Ransomware Insurance: Security Strategies to Obtain Coverage

Download Trend Micro’s Guide to Cyber Insurance

A cyber insurance policy is a necessary element in a company’s risk mitigation strategy. However, obtaining/renewing a policy is becoming more difficult, and premiums have drastically increased. Direct-written premiums increased by 92% in 2021 according to the National Association of Insurance Commissioners.

The primary reason for the hardening of the cyber insurance market? Ransomware. Since ransomware accounts for 75% of all insurance claims, premiums are directly correlated with the 148% increase in attacks through Q3 2021 as well as higher ransom payment demands and business interruption costs.

As costs continue to soar, many businesses lack the appropriate cyber insurance coverage. According to a BlackBerry and Corvus Insurance survey, nearly 40% of respondents revealed they currently lack coverage for any ransomware payment demands.

Businesses of all sizes need to take stock of their ransomware prevention strategy – not only to reduce the chances or scope of cyber attacks, but to demonstrate the necessary cybersecurity maturity to obtain the appropriate policy for your business.

Common ransomware attack vectors

Understanding the modern attack mechanics and vectors is critical to effective cyber extortion prevention. As the attack surface continues to rapidly expand due to digital transformation and remote workers, cyber criminals have a variety of entry points to choose from.

Securing potential attack vectors strengthen your overall cybersecurity maturity and demonstrate proactive, risk-based protection – which is exactly what cyber insurance underwriters want to see when evaluating organizations for ransomware insurance. Here are the security practices you can apply to the attack vectors listed above. Here are the most common attack vectors and what enterprises can do to better secure them:

1. Phishing attacks like BEC are responsible for 91% of cyber threats, including ransomware. Trend Micro Research reported a staggering 205% increase in credential phishing detections.

What enterprises can do: Stronger email defense depends on layered messaging security. Look beyond native security to cutting-edge capabilities such as gateways to detect internal malicious emails, writing style and computer graphic analysis, and integration with a broader security platform.

Trend Micro’s VP of Threat Intelligence, Jon Clay, compiled a list of questions to across the four pillars of cybersecurity – people, culture, process, and technology – to identify potential email security gaps. Read more.

2. Unpatched vulnerabilities on any internet-facing systems (websites, VPNs, etc) continue to be exploited for ransomware attacks. Of the 1,543 vulnerabilities disclosed by market-leading bug-bounty program Trend Micro™ Zero Day Initiative™, 68% were categorized as critical or high severity.

What enterprises can do: To create a strong defense program against vulnerability exploitation, consider the following patch management best practices:

  • Establish a prioritized patching process by focusing on the bugs relevant to the apps used in-house, identifying which are being activity exploited and are part of the business’ critical infrastructure.
  • Make a zero-day plan that includes consistent monitoring for suspicious activity inside of networks and stay up to date with bug bounty programs that leverage global threat intelligence.
  • Communicate with SaaS vendors about possible rollbacks to previous versions of software and whether they can be done via automation.
  • Utilize virtual patching to protect systems while waiting for a vendor patch to be released. Operational technologies (OT) are prime candidates for virtual patching, as frequently untouched and unsupported OT systems are a growing target for cyber criminals.
  • Share benefits with stakeholders by communicating that the risk of financial loss outweighs the investment.

3. Remote desktop protocol (RDP) is valuable for businesses, but if it’s not properly protected, it can grant malicious actors the same benefits. Ransomware operators will use brute force, credential stuffing, or even purchase legitimate credentials from the dark web to gain access and exploit RDP.

4. Websites that seem trustworthy can have malicious ransomware code hidden in web scripts. Any individual that visits that site will automatically download the code, which can be executed to infect the user’s system and move laterally across the IT infrastructure to exfiltrate data.

What enterprises can do to secure RDP and websites:

Go beyond multi-factor authentication (MFA) by deploying a SASE architecture as part of a zero-trust strategy. SASE is composed Zero Trust Network Access (ZTNA), Secure Web Gateway (SWG), and Cloud Access Security Broker (CASB) capabilities to strengthen protection and control across the attack surface.

Here’s how it all works: ZTNA – an ideal replacement for VPN – validates access, authenticates the user’s identity via MFA, and continuously monitors user behavior for suspicious activities that would trigger termination. While ZTNA secures remote access to applications or resources that live within virtual private clouds or the corporate datacenter, SWG and CASB team up to secure access to the internet and control what can be done.

SWG blocks threats from inbound and outbound web traffic and content not owned by the organization. CASB allows you to not only restrict access to the SaaS app, but also the functions you can perform within the app. For example, you can access Twitter, but you can’t tweet.

A platform approach to obtain ransomware insurance

Deploying point products across the attack surface will only hinder visibility and lead to false positives. Leverage a cybersecurity platform backed by the security functions listed mentioned above to give security teams total visibility across endpoints, cloud, networks, email, etc.

Bonus tip: a platform with extended detection and response (XDR) capabilities will collect and correlate deep threat activity data across multiple security layers to surface verified and actionable alerts, freeing teams to focus on investigation and remediation.

A strong and holistic ransomware prevention strategy is crucial to improving your security posture and demonstrating to cyber liability underwriters that you meet or even go beyond coverage requirements.

Check out our cyber insurance blogs for more information.

Read More HERE