The headline from the Information – “Companies Are Ditching Cybersecurity Insurance as Premiums Rise, Coverage Shrinks.” Last year, cyber insurance premiums spiked by 74%, and so per this analysis, a number of large firms are not renewing it. The replacement – their own insurance. Large companies (and some governments) are setting up a captive insurer, an arrangement in which a company uses its capital to create an insurer whose only customer is the company.
Meanwhile, a new type of hypothetical attack is data manipulation. Quoting the piece: Data-tampering represents a different type of threat, and one that could be potentially even more serious for certain organizations, depending on the situation. And yet it’s not on the radar for many businesses, experts told Protocol, due to the fact that few such attacks have occurred and come to light.
AND
Technologies for protecting against data integrity attacks include file integrity monitoring services for detecting file changes, which can be used in combination with logging and backups to secure against such threats from external attackers or malicious insiders, the National Institute of Standards and Technology noted in a 2020 report.
Meanwhile, Microsoft analyzed anonymized data of actual threat activity and, according to the company’s new Cyber Signals report, found that over 80% of ransomware attacks can be traced to common configuration errors in software and devices.
These include applications being left in their default state, allowing user-wide access across the network, security tools being left untested or misconfigured, cloud applications set up in a way that can quickly enable unauthorized intruders to gain access, and organizations not applying Microsoft’s attack surface reduction rules, which allows attackers to run malicious code using macros and scripts. That is thanks to ZDNet.
All of this is top of mind – PWC’s Pulse survey just out notes that 40% of top business executives consider cyberattack risk their top concern, followed by talent acquisition at 38%.
Why do we care?
Big companies have the option to insure themselves… and small ones don’t. I highlight this change in strategy to observe those small companies – and the providers who serve them – will need another approach here. Disaster recovery services to the rescue don’t necessarily mean technology ones. They can well be procedural.
Because you’ll need them if you ponder the potential of hackers altering your data, that’s scary – although offset by the fact that so many of the items listed by Microsoft are just the basics.