Cyber threats continue to evolve rapidly in 2019, and that means the battle to stop and protect against them needs to adapt just as quickly, according to Matt Cullina, CyberScout’s Managing Director – Global Markets.
What’s more, don’t expect to permanently stop cyber attacks anytime soon.
“Everyone can get ready for more targeted attacks that continue to vary, change and evolve because the attackers continue to modify what they’re doing so their success rate stays high,” Cullina told Carrier Management. “If you figure out how to patch something they’ll move to the next attack. The evolving targeted nature of these attacks is the theme we’re looking at for 2019.”
Hackers keep things challenging because they “scale some baseline data so they can learn about your business and home to be smart around the way that they’re attacking,” Cullina said. “They’re getting more sophisticated with multi-pronged attacks so they’re success rate stays [strong].”
Carrier Management asked Cullina questions about the current state of cyber threats and cyber insurance, and his responses are below.
Q: What new threat do companies face from cyber breaches, something they haven’t seen previously?
Cullina: The No. 1 type of threat we’ve been seeing in the past few months is business and household disruption resulting from ransomware attacks. The headlines focus on the big data breaches that expose consumer data, but the real current threats are ransomware attacks on business and homeowner systems that make them unable to operate. These attacks are disruptive. They lock up systems so businesses and homeowners can’t do anything. They’re thinking, ‘Did I do anything proactive? How do I address this mysterious request for money and, as a business, I can’t operate my business or, as a homeowner, I can’t keep my family safe, so I’m handcuffed until I figure this thing out.’
On top of that, social engineering attacks and other threats like wire transfer fraud that lead to financial loss issues continue to be problematic for both companies and households.
Q: How are cyber insurance/cyber security experts responding to cyber threats in ways they have not in the past?
Cullina: Cyber insurance today covers cyber extortion, business interruption, data and financial loss coverage—you can buy coverage for all of these things. Since what I’m talking about [above] has more of a direct threat of financial harm, the insurance can be a transfer of risk to cover those things. The whole idea around cyber insurance is you have to answer tough questions about your business approach to cyber, using the real-time backup of data and consultancy support that comes with cyber insurance. You call the plumber when you have a leak. You call the cyber insurer when you get hit with ransomware because they have the best access to experts with the knowledge to respond to these risks, threats and attacks.
Q: Short of going off the grid, is there a way to become completely safe from cyber threats?
Cullina: It’s critical to have a multipronged strategy to defend your business and your home that involves people, processes, and technology—all those things combined. You’ve got to keep up by responding to threats with a layered approach that involves security experts, strategy and defenses that are continuously modified to respond to the modifications the hackers are making on their end.
Q: Are businesses and families responding well to cyber threats, or are they still falling short?
Cullina: The awareness curve is flattening. But there’s no rest for the wicked or the weary. The reality is constant vigilance and following of best practices have to become part of your daily cyber hygiene. It’s like putting the seatbelt on every time you get in the car. You can’t become overconfident and think you’ve got it covered. Awareness may be up, but the threat vectors are constantly evolving.
As humans, we always search for the most convenient way to get something done. That’s exactly what the other side is looking to take advantage of. Wi-Fi is so easy. All you [have to] do is get that restaurant password. That versus being thoughtful is a real battle. And like a business, you want to be easy to work with. Human nature is ‘okay, sure we got over the hump and now we’re aware’ but we get soft quick.