There has been plenty of news over the last year about how COVID-19 has accelerated problems in workers' compensation and other standard lines of insurance, but one of the most significant pandemic-related challenges has been an increasing number of cyber attacks and the resulting impact on underwriting and increased accumulated risk exposure. (Photo: daniilvolkov/Adobe Stock) There has been plenty of news over the last year about how COVID-19 has accelerated problems in workers’ compensation and other standard lines of insurance, but one of the most significant pandemic-related challenges has been an increasing number of cyberattacks and the resulting impact on underwriting and increased accumulated risk exposure. (Photo: daniilvolkov/Adobe Stock)

Not long ago, insurers engaged in cash flow underwriting for cyber policies, writing at lower rates to collect premiums because it wasn’t viewed as the volatile and catastrophic line of business it is today.

The COVID-19 pandemic has contributed to a hard market that’s increasing premiums. But it’s more accurately a recalibration of cyber risk assessment.

The FBI reported a 400% increase in cyberattacks in 2020. Many insurers are focused on ransomware (and with good reason), but work-from-home (WFH) has created other vulnerabilities that collectively could lead to claims damages higher than a single ransomware attack.

What follows is a look at the main software and application categories that increased during remote work and the vast implications for user privacy, corporate cybersecurity and cyber insurance.

Video conferencing or vulnerable conferencing?

Although there is optimism, we are nearing the end of COVID-19, remote and hybrid work is here to stay for the long-term, and so is the reliance on video conferencing platforms such as Zoom, Webex, Microsoft Teams.

Zoom took the lion’s share of growth during COVID-19, hosting 300 million meetings in a single day.

For all the convenience of virtual meeting platforms, they open vulnerabilities and pose risks for financial, government institutions, or major enterprises. Everyone knows about “Zoom Bombing” as a prank or disruption, but a malicious actor can gain access to sensitive information, personally identifiable information (PII), and leak call’s content and video to outside sources.

It also didn’t help that Zoom claimed they were end-to-end encrypted when they weren’t. Criminals can use the chat to send phishing links and leverage session info to send targeted emails that lead to a full-blown ransomware attack.

Multi-Factor Authentication (MFA) still has multiple vulnerabilities

As remote work ramped up, so did the usage of Multi-factor Authentication (MFA) and Two-Factor Authentication (2FA).

According to Yubico and 451 Research, 75% of enterprise security managers plan to increase MFA spending this year, largely to handle the growth of BYOD and WFH employees. Workers require a secure and verified method each time they access company assets or information on the network, beholden to stringent restrictions and guidelines.

But MFA is not a fail-safe approach to protecting company information, as there are numerous ways to bypass it. If the MFA code is between 4-6 numbers, it is susceptible to a brute force attack. Social engineering techniques also have proven effective (i.e., phishing to have the user enter the MFA code on the wrong screen) or session management in which attacks use the password reset function, since MFA often doesn’t kick in after it’s been changed.

Virtual Private Networks and Remote Desktop Protocol

Virtual Private Networks (VPN) and Remote Desktop Protocol (RDP) became popular ways to securely connect to enterprise networks, but they are more vulnerable than some might assume. According to ESET, there was an astonishing 768% increase in RDP attack attempts because of the well-known vulnerabilities on the client and server sides.

The majority of VPNs and RDPs can be entered through brute force attacks that, unlike phishing, require zero participation from the employee to execute. Millions of generic brute force attacks have been aimed at Microsoft’s RDP protocol, and once inside, the attackers can exploit other vulnerabilities to stealthily access computers.

From there, they are able to escalate user privileges for some employees on the network to exfiltrate data and place malware to execute a ransomware attack. Again, these challenges were always present, but in a remote work environment, the opportunities for these attacks grow dramatically — as does the risk.

How can insurers decrease cyber risk exposure?

The frequency of cyberattacks on these technologies and services can lead to increased insurance claims. It’s important that underwriters and risk managers take extra precautions with risk analysis. One way to do this is with an impact-based cyber risk modeling framework that takes into account the financial quantification of the potential damage caused by the attack.

This type of approach assures that models take into account new vulnerabilities and the evolving techniques used to execute these attacks because the desired impact of the attack is already accounted for within the model. Beyond concern over new and future policies, insurers should constantly assess and cross-reference their existing portfolio with updated simulations to understand where they need to consider setting new exclusions or limitations. Exposure trend analysis in cyber insurance has become easier as technology platforms become more advanced and nuanced in displaying these services used by enterprises and understanding how it impacts different loss scenarios.

While cyber insurance once was a very profitable line of business, recent growth in cyberattacks has forced insurers to become highly proactive in limiting provided coverage and in understanding their aggregate cyber risk exposures. Although we are not there yet, there will be a point where regulatory bodies standardize cyber insurance that is known for too many limits, features, coverages, and terms and conditions. For now, the evolving threat landscape means that cyber insurers must take a critical look at their book and prepare to make adjustments as needed to the book composition and coverage provided. Yakir Golan (yakir@kovrr.com) co-founder and CEO of Kovrr.

Yakir Golan ([email protected]) is co-founder and CEO of Kovrr. He started his career in the Israeli intelligence forces. Following his military service, he acquired multidisciplinary experience in software and hardware design, development and product management. For the past few years he has been focused on bringing cyber risk management solutions based on advanced machine learning and artificial intelligence to the market. Yakir holds a BSc in Electrical Engineering from the Technion, Israel Institute of Technology and an MBA from IE Business School, Madrid, Spain.

See also: