Failing to follow basic security controls is the prime reason why security losses by organizations are increasing in frequency and severity, says a cyber insurance company.
In a report released this morning (registration required) that looks at claims for the first half of this year, Coalition Inc. says no-cost and low-cost controls such as multifactor authentication and routine out-of-band backups would have eliminated a majority of losses organizations experienced.
“Although the number of cyber attacks hasn’t increased dramatically, their rate of success has,” the report points out. In a part that talks about the moves IT has made to their networks to enable remote working during the COVID-19 pandemic, it says ” cybercriminals are actively using this to their advantage.”
Coalition has over 25,000 small and midsize customers in the U.S. and Canada. The report looks at claims from its customers, claims made by applicants to Coalition for coverage, and general claims data from the U.S.-based National Association of Insurance Commissioners.
About 1.8 per cent of Coalition customers (or about 450 firms) made claims in the first half of the year. That was up from 1.5 per cent for all of 2019.
Out of forty-one per cent of claims related to ransomware, 27 per cent were due to fraud in the transfer of money and 19 per cent were related to email compromise.
In terms of attack technique, 54 per cent of claims-related attacks came through email, 29 per cent through remote access, six per cent through social engineering, three per cent through brute force attacks, and another three per cent through a third-party compromise.
“We’ve seen a sharp increase in ransom demands over the past quarter as threat actors have exploited COVID-19 and changes in company operating procedures,” says the report. “Although the frequency of ransomware claims has decreased by 18 per cent from 2019 into the first half of 2020, we’ve observed a dramatic increase in the severity of these attacks. The ransom demands are higher, and the complexity as well as the cost of remediation is growing. The average ransom demand amongst our policyholders increased 100 per cent from 2019 through Q1 2020, and increased another 47 per cent from Q1 to Q2 2020” to US$338,700.
Funds transfer fraud, including email and voicemail attacks, increased 35 per cent since the start of the pandemic. Reported losses have ranged from the low thousands to well above $1 million per event. In fact, business email compromise (BEC) alone was the initial point of entry for 60 per cent of the claims reported to Coalition.
“Criminal hackers are taking advantage of changes in behavior as organizations respond to the dislocations caused by the COVID-19 pandemic to increase their success rates,” says the report. “For example, it is common to see social engineering attempts where a criminal actor asks for payment to a fraudulent ACH (automated clearing house) instruction due to the closure of an office or ability to receive mailed checks. The recipients of these requests, believing the request to be legitimate given the circumstance many businesses find themselves in, often don’t think twice.”
Most incidents and security failures — particularly the ones targeting small businesses — are preventable, says the report, and don’t cost a lot. The top five mitigations organizations should employ are multi-factor authentication, use of a password manager, secure and routine backups, implementing basic email security measures (such as DMARC), and an anti-phishing solution and wire transfer verification.