Immediate Vault Immediate Access

Five Strategies to Protect Against Ransomware and Other Cyberattacks

As organizations continue to adapt to remote or hybrid work models, it has never been more vital to have a robust cybersecurity program to better protect against ransomware attacks and other cyberattacks against company systems and personnel. Ransomware attacks have proven a particular risk in recent years, with attacks like the Colonial Pipeline and myriad attacks on health care organizations demonstrating the serious impact of cyberattacks beyond financial risks, affecting everyday life and business operations.

Ransomware and other cyberattacks are always evolving. Attackers are constantly finding new ways to infiltrate environments while trying to stay undetected. Cyberattacks can target many different points in an organization’s ecosystem, including firewall configuration, patch management, network segmentation and defensive technology. The following five strategies can help companies mitigate cyberrisk and respond to threats quickly and efficiently:

1. Strengthen Asset Inventory
You cannot protect what you do not know exists or cannot see. Having an efficient asset management program can significantly increase visibility and rapidly provide detailed information about systems in the event of a cyberattack. Organizations should document system or device types, operating systems and software used. To be more granular and aggressive, consider documenting what ports and service systems use for business functions and use that as a baseline for future firewall rules and network exceptions. Having a strong program is key for every organization, but is even more important in remote work environments.

2. Conduct Security Awareness Training
A comprehensive and effective security awareness program for employees benefits the organization at large. An efficient security awareness program extends visibility and cyber threat detection beyond defensive technologies applied in the environment by empowering people to be a critical line of defense. A robust security awareness training program allows employees to assist with the detection of network anomalies, suspicious emails and other potential threats.

3. Assess Antivirus and Endpoint Detection and Response Programs
Traditionally, antivirus programs have helped detect malicious activity. However, the problem with the traditional antivirus approach in modern day cybersecurity is that attackers regularly update their code to obfuscate and bypass signature-based antivirus products. By employing an endpoint detection and response (EDR) product, organizations create an efficient response to detecting malicious programs and activities based on network anomalies rather than signatures alone. If purchasing and implementing an EDR solution is not viable, consider additional layers of defense around the antivirus software. Ultimately, the goal is to increase visibility and the ability to alert upon suspicious activity.

4. Monitor and Detect New Processes
In addition to having inventory on assets, an organization should document legitimate system processes and software. Upon gaining access to an environment, ransomware downloads and executes its installer to infect the victim. Ensuring visibility into your environment can help IT and information security teams to detect programs or processes with behaviors that deviate from the norm. In turn, this allows operations and incident response teams to respond quickly in the event of those anomalies.
One example is Microsoft Windows’ AppLocker, which generates messages and alerts about anomalies such as when an attacker attempts to install an executable outside of the known baselined created. By creating baseline rules, AppLocker will create an 8003 warning message that can be collected and parsed using a security incident and event management (SIEM) product or log aggregator and monitored by the IT or information security team.

5. Network Anomaly Detection
Ransomware moves laterally across the network while infecting systems. This can be done quickly while raising flags or network anomalies such as authenticating to several systems within minutes. It is uncommon for systems or domain administrators to connect to multiple systems rapidly and on a large scale on internal networks. To differentiate between legitimate and potentially malicious activity, network administrators must first document legitimate network connections and known behaviors. This supports anomaly detection by establishing outbound and inbound connectivity from the organization’s servers. Once the legitimate network connection is documented and a baseline is created, you can leverage defensive technologies and monitoring programs to alert when deviations occur. Then, create alerts in firewalls and SIEM solutions to quickly detect and respond to network anomalies.

As cybercriminals become more advanced, cybersecurity programs must also evolve to identify and prevent malicious behavior. By implementing the best practices and strategies mentioned above, organizations can dramatically reduce their exposure to ransomware and other cyberattacks.

Combating Fraudulent COVID Unemployment Claims

As federal and state officials scramble to send unemployment and stimulus funds to help people hit hard by COVID-19 business shutdowns, it has become a perfect storm for cyber fraud.

The payments are an easy target for cybercriminals as hackers and cyber gangs around the world have started to file unemployment claims use stolen identities. Some criminals claim benefits in the names of dead or incarcerated people, while others set up shell companies, “hiring and firing” fictitious employees to collect payments.

For example, cyber gangs in Nigeria have stolen millions in benefits from multiple states using hacked names, Social Security numbers and other information sold for as little as two dollars each on the dark web. In New York, a man was charged with filing more than $1.4 million in false COVID-19 unemployment claims, using the stolen identities of over 250 unknowing victims. According to U.S. attorneys, he was caught in part because he used the same IP address and security question and answer—the name of his family dog, Benji—to submit the applications.

