be increasingly dangerous,” explained Marty Kamden, CMO of NordVPN. “Besides, system administrators are not ready to protect their networks from more sophisticated breaches. We believe that attacks will only become worse in nature.”

In addition, Internet freedom has been on a steady decline. For example, in the US, Internet Service Providers have the right to track customer data without consent and sell it to third parties. Net neutrality is under attack. Other countries are also passing freedom-limiting laws.

NordVPN’s predictions for cyber security in 2018 are as follows:

Increase in IoT attacks

As Internet of Things (IoT) devices become common use, they will continue to come under attack. When one device is compromised, the hacker can easily overtake the whole system of interconnected devices. One of the biggest fears is that hackers might compromise medical IoT devices and patients’ information could be leaked. Breached IoT devices can be used in large DDoS attacks, putting down virtually any Internet-based service or website

Increase in travel data breaches

Hackers are discovering that business or leisure travellers who book their trips online share their passport and credit card data, which can be stolen. This marks the move towards specific online breaches targeting groups of people – not only travellers, but also online shoppers and others

New and larger ransomware attacks

This year has shown the power of one ransomware attack that can disable hundreds of thousands of computers around the world. Companies are not yet up to speed with sophisticated hacker technologies, so there’s a huge risk of new and larger ransomware attacks

China to ban Virtual Private Networks

China’s Government passed a regulation that requires telecommunications carriers to block users’ access to private, Government-unapproved Virtual Private Networks by 1 February. This would mean that lots of people in China will not be able to reach the global Internet, as many sites – such as Google or Facebook – are blocked in China

The EU is implementing the General Data Protection Regulation (GDPR)

Coming into force next May, the European Union’s General Data Protection Regulation (GDPR) is going to introduce stricter rules for companies on storing personal user data and on obtaining customer consent. The GDPR will have global reach and force companies to protect user data

Digital Economy Bill in the UK

There are plans in the UK to pass a Parliamentary Bill that requires age verification for adult site visitors. Age verification is conducted through collecting various data about the user, which poses a huge risk of data leaks and data loss, with sensitive private information potentially being stolen

Dutch Referendum on Government surveillance powers

The Netherlands will hold a Referendum next year to determine if the law enforcement authorities can have far-reaching surveillance powers. Many privacy activists are striving to overturn the law passed in July, which allows Government agencies to collect data from large groups of people at once

About the Author

Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications)

Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting.

In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector.

In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute’s George van Schalkwyk Award.

An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award.

Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site.

Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media.

Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014.

Related Posts