Data breaches can devastate businesses and their customers, exposing sensitive information such as social security and credit card numbers. In light of the recent surge in security incidents, the privacy commissioner of Canada has recommended that businesses purchase ransomware insurance. The rationale was that ransomware insurance would cushion businesses from an attack's fallout.
Why is ransomware insurance important?
Ransomware is malware that blocks access to computer files until the owner pays a ransom. The ransom may be in the form of money or other valuable data. Ransomware is destructive as it encrypts all data on a computer and makes it inaccessible until the system owners agree to pay the ransom. In some cases, the ransomware may also delete files.
The use of ransomware has seen a sharp increase in the past few years. In 2016, reports indicated that ransomware was in play in over 50 countries. In 2017, the number of countries affected jumped to over 150. While there is no apparent reason for the rise, researchers believe the jump may be related to the popularity of phishing attacks and the use of exploit kits to spread malware.
There are several ways to protect yourself from ransomware threats. These include:
Installing antivirus and firewall software
Be wary of suspicious links in emails from untrusted sources
Changing passwords regularly and updating your computer with the latest security patches
Businesses operating in sensitive sectors will benefit significantly from ransomware insurance. While an insurance deal helps the companies recover faster, it cushions them from costly litigations. Since companies must adhere to cybersecurity standards to become eligible for insurance, their efforts toward compliance also reduce the chance of regulatory intervention.
How does ransomware work?
Ransomware infection begins when a user visits a malicious website or downloads an infected file. Once installed on a computer, ransomware encrypts all files with an RSA 2048-bit key, making them inaccessible to the legitimate user. Victims receive the decryption key only after they pay up.
What are the benefits of ransomware insurance?
The benefits of ransomware insurance include the following:
Quicker attack resolution and financial compensation to the affected business
Protection against potential lawsuits from victims
The likelihood of an attack reduces since companies must incorporate stringent security measures. Most insurance providers impose strict compliance standards on businesses before offering them coverage.
The businesses seeking insurance coverage must toe regulatory guidelines, assess their environment, find vulnerabilities, and fix them to get insurance coverage. Insurers insist that companies have a robust mitigation plan and a clear action plan against cyberattacks before offering them cover.
The commissioner's recommendations
Here are the salient points of the recommendations made by the commissioner:
Create a robust governance framework for accountability by forming a privacy and security governance committee comprising top executives responsible for information technology, legal services, access, and privacy.
Formalize accountability measures through an information security policy. This policy should define roles and duties, as well as reporting systems and standards for implementing technical, administrative, and physical protections.
Implement data protection safeguards through internal processes and continuous assessment.
Ensure that all third-party service provider contracts give the same protection as internal methods.
The privacy commissioner advises companies to implement solid cybersecurity programs to prevent threats. A factsheet provides a detailed summary of recommended cybersecurity practices. Notably, a company should:
Gain a comprehensive understanding of its information holdings, including their sensitivity and volume. Organizations need to know which workers or service providers have access to information and where it is stored.
Implement email security measures, decrease the number of pathways an attacker can use, and scan the network regularly to prevent and detect attackers' methods of gaining network access.
Restrict user access and authorizations. Give role and activity-based privileges and monitor use.
Utilize data loss prevention tools to monitor, log and block erroneous file transfers to unknown destinations or known file upload sites. Perform regular offline backups.
Enterprises should be aware of the data and privacy obligations in the jurisdictions they operate, as these may vary. For example, organizations subject to the federal Personal Information Protection and Electronic Documents Act must report breaches per these legislations.
Packetlabs can help your company meet the regulatory standards needed for ransomware insurance. Our penetration testing services equip you to identify and fix vulnerabilities, making the chances of approval stronger. Get in touch with us to learn how to raise the chances of acceptance by improving your security posture.
Ransomware Penetration Testing
Ransomware penetration testing evaluates the preparedness and risk of a ransomware attack. In addition to a complete analysis of the security program against the Cybersecurity Framework Profile for Ransomware Risk Management (NISTIR 8374), and a technical assessment of security controls, a full penetration test is conducted to measure the robustness of your systems.