Experts Insight On Chubb Ins. Reports 2019 Ransomware Attacks Outpacing 2018

In response to findings from insurer Chubb that 2019’s ransomware attacks are already outpacing 2018, cybersecurity experts with diverse backgrounds commented below.

Experts Comments

March 30, 2020
Darren Wray
CTO & Co-founder
Guardum
Organisations are having to constantly adjust to new threats. Viral ransomware is a particular nasty approach that has proven successful for a number of groups, this is made all the worse by attackers extracting data to make public. All firms need to be learning from such attacks and taking the risks very seriously, particularly those in high profile sectors such as Insurance companies, which are targeted because they are rich and not particularly well liked. These steps should include.....Read More
Organisations are having to constantly adjust to new threats. Viral ransomware is a particular nasty approach that has proven successful for a number of groups, this is made all the worse by attackers extracting data to make public. All firms need to be learning from such attacks and taking the risks very seriously, particularly those in high profile sectors such as Insurance companies, which are targeted because they are rich and not particularly well liked. These steps should include having the right processes, procedures and practises in place for new and evolving scenarios. This includes making sure that personal and commercial information is protected and where appropriate redacted to ensure that even if documents are stolen and exfiltrated out of the building that they are of limited use to any attacker.  Read Less
March 30, 2020
James McQuiggan
Security Awareness Advocate
KnowBe4
Your security is only as strong as the weakest third party's security program. If their security programs are not as robust as the leading organization, they are all susceptible to attack. Organisations not only need to focus their security efforts on their own applications, infrastructure and employees, but also those that interact with their digital supply chain. An organisation with a strong and robust security program that can train their employees, assess their ability to spot a social.....Read More
Your security is only as strong as the weakest third party's security program. If their security programs are not as robust as the leading organization, they are all susceptible to attack. Organisations not only need to focus their security efforts on their own applications, infrastructure and employees, but also those that interact with their digital supply chain. An organisation with a strong and robust security program that can train their employees, assess their ability to spot a social engineering phishing scam and report it, then verify that the third party companies provide the same, can help to effectively prevent a ransomware attack.  Read Less
March 30, 2020
Shauntinez Jakab
Director of Product Marketing
Virsec
Ransomware continues to grow unabated because it works. Hackers are increasingly adept at bypassing conventional security tools, and encrypting data for ransom is much easier than trying to steal it. And desperate businesses are often will to pay ransoms, even though this perpetuates the problem. The problem has become so severe that a consortium of global insurers have started recommending specific security best practices for their customers, rather than just waiting to deal with the aftermath.
March 30, 2020
Gerrit Lansing
Field CTO
STEALTHbits Technologies
As ransomware has evolved it has adopted techniques previously reserved for advanced nation-state actors. In the last several years, we’ve seen strains of ransomware – for example NotPetya -- leverage stolen credentials and similar techniques to propagate throughout an enterprise network. For many organizations, this means a single compromised user risks the entire network. Adopting strong defenses against lateral movement and maintaining better oversight of sensitive data are vital.....Read More
As ransomware has evolved it has adopted techniques previously reserved for advanced nation-state actors. In the last several years, we’ve seen strains of ransomware – for example NotPetya -- leverage stolen credentials and similar techniques to propagate throughout an enterprise network. For many organizations, this means a single compromised user risks the entire network. Adopting strong defenses against lateral movement and maintaining better oversight of sensitive data are vital objectives for all companies.  Read Less
March 30, 2020
Roger Grimes
Data-driven Defence Evangelist
KnowBe4
The vast majority of ransomware attacks are due to one of two things: a phishing email or unpatched software. Phishing is involved in 70% to 90% of all successful breaches and unpatched software is involved for 20% to 40% attacks. Any single other root cause you can think of accounts for less than 1% of the risk. Every other risk added up all together equates to less than 10% of the risk in most organizations. So, how do organizations stop ransomware? It’s easy. Don’t get socially.....Read More
The vast majority of ransomware attacks are due to one of two things: a phishing email or unpatched software. Phishing is involved in 70% to 90% of all successful breaches and unpatched software is involved for 20% to 40% attacks. Any single other root cause you can think of accounts for less than 1% of the risk. Every other risk added up all together equates to less than 10% of the risk in most organizations. So, how do organizations stop ransomware? It’s easy. Don’t get socially engineered into doing something against your interests, and patch software. Nothing else really matters. Unfortunately, we are told that we have to worry about a thousand things and not told that two of these things matter far more than everything else. It leads to a lack of focus, which hackers love. Phishing and unpatched software have been responsible for the greatest number of attacks for over three decades, and this will remain a constant as long as people aren’t trained to pay attention to the right things. Hackers will keep using phishing and attacking unpatched software because those techniques work really well for them. In fact, a group of major insurance providers identified best security practices as being so important that they designated a select few solutions as “Cyber Catalysts.”  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Share on facebook
Share on twitter
Share on linkedin

Recent Posts

Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics

Twitter Facebook-f Linkedin Youtube

Working With Us

The Pages

Our Contributing Experts