The U.S. Department of Labor estimates fraudsters may already have stolen at least $63 billion through phony jobless claims, while other reports say the losses could be as high as $200 billion. In addition, unsuspecting victims are at risk of receiving surprise tax bills because cybercriminals stole their identities and filed fraudulent claims for COVID-19 unemployment payments.

Watch Closely for Signs of Fraud

The Federal Trade Commission warns that unemployment fraud puts workers at additional risk of identity theft crimes including tax fraud. What can you do to help protect your employees?

Unemployment fraud is often uncovered when employers are notified by state officials that employees have applied for benefits. If they are still working, they may be the victim of identity theft.

Be alert to the signs of cybercrimes and unemployment fraud. Contact your human resources department or tax administrator and ask them to look carefully at any notices or requests they receive from state unemployment officials. If you get a report about unemployment benefits that an employee did not request or receive, contact the employment division of your state labor department. Unemployment fraud is so widespread that most states have set up special procedures to deal with these situations.

Warn Your Employees

Let employees know that unemployment scams are a serious problem. Identity theft can also lead to tax fraud, credit card theft and loans taken out in their names. Notify a working employee immediately if the state informs you they have filed for unemployment benefits. They may be the victim of identity theft and should file a police report. Officials say workers scammed by cybercriminals do not have to pay unemployment taxes, but they must report the crime to the state labor department. And they should file their federal and state taxes on time for the correct amount of their income. The U.S. Labor Department has created a special website for victims of unemployment fraud.

Review Your Cybersecurity

Much of the personally identifiable information used by cyber thieves comes from data breaches, phishing schemes and other cyberattacks. Remind employees, particularly in human resources and tax departments, to be alert for suspicious emails, telephone calls and text messages about payroll information or W-2 forms.

The threat will continue beyond the pandemic. Business email compromise, in which employees are tricked into paying company funds into fraudulent accounts, is at an all-time high, so make sure employees have regular cybersecurity training. If you haven’t conducted a data inventory, do so now. Once you know what data you keep, you can determine what controls you require to protect that data. Store employee records securely and dispose of personally identifiable information carefully. It is also advisable to use a secure email gateway, which protects from spam, viruses, malware and denial-of-service attacks, and make sure employees working remotely are using secure company devices. Install patches and software updates, setting up automatic software updates whenever possible.

Unemployment or tax fraud targeting multiple employees may indicate a data breach. If you have a theft or cyberattack, contact your insurance carrier and, if necessary, seek expert help to identify the source, the extent of the problem and how best to respond.

Companies Continue to Grapple with Cyberrisk, Study Finds

As technology becomes more critical to company success, the number of cyberattacks has climbed. As a result, cyberrisk has become one of the top risks for companies around the world, according to the Marsh-Microsoft Global Cyber Risk Perception Survey. Almost two-thirds of survey respondents identified cyberrisk as one of their organization’s top-five risk management priorities—almost double the percentage who rated cyber as a top risk in a 2016 study, Marsh said, adding that respondents whose organizations had been successfully attacked were slightly more likely to prioritize cyberrisk than those who had not.

Despite these concerns, however, the study notes that just one in five respondents said they are “highly confident in their organization’s ability to manage and mitigate cyberrisk or respond and recover from an attack.” This was especially the case among corporate directors, who play an important role in protecting their organization from cyber threats. While about 70% of respondents who identified as board members said they ranked cyberrisk as a top-five concern, only 14% said they were “highly confident” in their organization’s ability to respond to an attack.

Board Disconnect
While organizations have traditionally relied on IT staff to manage cyberrisks, the structure of oversight is evolving in many companies as risks accelerate. Stakeholders from across the enterprise are looking beyond prevention to include risk assessment, mitigation and cyber resilience. Asked about cybersecurity structure, however, 70% of respondents named their IT department as a primary owner and decision-maker of the risk.

This was more often true for smaller companies, as larger organizations tended to spread the responsibility for cyberrisk—from a low of 13% in the smallest organizations (many of which may not have a separate risk management function) to 58% in the largest organizations with more than $5 billion in revenue, the study found.

