Filed Under:Carrier Innovations, Information Security

Insurance experts: WannaCry calls for tougher cyber security

Experts encourage agents, brokers and consumers to strengthen their tech security skills

"It is of utmost importance that cybersecurity ... be a top priority of businesses and organizations large and small," Michael Kaiser, executive director of the nonprofit National Cyber Security Alliance in Washington, D.C., said Monday in a prepared statement about the global WannaCry ransomeware virus. (Photo: iStock)

In what now seems like a foreboding example of premonition, Kansas Commissioner of Insurance Ken Selzer on Thursday released a shortlist of tips that his office intended to help individuals and businesses protect themselves against identity theft or a cyber attack.

Related: No business is totally safe from cyber attacks

"It is important that cyber vigilance begins at home," Commissioner Selzer said in his May 11 statement. "Knowing some common-sense precautions can keep you and your personal information safer."

One day later, international hackers unleashed the WannaCry ransomware program, which demands $300 from the user of an infected computer or device in order to restore its data. As the virus spread over the weekend, insurance agents, brokers and consumers braced themselves for a major Monday-morning tech headache.

Related: AIG ranks financial services as most vulnerable to mega-cyberattack

Good reason to worry

White House Homeland Security Adviser Tom Bossert said Monday that 150 countries and more than 300,000 people were affected by the WannaCry attack, which revealed a vulnerability already known to cyber security experts worldwide.

"Law enforcement, IT professionals, consumers, business, and the public sector all have responsibility to act to keep enabling the good that the Internet brings," Kathy Brown, president and CEO of the Internet Society (ISOC), said in a press release Monday. "We have a shared responsibility to collaboratively get this under control."

Brown hoped to draw attention to recent survey results compiled by the ISOC along with the Centre for International Governance Innovation (CIGI) and the United Nations Conference on Trade and Development (UNCTAD). Their Global Survey on Internet Security and Trust found that "most people are ill equipped to deal with ransomware."

What’s more, researchers determined that 6 percent of people worldwide have already been impacted by malware, and nearly twice as many know someone who has been victimized by a cyber attack.

Roughly one in four people interviewed for the survey said they would "have no idea" what to do if their computer or device were targeted by malware or ransomware.

Related: 5 key takeaways from NTT Security's 2017 Global Threat Intelligence Report

"Ransomware attackers have discovered that they don't have to steal or destroy your data to enrich themselves, they just have to hold it hostage," Fen Osler Hampson, distinguished fellow and director of Global Security at CIGI, said in a prepared statement. "Our survey data shows that many people are willing to pay to get their data back, which makes such attacks highly profitable."

Continue on...

Roughly one in four people "have no idea" what to do if their computer or device is targeted by ransomware. (Photo: iStock)

Roughly one in four people "have no idea" what to do if their computer or device is targeted by ransomware. (Photo: iStock)

Widespread vulnerability

"In the US alone, 63% of firms reported experiencing a cyber incident in the past year, and 47% said they had two or more," said Dan Burke, cyber and technology product head at Hiscox USA. The Hiscox Cyber Readiness Report 2017 surveyed more than 3,000 businesses in the U.S., United Kingdom and Germany on their cyber preparedness. Researchers concluded that last year alone, cyber crime cost the global economy $450 billion.

"Larger companies (250+ employees) had a somewhat higher risk, with 72% reporting one or more incidents, compared to 60% of smaller firms (less than 249 employees)," Burke said a press release.

Scary wake-up call

"When we see whole systems like the National Health System in the United Kingdom directly targeted, it reinforces how dependent we have become on our data-driven networks," Michael Kaiser, executive director of the nonprofit National Cyber Security Alliance in Washington, D.C., said in a statement about the WannaCry event. "It is of utmost importance that cybersecurity of those networks be a top priority of businesses and organizations large and small."

