What Are The Cyber Security Trends For Ransomware And Cyber Insurance In 2022?
The most critical cyber security trend for 2022 will be a general increase in ransomware attacks. This is because they are becoming more profitable for cybercriminals with every cyber attack.
Cyber Attacks and Their Impact on Cyber Insurance
This trend will continue as cyber attacks are a multi-billion dollar industry for cyber criminals and are highly profitable. These attacks are getting more sophisticated and aggressive and resulting in more costly payouts for businesses and insurance companies offering cyber insurance.
The cyber insurance premiums and paperwork to procure a cyber insurance rider for your policy are increasing exponentially. A couple of years back, the paperwork was only one sheet of paper with five check boxes.
Today, the paperwork has become a plethora of questions and requirements before a limited insurance policy rider is granted. Companies need to treat security with an overall holistic approach that encompasses increasing network, website, and building security and adding regular employee cyber security training.
Cyber Attack Trends in 2021
Cyber-attacks have increased over the past 12-months. They are now more advanced and aggressive. According to Check Point, in the first half of 2021, global cyber-attacks increased by 29% as hackers exploited the COVID-19 pandemic and the shift to work-at-home employees. Ransomware attacks have increased by 93% in the last six months due to an innovation in attack techniques called triple blackmail.
Attackers threaten to steal sensitive corporate data, expose it without payment, attack corporate customers and business partners, and demand ransom. 4,444 attacks on the supply chain are also increasing.
For example, the now well-known supply chain attack by SolarWinds in 2021 stands out because of its scale and influence.
Supply chain-based attacks are becoming more popular as attackers access the one-to-many scale.
Instead of attacking a network head-on, it attempts to find vulnerabilities elsewhere by using software from the same manufacturer to attack trusted sources on this network from many networks. The European Union Agency for Cybersecurity (ENISA) predicts that 2021 will have four times as many attacks on the software supply chain a
s 2020. Even the idea of not trusting the legitimate software you buy raises a certain percentage of questions. This supply chain attack isn’t just malicious code attacks with apparent links to threat actors. Now they are worried about whether the software provider’s code is secure.
In some cases, it is also vital that the provider does the right thing.
What did businesses learn from the 2021 cyber attack trends?
The main point is that all companies and government agencies are vulnerable to attacks. Companies can’t and shouldn’t assume that “nothing will happen to you.” There is a saying that 50% of all companies have been hacked. The other 50% are still unaware.
Companies must ensure that their staff is trained regularly, as inadequate security training causes many attacks. Organizations need a proactive hardware replacement cycle that ensures that devices are updated before they reach the end of their lives and that all systems are updated with the latest security patches.
How Can Organizations Avoid Future Cyber Attacks?
Here are five recommendations for organizations looking to avoid cyber-attacks in 2022 proactively:
#1. Secure your hardware
Ensure you are using the latest security patches and complicated passwords are being implemented. Use 2-factor authentication where possible. Also, make sure that you turn on BitLocker device encryption for all your Windows 10 devices and enable to remote-wipe any mobile devices that might be lost or stolen to protect the data it has access to.
#2. Encrypt and Backup data
You need to prevent physical access to sensitive data and render it useless if it falls into the wrong hands. Data encryption is the best “quick fix” for data breaches. If a data breach occurred, the data would be inaccessible.
#3. Performing a network security scan
You should periodically run a network security scan of your network to see what devices are attached and where security holes may reside.
#4. Train your employees
Your employees are one of the weakest security points. Ongoing training is vital to maintain a heightened awareness of cyber threats. Purchase a cyber security training service that will automatically send out fake phishing attempts to test your employees and train them if they fail.
#5. Invest in cyber insurance
If one of the security measures you have taken fails, consider this business continuity insurance.
Cyber insurance will help you recover by providing financial support to resolve the issue quickly if you are the victim of a ransomware attack.
What Should Businesses Do to Combat Ransomware Attacks in 2022?
#1. Zero Trust Security Solutions
Companies concerned with ransomware in 2022 should continue looking at “zero-trust” security solutions for protection. Traditional security products like firewalls and antivirus attempt to stop threats before they get on your network, but they are no longer enough to protect against today’s ransomware.
“Zero-trust” solutions take the opposite approach by essentially blocking everything and only allowing what is approved. Multi-factor authentication (MFA) was the first example we saw of this, and it became standard in most businesses with remote workers.
#2. Application Whitelisting
Application Whitelisting (AW) takes the next step by bringing zero-trust inside the network. AW will stop any application or process that has not been pre-approved. It’s the only security solution available that’s 100% effective at stopping ransomware in its tracks.
In a new trend, insurance companies are starting to ask whether or not they have these Managed Detection and Response Services. In addition, Staff Cybersecurity Training has become a must we can see since last year. Insurance companies are also getting so specific about asking if Microsoft 365 has an Advance Threat Protection license.
Why Should Companies Prioritize Cyber Security?
Ransomware and other cyber attacks have consistently made headlines over the last year. Now more than ever, it is becoming more apparent that businesses of all sizes need to take Cybersecurity seriously and prioritize lowering their risk of an attack that could be catastrophic to their business.
Cybersecurity insurance coverage is an absolute must at this point. Coverage is affordable, and with the world we live in now, there is no reason not to have this in place to protect yourself and your business from these threats.
What Can Businesses Do to Increase Cybersecurity?
Implementation of items such as multi-factor authentication, backup disaster recovery solutions, incidence response plans, and facilitating security awareness training to employees will be vital steps businesses need to take to increase the organization’s cyber resiliency and lower their risk of becoming victims of a cyber attack.
What are the Most Important Cyber Security Trends in 2022?
Companies worldwide will need to be aware of the client/supply chain verification trend that is taking place now and picking up steam everywhere. It is now more evident that due to the increase and success of ransomware attacks, organizations that outsource their services to others are looking to understand their level of risk through those outside organizations.
As a larger company, many things related to their services are outsourced. Where the security is being managed adequately within these larger organizations, there have been cases of attacks against these larger companies that have come not by way of someone attacking them directly. Instead, it has been through an attack on their outsourced vendors, which may not have the same level of security in place.
This is causing many larger organizations to reconsider and verify their outsourced vendors. They are asking now on an annual basis:
- What is that vendor’s security posture like?
- Does it meet industry standards? Do they take security seriously?
- Is the data and access that the larger company provides their outsourced vendor secured adequately to protect themselves?
If this is not the case, the smaller outsourced vendors may not get business from the larger companies. This is a significant shift. The number of times they were asked to show proof was minimal and only from prominent organizations in the financial or healthcare industries.
Today, this is happening 10x the amount it used to in the past. We don’t see this trend slowing down. Thankfully, this will eventually lead organizations that did not take security seriously enough to reconsider implementing this higher level of compliance or lose work and possibly go out of business.
Insurance carriers, having to deal with so many payouts due to poor security or lax attitude of security from their clients, are also ramping up their requirements. We have seen the types of questions being asked not for clients to get coverage go from 4 or 5 about their security to now two pages worth of confirmation of how they secure their business. This trend can only continue to grow in our opinion in the next few years and become commonplace.
Ransomware prevention is continuously evolving almost as fast as the threats they chase. The latest ransomware prevention and protection trends are Zero Trust Policies, Dark Web Monitoring, and Employee Cybersecurity Training with Phishing Simulations. Cyber insurance is a requirement these days for most businesses. The Cyber policy will provide the support needed for an infection. But, prevention is the goal.
You can contact us to have your questions answered.
Thanks to our Ulistic HPC club friend, Kenny Riley at Velocity IT in Dallas for his help.