Friday, May 20, 2022

This Week in Ransomware – Friday, April 29, 2022

Companies are looking to cybersecurity insurance to mitigate ransomware losses, but cyber insurance may not be a panacea. Insurers may refuse a claim if companies don’t take steps to ensure that that they have adequate defences in place.

Cyber Insurance often falls short – Telus Report

Forty per cent of Canadian companies indicated that they have cybersecurity insurance that covers a ransomware attack, according a recent Telus study. The study further reports that organizations that have experienced attacks in the past 12 months are more likely to have cyber insurance.

Yet the study also found that cyber insurance does not always pay out. It notes that eight per cent of companies did not receive any payout at all, and that nine per cent were still waiting for their payment. Further, although 79 per cent of companies that filed a claim received a payout, coverage for 28 per cent of these companies was dropped.

Sourced from the study which can be downloaded from www.telus.com/RansomwareStudy. (Registration required)

Fewer insurers offering cyber coverage and coverage is harder to get

Cybersecurity coverage may also be harder to get for many companies, according to a report featured in IT World Canada this week. Most, if not all companies who provide cybersecurity insurance are experiencing losses. Canadian Underwriter reported that in the first eight months of 2021, companies took in $96 million in premiums, but received claims for $106 million. Inevitably, losses like this would result in higher premiums, more scrutiny on claims and in some cases, refusals to insure companies that were perceived to be at high risk.

Almost half of the respondents in a study cited in the IT World Canada article said cyber insurance policies are now more complex than they were in the past, 37 per cent noted that it was taking longer to get coverage, and for those who can get it, it’s more expensive.

The positive news was that the increased scrutiny by insurers may be forcing companies to take cyber security more seriously. Ninety-seven per cent of respondents said that they made improvements to their cyber defences to improve their cyber insurance position.

The bad news is that it remains harder to find insurers offering cyber coverage. Forty per cent of respondents said fewer companies are offering cyber insurance.

Sourced from an article in ITWorldCanada

Are companies making it too easy for ransomware attackers?

Despite the increase in ransomware attacks and the known costs, a report this week noted that vulnerabilities dating back as far as 2018 are still being exploited by threat actors. The report is from cyber intelligence agencies in Canada and its Five Eyes allies.

The report lists the top 15 vulnerabilities used to gain access to IT systems in organizations that had not patched their software.

Of those 15, one dates back to 2018 (CVE-2018-13379), a path traversal vulnerability that affects security appliances running Fortinet’s FortiOS and FortiProxy; one dates back to 2019 (CVE-2019-11510), a vulnerability that allows arbitrary file reading in Pulse Secure’s Pulse Connect Secure VPN; and two date back to 2020 (one is the Zero Logon vulnerability for Windows, while the other is for Microsoft Exchange).

Many of the remaining vulnerabilities that the report identifies have been known for months. Further, the report states, “their continued exploitation indicates that many organizations fail to patch software in a timely manner and remain vulnerable to malicious cyber actors.”

Patching software is only one of the basic steps to make it tougher for ransomware attackers to gain access. The Telus study quoted earlier has a complete list of ransomware defences that should be in place. Failure to execute on these basic steps may make it difficult to obtain cyber security insurance and could invalidate existing coverage. Companies should read their policies carefully to ensure that they are taking all of the steps necessary to ensure their coverage remains in force.

Sourced from article in IT World Canada

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication. Click this link to send me a note →

Jim Love, Chief Content Officer, IT World Canada
Jim Love
Jim Lovehttp://www.changethegame.ca
I've been in IT and business for over 30 years. I worked my way up, literally from the mail room and I've done every job from mail clerk to CEO. Today I'm CIO and Chief Digital Officer of IT World Canada - Canada's leader in ICT publishing and digital marketing.

Related Tech News

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.