Speaking in terms of "cyber hygiene," Kaiser recommended the following urgent cybersecurity steps:

  • Keep clean machines: Prevent infections by updating critical software as soon as patches or new operating system versions are available. This includes mobile and other internet-connected devices.
  • Lock down your login: Strong authentication — requiring more than a username and password to access accounts — should be deployed on critical networks to prevent access through stolen or hacked credentials.
  • Conduct regular backups of systems: Systems can be restored in cases of ransomware and having current backup of all data speeds the recovery process.
  • Make better passwords: In cases where passwords are still used, require long, strong and unique passwords to better harden accounts against intrusions.

Insurance and the financial services sector are among the industries most vulnerable to cyber attacks. Consider the following chart compiled by Statistica, the internet research agency, which shows the industries that tend to be targeted by malware or ransomware, and what shape these attacks might take.

Infographic: Ransomware: Who's Affected & Why | Statista You will find more statistics at Statista.

Continue on...

Insurance and financial services are especially vulnerable to cyber attacks. (Photo: iStock)

Insurance and financial services are especially vulnerable to cyber attacks. (Photo: iStock)

Insurers survey WannaCry impact

In its summation of the impact the WannaCry attack could have on insurers, the cyberinsurance and risk management company Cyence determined that direct ransom costs could be about $10 million. But executives worried that the deeper impact will be felt by the attack’s business interruption, which could cost companies approximately $8 billion.

"Cyber insurance policies would respond to this event, but there are a few factors which will limit insurer’s ultimate exposure," Cyence executives said in a prepared statement. "Cyber insurance policies have retentions/deductibles that are typically at least few thousand dollars.  Since WannaCry’s demand is only $300, this cost would be borne by the insured — not the insurer."

Related: How risk modeling propels the cyber insurance market forward

The best defense...

The best defense in a good offense. With that in mind, here are the 10 tips that Kansas Insurance Commissioner Ken Selzer released to the public last week:

  1. Set strong passwords and don’t share them with anyone. Set them with at least eight characters, including letters, numbers and symbols.
  2. When using unfamiliar websites, be sure the URL begins with "https." The "s" at the end indicates it is a secure site.
  3. Keep your operating system, browser, and other critical software optimized by installing updates, including antivirus and anti-spyware updates.
  4. Maintain an open dialogue with your family, friends and community about Internet safety. Let them know you take it seriously.
  5. Limit the amount of personal information you post online, and use privacy settings to avoid sharing information widely.
  6. Be cautious about what you receive or read online — if it sounds too good to be true, it probably is. Also, if a message sounds out of character for the sender, or includes nothing but a link in the body of the email, it may be suspicious. Check with the person who purportedly sent you the message to make sure it is legitimate.
  7. Cyber attackers often take advantage of current events to conduct "phishing" attacks, where they will attempt to obtain personal information by posing as a trustworthy organization. Verify the legitimacy of the organization’s request by contacting the company by another means.
  8. Limit the type of business you conduct on public Wi-Fi networks. Don’t do your online shopping from an internet café. Do business with credible companies, and devote one credit card with a small credit line to online purchases.
  9. Password-protect your smart phone.
  10. Finally, and maybe most importantly, check your homeowners or identity theft insurance policies for the level of coverage you have in case of a cyberattack on your devices.

"The continual increase in cyber traffic means that home computer networks and smart devices are more vulnerable" than ever, Selzer said. "We need to be vigilant in making sure our personal information is kept secure."

See also:

Move, countermove: The best way to fight ransomware

Data breaches in 2017: No relief in sight

Businesses and their insurers face threat from ransomware

Featured Video

Most Recent Videos

Video Library ››

Top Story

6 behaviors that could spawn a sexual harassment lawsuit

Sexual harassment scandals loom large among the events that shaped 2017.

Top Story

2017's 10 most hazardous toys

The Boston-based nonprofit World Against Toys Causing Harm, Inc. (W.A.T.C.H.) has released its annual list of the 10 worst toys of 2017.

More Resources

Comments

eNewsletter Sign Up

Carrier Innovations eNewsletter

Critical news on the latest tech solutions, information security, analytics and data tools and regulatory changes to help decision-makers at insurance carriers keep their business thriving – FREE. Sign Up Now!

Mobile Phone

Advertisement. Closing in 15 seconds.