The speed at which the recent global cyber-attack has managed to sweep across 150 countries has been astonishing. This highly aggressive ransomware campaign, known as WannaCry, could affect any size of company, within any industry, at any time.
In the last 24 to 36 months we’ve seen an increase in automated ransomware which is becoming highly commoditised. This ‘pile it high, sell it cheap’ model is relatively easy to create and can easily be replicated from machine to machine. The WannaCry hackers are demanding $300 to release files per infected computer and the estimated result of the ransom paid so far is $36k. And there’s still concern over a second wave of attacks.
Phishing emails have become increasingly sophisticated around big dates such as self-assessment tax deadlines. Then we have what’s known as ‘drive-bys’ whereby an unwitting victim visits a website containing malicious code which is then downloaded silently in the background.
How cyber threats are changing
As the world becomes more hyper-connected, the cyber security risk increases every day. The cyber threat is constantly moving and the types of threat are changing as fast as the technology. Businesses are increasingly relying on cloud computing which creates a single point of cyber security failure.
There is a fine line that businesses need to tread between harnessing technology to give a competitive edge while being mindful of the increased security risks that comes with that. So if you decide as a business to hold more data to improve your services or to move to a cloud environment then you really need to make sure you have appropriate security measures in place.
Then the huge explosion in the Internet of Things creates more end points – i.e. routes in – for hackers. The inventiveness of hackers knows no bounds. The Mirai botnet last year, for instance, took over an army of webcams and modems that disabled vast tracts of the internet. More recently it was discovered that a ‘smart’ doll named Cayla had a security weakness that could allow hackers to use it to steal personal data.
We’ve also seen many incidences in which hackers take customer data and look to ransom it back to them such as the recent breach of David Beckham’s email security.
What steps can you take to protect your SME right now?
It is a sad state of affairs that it takes an event like this, where emergency operations and GP appointments have to be cancelled, to highlight the need for better risk management practices. In the 2017 Cyber Readiness Report, we conducted a study of 3000 companies in the UK, US and Germany that showed that more than half (53%) of businesses are ill-prepared to deal with a cyber-attack.
I think what all businesses need to do now, if you haven’t already, is understand and analyse your risk, and then put sound processes in place. You’re especially at risk if you’re running your business using unsupported operating systems such as Windows XP and obsolete equipment.
There are definitely budget constraints for SMEs and also having the time to improve cyber security. However, everytime we investigate commercial cyber security in the UK, we’ve found in our that the financial impact of a cyber-attack is disproportionately high for SMEs compared to larger companies. So here’s what you can do right now to protect your business:
1. Good backup procedures to aid recovery – if all your files are encrypted it’s much easier and quicker to restore them.
2. Patching – Microsoft have released patches for Windows XP and other older versions of Windows so make sure you install all updates available and keep them up-to-date
3. Regular phishing training for your staff – accidental clicks on infected emails are the most common entry points for hackers
Longer term, think about the strategies you could put in place which we’ve highlighted in six low-cost steps to make your SME cyber secure.
Other good sources of information include the National Cyber Security Centre’s Protecting your organisation from ransomware guide,Cyber Aware’s Protect your business and Hiscox’s own Cyber Security FAQ Guides.
How can cyber insurance cover help SMEs who suffer a cyber-attack?
Our main focus is to get customers up and running as soon as possible after a cyber-attack. We have a 24-hour, 7 days a week customer claims line. We provide immediate incident response as very often the speed of response can mitigate the impact on a business. The sooner we can be in, and helping out, the better.
We work with teams of specialists who can parachute in to businesses to help in any scenario. If your data has been encrypted, the best practice recommendation is to restore from backup which more often than not resolves the issue. This is why it’s so important to have solid backup procedures.
Ultimately data is the lifeblood of many organisations and most businesses these days can’t function without it. If restoring from backup doesn’t work we may need to take more extreme measures to recover critical data. In which case, we may need to:
- Negotiate with hackers – the security specialists will assist with the negotiation.
- Buy a decryption key – the specialists test it in a quarantined environment and make sure it doesn’t contain another payload of malicious software though we rarely see 100% functionality returned after a key is deployed
- Notify customers because of stolen data caused by ransomware – we’ll also notify others as needed such as IT forensics, privacy specialists, lawyers, and regulators
We’ll also deal with any liabilities after an event. And our specialists will make sure your backup procedures are sufficiently robust.
What does our Hiscox cyber and data risks insurance cover?
Insurance is one of the areas that can help to minimise the risk to a business along with having good security procedures in place.
It’s important to realise that financial implications for your business go beyond the cyber-attack. So our UK policy covers loss of income including loss by damage to reputation.
Our cyber cover is set up to be broad enough to pick up the losses that a company suffers from many different types of cyber-attack, not only ransomware. We cover:
- Cyber extortion – expert fees to investigate the situation as well as reimbursement of the ransom
- Hacker damage – the costs to repair and reconstitute computer systems, programmes and data
- Cyber business interruption – increased costs of working and loss of income due to being unable to use computer systems, programmes or data
If you want to continue reading, you can find more information on what cyber insurance covers in our FAQ guide.
In the past few days I’ve been asked frequently how I think the WannaCry ransomware campaign will affect insurance and organisations such as the NHS. I’m not sure the NHS has blanket cyber insurance as they wouldn’t buy cover as a single entity, more as individual trusts. So they’ll need to show that they have the risk well-managed, and to have an assessment by security specialists on any software that’s no longer supported, just as any other business would that was facing this scenario.
The impending GDPR regulations next year and businesses’ increasing reliance on new technology, coupled with this global ransomware attack and the ensuing media coverage are all likely to drive the demand for cyber insurance as one of the mechanisms for business to protect themselves.
Find out more about our Hiscox cyber and data risks insurance