Traditional approaches to ransomware will not protect your business – or your customers
Most insurance firms already have cyber defences in place, backed by disaster recovery solutions. Some think that this is enough to protect against the growing threat of cybercrime. But as threats become more sophisticated and damaging, these traditional defences are no longer able to keep pace with the cybercriminals.
Insurers face a double challenge
The very real threat of cybercrime is forcing businesses across all industries to change the way they defend themselves. In addition to technical safeguards, there is an increased uptake of cyber insurance, creating a knock-on increase in workload for providers.
At the same time, insurers themselves are at significant risk of attack. The amount of hugely sensitive, valuable data now collected and stored by insurance firms, makes them an attractive target for cyber criminals. The whole sector has been embracing digital transformation projects to keep pace with customer expectations, creating more potential attack surfaces in their data and infrastructure. They have also been building closer working relationships with partner companies and third parties, again increasing risk.
Unsurprisingly, the insurance sector has seen an increase in the number of attempts by cyber criminals to gain access to key data and infrastructure. One of the main threats facing the insurance industry is ransomware attacks.
The insurance sector is facing a double challenge from cybercriminals – customer demand for new cyber insurance products and the protection of their own corporate IT systems Share on XRansomware and the insurance industry
Cyber criminals are using increasingly sophisticated approaches to gain access to data and infrastructure. Phishing and malware attacks have proven to be particularly effective. And once the criminals have access to the data, they are often free to roam infrastructure unobserved, identifying key data deposits and taking what they want, when they want.
The Cost of a Data Breach Report 2021 found that it takes an average of 287 days to identify and contain a data breach. During this time the criminals are identifying the key data and information that holds the most value or has the potential to do the most damage to the targets.
Once the data is in their possession criminals are not only selling it, but they are increasingly holding it to ransom. The Hiscox Cyber Readiness Report 2021 found that one in six firms (16 percent) was targeted with ransomware, of which, and most disturbingly, over half (58 percent) paid the ransom. It found that phishing attacks were the most common entry point and that the cost of recovery from a ransomware attack was almost as high as any ransom paid (making up an average of 45 percent of the overall cost).
Cybersecurity remains important, but cyber resilience is now critical
Faced with increasing security threats, many of the tools currently utilised by firms are no longer effective enough to ensure that businesses can recover in the face of a successful hack. Cyber resilience is now a key tool for insurance firms ensuring they can continue trading effectively, before, during and in the aftermath of a cyber-attack.
Cyber resilience solutions differ substantially from cybersecurity tools. Cybersecurity tools focus on protecting companies from cyber-attack, making it as difficult as possible to get through. Firewalls, anti-phishing and anti-malware solutions are effective, but an over reliance on these tools means that many insurers erroneously assume they are completely secure, underestimating the sophistication of modern attacks.
Instead, the focus must shift towards mitigating the effects of a breach when the worst happens. Cyber resilience helps organisations protect against cyber risks and limits the impact of any damage and ensuring operations can continue almost normally.
Disaster Recovery vs cyber resilience in the insurance sector
Insurers will need to add cyber resilience to their DR and cybersecurity provisions to create a more robust defence against operational disruptions like ransomware. This will allow them to better recover from a specific, destructive cyber-attack which is a very different proposition from traditional scenarios like a power surge, a flood, fire or similar event.
Backup and DR solutions were never designed to minimise production exposures or to avoid the resulting negative business impacts. The cyber resilience tool kit adds cyber recovery capabilities to your provisions, using an isolated, operational air gap for data vaulting that cannot be overwritten or accessed by hackers.
DR simply takes a copy of all data pushed from your infrastructure and places it in a data centre. In contrast, cyber recovery intelligently identifies your business-critical data and claims it, storing an accurate, immutable copy in the air-gapped data vault. This data is then inaccessible to criminals who might gain access to your infrastructure.
The way data is collected also means that the silo is only open for the split second it needs to collect identified data. With DR, the portal is almost constantly open, offering cybercriminals an easier route in.
Resilience within the insurance sector
By increasing resilience, insurance firms have been able to continue operations through uncertain times. This resilience should now be extended to protecting data, which is more valuable and sensitive than ever before.
By using cyber resilience tools alongside existing DR and cybersecurity solutions, insurance firms know that they are building more resilience into their business. Cyber resilience helps to keep cybercriminals out and ensures that their most business-critical data is safe. This then allows companies to continue working in spite of a successful attack, mitigating damage to infrastructure, reputation, and finances.
For more information read more on cyber resilience.