7 Risk Management Insights for Social Engineering and Ransomware Threats: Risk and Insurance


Tim is the Director of Cyber ​​Risk at IMA, Inc. Areas of focus include creating custom risk transfer programs based on industry segment, loss control solutions, and fostering partnerships with service providers. Tim has over 20 years of experience underwriting and selling cyber insurance. It can be attached to [email protected]

Perhaps one of the biggest misconceptions about cyber risk is that companies with large amounts of confidential data are the most common targets of cyberattacks.

However, over the past few years we have seen an increasing number of hackers looking to deploy ransomware based on vulnerabilities, not a designated industry class. We also continue to see a plethora of social engineering exploits designed to redirect funds. If your business is not equipped with the right tools and knowledge, the loss of funds and revenue due to disruption of operations can be catastrophic.

We have defined seven strategies to mitigate cyber risks and social engineering.

1) Cyber ​​insurance

Cyber ​​insurance provides a financial safety net for risks associated with network security failures, privacy breaches and social engineering. As organizations increasingly depend on information technology, their insurance program must adapt to these ever-increasing perils. There is a strong market for dedicated cyber insurance and companies should actively seek to transfer these risks.

2) Employee training

Employees are the underlying cause in the majority of claims we see. Without a doubt, the best advice we can give our clients is to have a solid training program in place. This should include mandatory employee training on social engineering and targeted phishing training for finance and accounting employees. By educating employees on the red flags to look for, an ounce of prevention is better than cure.

In addition to on-the-job training programs, we also recommend promoting a culture of vigilance and execution. There should be policies and consequences for those who violate best practices in this area. To remedy this, many cyber insurance companies offer a free or discounted employee training service as part of their policy benefits.

3) Call back provisions

Fraudsters go so far as to delve into the psyche of employees in an attempt to trick them into completing tasks on behalf of their supervisors within a certain time frame.

For example, an Accounts Payable employee will receive an email from what appears to be a vendor 15 minutes before close of business on a Friday afternoon. The fraudster gained access to the company’s email system and is now asking the employee to change the bank transfer instructions. This same employee is also preparing to go on vacation and is eager to do so and makes the change without authentication.

In such cases, employees should feel empowered to step back to check on cases that seem out of the ordinary. There should also be a mandatory protocol in place for obtaining direct verbal confirmation from a known contact for all payment or funds transfer reviews from vendors, clients or customers.

4) Technical checks

Based on our collective experience in handling many cyber events, the following controls are now considered “must have”:

• Multi-factor authentication to secure all remote access to your network

• Multi-factor authentication to protect access to privileged user accounts

• Regular data backups and testing of your data restoration processes

• Endpoint detection and response technology installed on servers and computers to detect suspicious activity

5) Incident Response Plan

Businesses should have a plan in case they are the target of a cyberattack. The biggest variable in the size and impact of an attack is how quickly and effectively an organization can respond. A good incident response plan (IRP) should describe internal and external stakeholders and their responsibilities.

One of the immediate benefits of cyber insurance is that the police will provide access to essential first responders, including legal counsel, technical forensic investigator and crisis management. The IRP must include information on how to access these resources, including key contact information.

Unfortunately, it is not uncommon for an insured not to have this information immediately and try to manage the case themselves. Most businesses are not equipped to handle this situation and can end up with unfortunate results. Organizations should regularly monitor and update their IRPs and include all policy resources.

6) Understand the implications

Due to the increasing frequency of these attacks, companies would do well to work on the assumption that you will come under attack. Have the ability to quantify the impact of hourly operational disruptions so that these estimates can be aligned with appropriate insurance products and balance sheet protection.

According to Coveware, the average duration of operational disruptions resulting from a ransomware attack in Q4 2021 was 20 days. Most Cyber ​​insurance policies offer business interruption coverage subject to a waiting period (ex. 8 hours). Only the amount of income lost beyond this threshold is covered. Having the ability and data to document the cost of your hourly operational impact will also speed up the business interruption claims process.

7) Carrier Loss Check

Many cyber insurers will provide access to a wide variety of free proactive loss control tools. These solutions are mutually beneficial and should be integrated into the overall cyber risk strategy. For example, non-invasive network vulnerability scans throughout the insurance year. The results provide additional real-time insight into your risk profile. A common problem is failure to patch vulnerable software. This is the same approach a hacker can take and can allow the insured to implement changes before a loss occurs.

Cyber ​​is a business risk and should be treated accordingly. There is no silver bullet for this complex and evolving category of risk. Cultural awareness, proactive mitigation and a comprehensive risk transfer solution are the most effective risk treatments. &


About Author

Comments are closed.