While the increasing number of publicly disclosed breaches and successful ransomware incidents is driving growth in cyber insurance, there’s a risk that this will encourage criminals to target companies with extortion insurance to demand increased payments. That’s the belief of researchers at WatchGuard Technologies.
In countries that require mandatory breach disclosure, cyber insurance helps cover the costs and, sometimes, the lawsuits that result from these breaches. More recently, insurers have promoted optional extortion insurance packages that cover the costs of ransomware and other cyber extortion payments.
“We find it concerning that insurers sometimes pay ransoms to recover their customers’ data,” explained Corey Nachreiner, CTO at WatchGuard Technologies. “While we understand the business decision, insurers currently have no long-term actuarial data for cyber incidents and ransomware. It’s possible that paying ransoms will encourage this criminal business model and increase the number of incidents insurers have to handle or the cost of ransoms.”
As most studies show that at least one-third of ransomware victims already pay on demand, smart ransomware authors will target insurers to identify organisations with extortion insurance and then attack them directly.
“We expect SMBs to continue to adopt extortion insurance in 2018, but cyber insurance shouldn’t replace security controls and Best Practice,” urged Nachreiner. “We predict that insurance providers will start to implement guidelines that require companies to have strong security controls in place as a prerequisite. When combined with other layers of security, cyber insurance represents a great addition to a company’s cyber security strategy.”
*View the WatchGuard predictions videos online at: https://www.watchguard.com/wgrd-resource-center/2018-security-predictions
More compromises in evidence
Online security is seemingly becoming more compromised with each passing year. 2017 has witnessed some of the worst security breaches in history, such as the breach of Equifax, which impacted over 143 million clients in the US and abroad. There were also three major state-sponsored ransomware attacks affecting hundreds of thousands of targets around the world. Unfortunately, it looks like this is just the beginning.
“Ransomware assaults seem to be increasingly dangerous,” explained Marty Kamden, CMO of NordVPN. “Besides, system administrators are not ready to protect their networks from more sophisticated breaches. We believe that attacks will only become worse in nature.”
In addition, Internet freedom has been on a steady decline. For example, in the US, Internet Service Providers have the right to track customer data without consent and sell it to third parties. Net neutrality is under attack. Other countries are also passing freedom-limiting laws.
NordVPN’s predictions for cyber security in 2018 are as follows:
As Internet of Things (IoT) devices become common use, they will continue to come under attack. When one device is compromised, the hacker can easily overtake the whole system of interconnected devices. One of the biggest fears is that hackers might compromise medical IoT devices and patients’ information could be leaked. Breached IoT devices can be used in large DDoS attacks, putting down virtually any Internet-based service or website
Increase in travel data breaches
Hackers are discovering that business or leisure travellers who book their trips online share their passport and credit card data, which can be stolen. This marks the move towards specific online breaches targeting groups of people – not only travellers, but also online shoppers and others
New and larger ransomware attacks
This year has shown the power of one ransomware attack that can disable hundreds of thousands of computers around the world. Companies are not yet up to speed with sophisticated hacker technologies, so there’s a huge risk of new and larger ransomware attacks
China to ban Virtual Private Networks
China’s Government passed a regulation that requires telecommunications carriers to block users’ access to private, Government-unapproved Virtual Private Networks by 1 February. This would mean that lots of people in China will not be able to reach the global Internet, as many sites – such as Google or Facebook – are blocked in China
The EU is implementing the General Data Protection Regulation (GDPR)
Coming into force next May, the European Union’s General Data Protection Regulation (GDPR) is going to introduce stricter rules for companies on storing personal user data and on obtaining customer consent. The GDPR will have global reach and force companies to protect user data
Digital Economy Bill in the UK
There are plans in the UK to pass a Parliamentary Bill that requires age verification for adult site visitors. Age verification is conducted through collecting various data about the user, which poses a huge risk of data leaks and data loss, with sensitive private information potentially being stolen
Dutch Referendum on Government surveillance powers
The Netherlands will hold a Referendum next year to determine if the law enforcement authorities can have far-reaching surveillance powers. Many privacy activists are striving to overturn the law passed in July, which allows Government agencies to collect data from large groups of people at once