Paying ransoms to online criminals increases the growing cyber threat
Just as paying kidnappers is widely outlawed, with people understanding that doing so encourages more crime of this nature, bending to the ransom demands of online criminals will also fuel bigger and more prevalent ransomware attacks in the future.
That is the view of Adrian Guttridge, general manager, global business process services (P&C, F&A), at Xchanging, who warns that insurers should also take steps to avoid becoming the victims of such attacks themselves.
“Insurers are on the front line protecting customers from cyber crime, but as hacking becomes more organised and widespread, the pressure grows to ensure insurance companies do not fall victim themselves,” he said.
“We are in an era of industrialised cyber attacks. The stereotypical computer geek in his basement breaking into companies to impress likeminded people has been replaced by criminal groups more likely to employ highly skilled, low-wage labour in countries such as Estonia, the Ukraine or China to commit large-scale cyber breaches.”
He added that the techniques used by cyber criminals have become increasingly sophisticated and difficult to detect, such as the use of ransomware to steal information, cause reputational damage or extort money.
He gave several examples of organisations that have found themselves in a difficult position when criminals have hacked into a computer system and demanded money in exchange for the return or decryption of the company’s files.
In February 2016, Hollywood Presbyterian Medical Center was the target of a ransomware attack when it was locked out of its electronic health record systems for a week while it negotiated with the criminals.
“Patients’ lives were at risk, and the centre ended up paying the attackers $17,000 in bitcoin,” Guttridge said.
Also earlier this year, cyber thieves targeted Bangladesh’s central bank and tried to steal $1 billion. The criminals used stolen credentials to make requests to transfer cash appear legitimate.
“If these requests had gone unchallenged, the bank would have lost around $1 billion,” he said.
“Nevertheless, the cyber thieves are believed to have got away with about $80 million—one of the largest known bank robberies in history.”
In 2015, the number of businesses across the globe that reported being the target of ransomware scams increased by almost 170 percent, according to some estimates, but Guttridge noted that many incidents go unreported. Ransom demands can be quite small since the hacker’s objective is to infect as many computers as possible and to be paid off quickly.
He notes that the use of bitcoin instead of traditional currency has supported the proliferation of these attacks as cyber criminals can extort funds through anonymised transactions without being traced.
“These developments make the challenge of understanding clients’ exposures to cyber risk more challenging. However, insurers and underwriters must prioritise their own cyber security, particularly given that the vast amounts of client data they hold makes them attractive targets to criminals,” he said.
Already registered?
Login to your account
If you don't have a login or your access has expired, you will need to purchase a subscription to gain access to this article, including all our online content.
For more information on individual annual subscriptions for full paid access and corporate subscription options please contact us.
To request a FREE 2-week trial subscription, please signup.
NOTE - this can take up to 48hrs to be approved.
For multi-user price options, or to check if your company has an existing subscription that we can add you to for FREE, please email Elliot Field at efield@newtonmedia.co.uk or Adrian Tapping at atapping@newtonmedia.co.uk
Editor's picks
Editor's picks
More articles
Copyright © intelligentinsurer.com 2024 | Headless Content Management with Blaze