November 22, 2020
Business interruption drives 60% of cyber losses: Allianz - Business Insurance
Business interruption losses accounted for 60% of cyber insurance claims in the past five years, according to a report published Thursday by Allianz Global Corporate & Specialty SE.AGCS’s analysis of more than 1,700 cyber insurance claims worth €660 million ($781.5 million) in the past five years also reveals that the average cost of cybercrime for organizations has increased 70% to $13 million. Meanwhile, the number of attacks has risen by 60%.There has also been a further increase in the number of cyber claims this year, AGCS said. There were 770 claims lodged with AGCS in the first nine months of 2020. This follows 809 for the whole of 2019. But AGCS said it is too early tell if this uptick is being caused by COVID-19.Business interruption can bring the most severe cyber losses, with downtimes becoming longer, and systems and data restoration costs can quickly escalate, AGCS said. “Whether due to ransomware, human error or a technical fault, the loss of critical systems or data can bring an organization to its knees in today’s digitalized economy,” Joerg Ahrens, global head of long-tail claims at AGCS, said in a statement. “If an online platform is unavailable due to a technical glitch or cyber event, it could bring large losses for companies that rely on it, particularly given today’s increasing reliance on online sales or digital supply chains,” Mr. Ahrens said.While external cyberattacks cause the most expensive cyber insurance losses, employee mistakes and technical problems result in the greatest number of claims, the report said.AGCS said more than half (54%) of claims were down to accidental internal incidents, such as employee error or outages, but losses were small.When it comes to value, cyberattacks – including distributed denial of service (DDoS), phishing and malware – accounted for the majority of claims analyzed by AGCS (85%). Malicious internal actions accounted for 9% of losses.“Losses from incidents such as DDoS attacks or phishing and ransomware campaigns account for a significant majority of the value of cyber claims today,” Catharina Richter, global head of Allianz’s Cyber Center of Competence said in the statement.Almost half a million ransomware incidents were reported globally last year, costing at least $6.3 billion in ransom demands. Total costs are thought to be in excess of $100 billion.“Although cybercrime generates the headlines, everyday systems failures, IT outages and human-error incidents can also cause problems for companies, even if their financial impact is not, on average, as severe. Employers and employees must work together to raise awareness and increase cyber resilience,” Ms. Richter said.Businesses and insurers face more expensive business interruptions in the future, alongside other challenges such as more ransomware incidents, higher costs from large data breaches and greater risk from state-sponsored attacks, AGCS said.Mega data breaches, which involve more than one million records, now cost an average of $50 million, up 20% compared to 2019, AGCS said.Higher levels of remote working caused by Covid-19 have created new opportunities for cybercriminals to access networks, alongside coronavirus-themed online scams and phishing campaigns, the report said.Malware and ransomware incidents have increased by more than a third since the start of 2020, AGCS said. But while exposures are rising, it is too early to tell if this is directly linked to COVID-19.“AGCS has seen the first few cyber claims that can be indirectly attributed to the COVID-19 landscape, including ransomware attacks that can be linked to the shift to more remote working. However, it’s too early to confirm a broader trend,” it said.Commercial Risk Europe is a sister publication of Business Insurance. More stories from CRE here.     
November 22, 2020
CrowdStrike: Ransomware hit 56% of organizations in last year
A new CrowdStrike survey determined that more than half of the 2,200 respondents suffered ransomware attacks over the last 12 months. Released Tuesday, the "2020 CrowdStrike Global Security Attitude Survey" included senior IT decision-makers and IT security professionals from both private and public sector organizations from across the globe: Australia, France, Germany, India, Italy, Japan, Middle East, Netherlands, Singapore, Spain, U.K. and U.S. The survey, conducted by independent research firm Vanson Bourne, featured the highest number of participants in the last three years, up from 1,300 in 2018. Respondents from the 12 countries were surveyed in August and September, with sectors varying from financial and manufacturing to IT, healthcare and transportation.CrowdStrike's survey included some troubling results, including 56% of respondents saying their organization suffered at least one ransomware attack in the last twelve months; a number of respondents, including 22% of those in the U.S., said they suffered more than attack during that span. Overall, only 27% of respondents' organizations paid the ransom when they suffered those attacks. However, according to the survey, those payments cost an average of $1.1 million. The survey also found that "concern levels around ransomware saw the largest proportional increase of any cyberattack since 2019." The number rose from 42% in 2019 to 54% in 2020. CrowdStrike CTO Michael Sentonas told SearchSecurity the number of organizations that paid ransoms is concerning, even if it was only about a quarter of the organizations that suffered attacks. "Even at 27%, that's a huge concern for me because in many countries throughout the world, particularly the U.S., an organization may be breaking the law by paying that ransom, so they're potentially creating a bigger problem for themselves," he said. "It's easy to pay and get up and running, but it may cause a lot of issues." The survey also revealed minor improvements in the average detection time of a cybersecurity incident in respondents' organizations over the past year. The average time to detect a "cybersecurity incursion/incident," according to the survey, was 117 hours, which CrowdStrike said was slightly better than 120 hours in last year's report. Sentonas said there are good and bad takeaways from the detection time results, particularly for U.S. organizations. "The U.S. is much better