Risk Management
Ransomware Insurance: Security Strategies to Obtain Coverage
Ransomware accounts for 75% of all cyber insurance claims, yet 40% of business currently lack the coverage needed. Discover security strategies to help you meet ransomware insurance requirements.
Download Trend Micro's Guide to Cyber Insurance
A cyber insurance policy is a necessary element in a company’s risk mitigation strategy. However, obtaining/renewing a policy is becoming more difficult, and premiums have drastically increased. Direct-written premiums increased by 92% in 2021 according to the National Association of Insurance Commissioners.
The primary reason for the hardening of the cyber insurance market? Ransomware. Since ransomware accounts for 75% of all insurance claims, premiums are directly correlated with the 148% increase in attacks through Q3 2021 as well as higher ransom demands and recovery costs.
As costs continue to soar, many businesses lack the appropriate cyber insurance coverage. According to a BlackBerry and Corvus Insurance survey, nearly 40% of respondents revealed they currently lack coverage for any ransomware payment demands.
Businesses of all sizes need to take stock of their ransomware prevention strategy – not only to reduce the chances or scope of an attack, but to demonstrate the necessary cybersecurity maturity to obtain the appropriate policy for your business.
Common ransomware attack vectors
Understanding the modern attack mechanics and vectors is critical to effective ransomware prevention. As the attack surface continues to rapidly expand due to digital transformation and remote workers, cyber criminals have a variety of entry points to choose from. Here are the most common attack vectors for enterprises:
1. Phishing attacks like BEC are responsible for 91% of cyber threats, including ransomware. Trend Micro Research reported a staggering 137.6% increase in phishing attacks blocked and detected in 2021.
2. Unpatched vulnerabilities on any internet-facing systems (websites, VPNs, etc) continue to be exploited for ransomware attacks. Of the 1,543 vulnerabilities disclosed by market-leading bug-bounty program Trend Micro™ Zero Day Initiative™, 68% were categorized as critical or high severity.
3. Remote desktop protocol (RDP) is valuable for businesses, but if it’s not properly protected, it can grant malicious actors the same benefits. Ransomware operators will use brute force, credential stuffing, or even purchase legitimate credentials from the dark web to exploit RDP.
4. Websites that seem trustworthy can have malicious ransomware code hidden in web scripts. Any individual that visits that site will automatically download the code, which can be executed to infect the user’s system and move laterally across the IT infrastructure to exfiltrate data.
Tips for ransomware prevention
Similar to adding reinforced locks and alarms to doors, enterprises need to focus on securing potential attack vectors. This will strengthen your overall cybersecurity maturity and demonstrate proactive, risk-based protection – which is exactly what cyber insurance underwriters want to see. Here are the security practices you can apply to the attack vectors listed above:
1. Phishing
Stronger email defense depends on layered messaging security. Look beyond native security to cutting-edge capabilities such as gateways to detect internal malicious emails, writing style and computer graphic analysis, and integration with a broader security platform.
Trend Micro’s VP of Threat Intelligence, Jon Clay, compiled a list of questions to across the four pillars of cybersecurity – people, culture, process, and technology – to identify potential email security gaps. Read more.
2. Unpatched vulnerabilities
To create a strong defense program against vulnerability exploitation, consider the following patch management best practices:
- Establish a prioritized patching process by focusing on the bugs relevant to the apps used in-house, identifying which are being activity exploited and are part of the business’ critical infrastructure.
- Make a zero-day plan that includes consistent monitoring for suspicious activity inside of networks and stay up to date with bug bounty programs that leverage global threat intelligence.
- Communicate with SaaS vendors about possible rollbacks to previous versions of software and whether they can be done via automation.
- Utilize virtual patching to protect systems while waiting for a vendor patch to be released. Operational technologies (OT) are prime candidates for virtual patching, as frequently untouched and unsupported OT systems are a growing target for cyber criminals.
- Share benefits with stakeholders by communicating that the risk of financial loss outweighs the investment.
3. Remote desktop protocol and websites
Go beyond multi-factor authentication (MFA) by deploying a SASE architecture as part of a zero-trust strategy. SASE is composed Zero Trust Network Access (ZTNA), Secure Web Gateway (SWG), and Cloud Access Security Broker (CASB) capabilities to strengthen protection and control across the attack surface.
Here’s how it all works: ZTNA – an ideal replacement for VPN – validates access, authenticates the user’s identity via MFA, and continuously monitors user behavior for suspicious activities that would trigger termination. While ZTNA secures remote access to applications or resources that live within virtual private clouds or the corporate datacenter, SWG and CASB team up to secure access to the internet and control what can be done.
SWG blocks threats from inbound and outbound web traffic and content not owned by the organization. CASB allows you to not only restrict access to the SaaS app, but also the functions you can perform within the app. For example, you can access Twitter, but you can’t tweet.
A unified platform approach to ransomware prevention
Deploying point products across the attack surface will only hinder visibility and lead to false positives. Leverage a unified cybersecurity platform backed by the security functions listed mentioned above to give security teams total visibility across endpoints, cloud, networks, email, etc.
Bonus tip: a platform with extended detection and response (XDR) capabilities will collect and correlate deep threat activity data across multiple security layers to surface verified and actionable alerts, freeing teams to focus on investigation and remediation.
A strong and holistic ransomware prevention strategy is crucial to improving your security posture and demonstrating to cyber insurance underwriters that you meet or even go beyond coverage requirements.
For more information on preventing ransomware and cyber insurance, check out the following resources: