According to experts who spoke at the Triple-Eye Joint Industry Forum (JIF) last week, cybercriminals will change their tactics and adapt their techniques in 2022.
“Ransomware as a business model” said Michael Menapes, an insurance attorney at the law firm Wiggin and Dana LLP and a Triple-I Non-Resident Scholar. What has changed in recent years is that “bad actors used to encrypt your computers and extract a ransom to give you your data back, and now they threaten to exfiltrate your data and make it public.”
The types of targets have also changed, with a greater focus on “soft targets — specifically, municipalities,” which often don’t have the staff or funds to maintain cyber health like large corporates, Menabez said.
Theresa Lee, chief claims officer at Cowbell Cyber, agreed with Menapace’s assessment, citing an increased tendency for cybercriminals to contact customers or leaders of companies as a “pressure point” to avoid reputational damage.
“Threat actors are focused on the quality of data they can extract when they’re ‘at home,'” Lu said, “and it’s not just about stealing Social Security numbers or other information they can sell on the dark web. That was a few years ago. It’s really a lot of thought and focus.
Scott Shackelford, a professor of business law and ethics at Indiana University’s Kelly School of Business, reinforced Menabas and Lee’s observations about the advanced sophistication and adaptability of cybercriminals by talking about government-sponsored intrusions.
“It’s not just the North Koreas of the world,” he said, adding that “a growing cadre of nation-states” are launching attacks “not only on large corporations, but increasingly on small and medium-sized businesses, even local governments.”
“We established a cybersecurity clinic two years ago, and the number one request we get from local government and small utilities is related to insurance coverage. There’s a lot of demand for better information.
Shackelford emphasized the continued evolution of the Internet of Things (IoT) as an “attack surface.” In a work-from-home environment driven by the new pandemic, he said, “What is considered a covered computing device for some of these policies has led to litigation and is a huge vulnerability that we’re only just beginning to wrap our minds around. .”
Moderated by Frank Tomasello, Executive Director of The Institutes Griffith Insurance Education Foundation, the conversation featured topics including:
- Deep Forging Technology;
- The importance of aligning insurance pricing with risk – and educating policyholders on how to get the best price by becoming the best risk-adjusted;
- how threats differ for organizations and individuals of different sizes; And
- There is a need for better data and information sharing around cyber attacks and trends.