Insurance provider Says : Basic security measures could have reduced losses from cyber attacks in Canada

Insurance provider Says : Basic security measures could have reduced losses from cyber attacks in Canada

A cyber insurance company says that following basic security controls is the major cause of increased frequency and severity of security losses by organizations. 

In a report released this morning (registration required) that looks at claims for the first half of this year, Alliance Inc. says multiactor authentication and regular out-of-band backups such as no-cost and low-cost controls are eliminated. 

Must have been Most of the losses organizations experienced. The report noted, "Although the number of cyber attacks has not increased dramatically, they have a success rate." Talking about the moves IT has made to its network to enable remote work during the COVID-19 pandemic, "cyber criminals are actively using it to their advantage." 

The alliance has more than 25,000 small and midsize customers in the US and Canada. The report looks at the claims of its clients, claims made by applicants for the Coalition for Coverage, and general claims from the US-based National Association of Insurance Commissioners. About 1.8 percent of the alliance's customers (or about 450 firms) made claims in the first half of the year. 

This was above 1.5 percent for all of 2019. Of the forty-one percent claims related to ransomware, 27 percent were due to fraudulent transfer of money and 19 percent related to email compromise. In terms of attack technology, 54 percent of claims-related attacks are via email, 29 percent via remote access, six percent through social engineering, three percent via brute force attacks, and third parties. The other three percent did. a settlement. 

"We have seen a sharp increase in ransom demand in the last quarter as threat actors have exploited COVID-19 and changed company operating procedures," the report said. “Although the frequency of ransomware claims has fallen by 18 percent in the first half of 2019 to 2019, we have seen a dramatic increase in the severity of these attacks. 

The ransom demand is high, and the cost of rescue is increasing, along with complexity. Average ransom demand among our policyholders increased 100 percent from 2019 through 2020, and another 47 percent increase from Q1 to Q2 2020 "to US $ 338,700." 

Fund transfer fraud, including email and voicemail attacks, rose 35 percent since the onset of the epidemic. Reported losses range from at least thousands to well above $ 1 million per event. In fact, the Trade Email Agreement (BEC) was the starting point of entry for 60 percent of the claims reported to the alliance alone. 

The report states that criminal hackers are taking advantage of behavioral changes as organizations respond to disruptions caused by the COVID-19 epidemic to increase their success rate. 

For example, it is common to see social engineering efforts where a criminal actor asks for a fake ACH (automatic clearing house) directive to pay, an office closure or the ability to receive mail checks reason. 

The recipients of these requests consider the request valid, assuming that many businesses find themselves, often not thinking twice, given the situation.

 "Most incidents and security failures - especially those targeting small businesses - are preventable, the report said, and do not cost too much. The top five mitigation organizations need multi-factor authentication, the use of a password manager, Must use secure and regular backups, implement basic email security measures (such as DMARC), and an anti-phishing solution and wire transfer verification.