Risk & Business Magazine Mooney Insurance Fall 2015 | Page 30

Digital Extortion and Ransomware Cybercrime on the Rise BY: KEVIN LEA, B.COMM, CIP, CAIB, CRM, ACCOUNT EXECUTIVE, ROGERS INSURANCE LTD. protect themselves from these types of losses. Just like with property crime, criminals will choose to target the easiest, most vulnerable victims, and will often leave more difficult victims alone. In order to protect themselves, organizations and individuals should follow best cyber security practices, including: ensuring all system firewalls and anti-malware software are patched to latest versions, having a cyber security and safe email / browsing policy (and testing employees on a random basis to ensure it is being followed), backing up data regularly, and ensuring that cyber risk is continually monitored as the organization grows and evolves. I n a new twist on a very old strategy, cybercriminals are increasingly turning to the direct hijacking and ransoming of personal and corporate computer systems for quick, efficient profit. Instead of stealing data (such as customer information or credit card details), cybercriminals are now using malicious software known as “ransomware” to remotely hijack computer systems and lock out all users. When the user logs in, all they are able to see is a pop-up containing a phone number or email to contact in order to have the system released. When the user contacts the hijackers, they demand payment, usually based on the size of the system and the ability to pay of the victim. These payments can range from a few hundred dollars to upwards of tens of thousands of dollars. Once the victim sends payment to the hijacker via wire, credit card or money transfer, the system is released and the victim can resume using the computer normally. Of course, this does not permanently erase the threat. Once cybercriminals know a victim will pay, and pay quickly, they will often choose to target the same 30 systems over and over again. This can have a debilitating effect on the system integrity and financial wellbeing of the target. In addition to the direct ransom consequences, there are also other impacts, as cybercriminals sophisticated enough to control entire systems from afar can also easily steal customer and financial data while the network is under their control. This can lead to future damage to both the targeted organization and its customers and suppliers, but will also likely trigger mandatory reporting under privacy breach legislative requirements, causing further financial burden and reputational damage. Similar to ransomware, digital extortion is also on the rise. Instead of hijacking the system, cyber extortionists either attack the system to render it unusable (such as a distributed denial-ofservice (DDoS) attack), or threaten to release previously stolen customer data unless payment is made. This can lead to similar consequences. Although cybercriminals are crafty and continually evolving, there are steps that organizations can take to RISK & BUSINESS MAGAZINETM FALL 2015 Of course, enterprise level security practices are not always enough to stop these types of losses. In order to protect from more serious loss scenarios, it is a smart idea to carry a Cyber Insurance policy that provides coverage for cyber extortion, cyber ransom and other cybercrime events. This insurance not only provides coverage for losses as a result of these attacks, but it also typically includes the support of cyber recovery and data protection services (such as IDT911) at no additional cost. These types of services can be a lifesaver in critical data protection situations. Annual premiums for Cyber Insurance typically start around $300 and increase from there, depending on the level of coverage required and the risk characteristics of the policyholder. Fortunately, many insurers now offer this coverage, so the market is competitive and Cyber products are continually improving. In order to ensure the right coverage is in place, it is important to work with an independent broker who specializes in this type of coverage, such as Rogers Insurance. Rogers is happy to answer any questions our clients or prospective clients might have, so do not hesitate to reach out for further info.