Ideally, boards should view cyberrisk management as part of their overall perspective on enterprise risk management. In organizations where the board is involved, however, the study found a disconnect:

Corporate directors often appear to either not understand the information on cyberrisk they receive, or to not be receiving it all. For example, 53% of chief information security officers, 47% of chief risk officers, and 38% of chief technology/information officers said they provide reports to board members on cyber investment initiatives. Yet only 18% of board members said they receive such information.

This information gap illustrates a need to develop cyberrisk economic/business models that facilitate shared dialogue including common language among IT, the board, and other corporate departments. This disconnect also reinforces the need for a cross-functional approach to cyber risk governance, according to the study.

Manufacturers Vulnerable to Cyberrisk

Manufacturing companies face a serious threat from cyber criminals. According to IBM’s latest intelligence index, theirs is now the second-most targeted sector, after attack numbers increased significantly year-on-year. This heightened risk is compounded by increased vulnerability: the connectivity that manufacturers have embraced to bring about greater operational efficiencies is accompanied by significant and largely uninsured exposures, such as physical damage arising from cyber incidents or loss of income due to stolen intellectual property.

Part of the vulnerability lies in process control and supervisory control and data acquisition (SCADA) systems. Previously deemed impenetrable, due to their proprietary and highly customised networks, the convergence of these industrial control systems with enterprise infrastructure, particularly web services and ethernets, has created a potentially catastrophic risk. Such connections and the increasing Industrial Internet of Things (IIoT) can drive through great advantages, but also simultaneously produce weak links that manufacturers can not afford to overlook.

For example, expensive capital assets such as production machines will be retrofitted with technology that allows them to be connected to corporate networks. But they were typically built without the sophisticated measures to afford cyber-protection, or have operating systems that are incompatible with current cyber-security products. All these factors make manufacturers’ industrial control systems particularly vulnerable to cyber-attack.

Physical damage
Physical damage arising from cyberattacks has to date been relatively rare. Early high-profile events, such as claims that Russians hacked into U.S. water treatment facilities to damage pumps, or the Israeli-U.S. ‘Stuxnet’ attack on Iran’s nuclear centrifuges were believed to be state-sponsored.

One of the most underestimated threats to manufacturers is the rogue employee, disillusioned with their employer or falling victim to blackmail. One such attack involved a German steel mill.

online pharmacy aricept with best prices today in the USA

Hackers, thought to involve a rogue employee, took over its industrial control systems via its enterprise system, preventing employees from shutting down a blast furnace. This caused irreparable damage to expensive equipment and yet physical damage, as well as bodily injury caused by a cyber event, is typically excluded on most policies. The rise of the hackers-for-hire phenomenon further multiplies potential sources of attack, with competing companies looking to use third parties for corporate espionage, for example.

Stolen Innovation
Other rising areas of threat revolve around the significant non-physical assets residing in manufacturers’ information systems. Cyber theft of intellectual property (IP) has been difficult to insure properly, despite the extraordinary value of items such as the technical specifications of a new product, or the composition of a new pharmaceutical. PwC reports that the number of such thefts, notably of product designs, has doubled.

While competition is a big driver of IP cyber theft, risks such as the loss of income due to stolen IP or the legal pursuit of it are not currently insurable. When you consider the degree to which a manufacturer’s value will be directly linked to their IP, this represents a considerable risk but also one where evidencing and quantifying a loss is very difficult.

Cyber attacks are now identified as the leading cause of supply chain stoppages but supply chain risk is also largely uninsured.

online pharmacy cytotec with best prices today in the USA

Some losses, like business interruption arising from a cyber incident on an IT provider’s network, can sometimes be covered but an interruption caused by a product supplier’s cyber-event typically cannot. Upstream supply risk, associated with liabilities arising from failure to supply goods following an attack, is also difficult to insure.

Market developments
According to research by consultancy BDO USA, 92% of manufacturers cited cyber-security among their top 10 risk concerns in 2016, up 44% from 2013. Another study, however, found only 8% of manufacturers “very confident” in their ability to prevent an IT breach.

This rising risk issue demands action from all parties.

online pharmacy imuran with best prices today in the USA

Manufacturers must invest further in heightened security and control for their operating technologies, while cyber insurance specialists must continue to develop further sophisticated solutions to more effectively transfer manufacturers’ unique exposures. Insurance carriers are starting to work together more effectively across lines to more sufficiently underwrite the complex cyber risks facing the sector. Failure to respond to this new era of cyber threats and vulnerabilities will leave manufacturers exposed to reputation and physical damage, bodily injury, severe business interruption, loss of intellectual property, and significant financial loss.