at detection than the rest of the world, and their effectiveness improved. To put it into context, the global average is about 117 hours. It was 120 in 2019. The U.S. average is 97 hours, significantly better than the rest of the world, but in 2019, it was 67 hours, so what that does mean is that the U.S. did get worse even though they are performing better," he said. "I think there's a lot of reasons for that, and COVID-19 has created some complexity." Other positive findings from the survey surprisingly involve the onset of the COVID-19 pandemic, which forced a resilient cybersecurity response. According to the survey, 84% of respondents said they have accelerated their digital transformation efforts as a result of COVID-19. In addition, 79% "believe that their organization's outlook, over the next 12 months, on its overarching security strategy and architecture, is more positive now as a result of the COVID-19 pandemic" and 73% "agree that COVID-19 has proven to be a catalyst for long-awaited approvals on security upgrades." The '2020 CrowdStrike Global Security Attitude Survey' showed 56% of the 2,200 respondents said their organizations were hit with at least one ransomware attack in the last 12 months.While it may be helpful for the future, in the thrust of the pandemic, more than half of respondents reported COVID-19 slowed down detection time of a cybersecurity incident in their organization. In an accompanying blog post Tuesday, Sentonas said the survey seems to indicate that organizations realize the link between COVID-19 and an increase in both ransomware attacks and the costs they incur. "The danger and increasing sophistication of ransomware is not lost on this year's survey respondents, with 54% expressing concerns over ransomware attacks -- a significant increase over last year's findings of 42%," Sentonas wrote in the blog post. Detection time for those attacks was a problem across the board. CrowdStrike's report found 90% of respondents said it would take their organization more than one minute to detect an incident. One part of the problem, according to the survey, is the focus is more on prevention and perimeter security than detection. Another significant takeaway from the survey, according to Sentonas, is the increasing threat of nation-state threat groups. "Among the key findings in this year's report is a growing fear of nation-state intrusions and ransomware attacks in the wake of COVID-19 outbreaks (71%). In addition, 87% of respondents indicated that nation-state attacks were much more common than most people think. In fact, 73% say these attacks are the single biggest threat to their organizations," he wrote in the blog. According to Sentonas, the survey highlights the need for organizations to develop both digital and security transformations. "This focus on improving security posture by increasing their investment in modernizing cybersecurity and accelerating cloud adoption also seems to have increased respondents' optimism, with 78% of them reporting a positive outlook on their organizations' security strategies and architecture over the next 12 months," he wrote in the blog post.
November 19, 2020
How can I best implement an active archive environment?
Archiving assumes an organization must protect data but might not actively use it for an extended period. Typical archiving technologies include magnetic tape and cloud-based archives.However, suppose certain data has significant value to an organization, and its active use may be intermittent. Active archiving enables organizations to occasionally use important data when necessary -- for example, when a court subpoenas data as part of a case or other litigation involving the firm that possesses the data. How to create your active archive platformFirst, determine what data fits into the category of "occasional" usage. Your organization might define this in a data protection policy document, which should address archiving requirements. Typical candidates for an active archive environment include unstructured data such as user files, videos, audio files and PDFs -- in short, daily operational business information data not contained in a database.Next, examine the backup and storage resources available that could support the movement of data across different storage media, such as solid-state drives, hard disk drives, magnetic tape, optical disk and cloud-based storage facilities.Regardless of the archiving approach, your organization should classify data according to various metrics as defined in a data management policy. In addition, authorized individuals should have easy access to that data in a controlled fashion. The data should be easy to locate and extract from the storage medium and stored in a secure manner that optimizes its value to the organization. The data protection policy should also outline each of these parameters, including metrics for storage, recovery, retention and destruction.Consider different approaches for configuring storage resources to accommodate the variability and flexibility of your active archive environment. You can configure a storage environment with suitable archiving technology to archive data to a variety of media -- either local or off site -- based on retention and retrieval parameters defined by users.An active archive environment exampleYou most likely use local hard drives for day-to-day business transactions. You could assign the solid-state drive as the "short-term archiving" resource because your organization can quickly retrieve data as needed from such devices. You might assign the local tape drive to "medium-term" storage, since data access from tape takes longer than with other technologies. You can move the storage location for archived data based on changes to your archiving rules, such as a change in the frequency of data use.Cloud storage resources can support short-, medium- and long-term archiving requirements. They can also rotate with local archival storage technology to provide a strong, active archive environment. Off-site tape storage works best for much longer-term archiving requirements.The backup and archiving system -- and the archiving rules -- should determine where to locate data, based on the business need.An active archive environment is another important tool for organizations that have flexible requirements for archival storage of data.

Hits: 104