Q3 Cyber Threat Report: The Ransomware Ecosystem is Increasingly Distributed
Ransomware attacks remained high in Q3 2024 thanks to the RansomHub, PLAY, and LockBit 3.0 ransomware gangs. Check out the full cyber report for more info.
While the threat of ransomware, security issues, and cyber attacks persists for all industries, rich data and downstream customers makes the tech sector a particularly attractive target for cybercriminals. The never-ending stream of alarming headlines, innovative threat actors, and tales of third-party risk can be overwhelming enough to stump even the savviest business leaders.
When it comes time to make the call on where to really invest in security tools and cyber mitigation solutions — how do you know what will best protect not only your IT systems, but also your customers?
At Corvus, our Risk Advisory experts work with policyholders and cybersecurity partners to mitigate risk for their organizations, including Smart Tech E&O policyholders. Based on their experience working with technology and professional services firms, we’ve highlighted some go-to, defensive cybersecurity solutions for covering your security bases:
While antivirus software can battle the low-hanging fruit, Endpoint Detection and Response (EDR) functions as higher-level protection against advanced and emerging threats. EDR combines real-time continuous monitoring and collection of endpoint data with rules-based automated response and analysis capabilities. When it catches suspicious activity, it can isolate the impacted system from the rest of the network until security personnel can investigate.
But what truly sets EDR apart from the basic antivirus technology already installed on your computer? Its “flight recorder” capabilities, which track activity on the system before and after a security breach alert to clearly identify what malicious activity occurred. For a post-incident forensics investigation, this is like finding the murder weapon at the scene of the crime.
When it comes to protecting your organization as a whole with one security control, EDR is (almost) as holistic as it gets.
Level up: Extended detection and response (XDR) even takes cyber risk reduction a step further. XDR integrates security across the environments endpoints, cloud resources, email, and other solutions and is designed to provide integrated visibility and threat management within a single solution.
Working with third-parties is in the nature of doing business in the digital age. Because of this, cyberattacks often have far-reaching consequences. Take for example the recent vendor breach at AT&T. While it was their marketing partner that was hacked, it was AT&T’s data — and therefore AT&T’s brand name — that hit the headlines.
Your organization will fare best if you prioritize working with vendors that take security practices seriously. The challenge is determining who you can entrust with your customers’ data. Before ever signing a contract, you need to understand the risk a vendor poses to your organization. By requesting access to their policies and procedures, business continuity planning reports, and SOC reports, you’ll get a clearer picture of their risk profile.
Level up: The work isn’t over once you’ve grouped vendors by risk-profile and officially signed contracts. It’s an ongoing process. As time passes, you should revisit contracts and add amendments when privacy laws change — and they will — so you aren’t caught by surprise if a data breach occurs.
A high impact and relatively low effort security control? Count us in. Multi-factor Authentication (MFA) is an authentication method that requires the user to provide two or more credentials in order to gain access to an account. Rather than just asking for a username and password, MFA requires one or more additional verification factors, which decreases the likelihood of a threat actor taking over an account.
We recommend that organizations implement MFA for email access, remote access, and administrative access, as these are the most common routes cybercriminals take to infiltrate your systems and steal your data. If threat actors obtain user credentials, MFA serves as your baseline protection. Without MFA, the odds aren’t in your favor: Microsoft reports more than 1,000 password attacks per second, and of the successful compromises, 99.9% didn’t have multi-factor authentication enabled.
Level up: As more organizations take recommendations from security experts in stride, cyber mitigation strategies such as MFA become even more commonplace. In response, threat actors accelerated their efforts to bypass this first line of defense. To go above and beyond, we recommend phishing-resistant MFA (like FIDO2 solutions) and up-to-date user education on social engineering attacks.
During a ransomware event, recovery can be a complex, expensive, and time-consuming part of the incident response process. Malicious actors will actively seek out your backups in an attempt to delete them, increasing their leverage for a fruitful ransom payout. Without a robust backup solution — which includes protective controls, offsite backups, and ongoing testing — that hefty ransom payment may feel like the only option to resume business operations as normal.
You’re only as good as your backups! To avoid that worst-case scenario, confirm the following: Does your organization’s backup strategy include all of your critical systems? Are your local backups secured? Do you have offsite backups? How quickly can you restore all of those systems? Preparation here can mean a world of difference if the worst-case scenario happens at your organization.
Level up: Follow the 3-2-1-1-0 backup strategy: 3 copies of data (your original production data, on-site backups, and offsite backups), 2 different media types (store your data in the cloud and on physical disks), 2 offsite backups, 1 immutable copy, and 0 errors after running through a recovery procedure.
Dare we say it? Insurance is a crucial ingredient for protecting your organization and transferring risk. Beyond the obvious financial safety offered by insurance, you’ll find yourself with a partner mutually interested in your organization’s security. Through digital tools, expert guidance, and up-to-date threat intelligence, your insurer works as an ongoing source for risk mitigation.
Tech companies continue to face data breaches, significant downstream risk, and the liability associated with both. Our Tech E&O product — backed by Travelers A++ paper — includes fully-fledged cyber liability (first and third-party) coverage with access to our risk prevention solution, Corvus Signal™, hands-on partnership with experienced underwriters, and in-house claims handling.
Learn more about how we help technology companies keep pace with digital risk.