Insurance coverage

Farewell, insurance coverage for nation-state cyberattacks

Last week, Lloyd’s of London Ltd. announcement that it will require its underwriters, globally, “to exclude catastrophic state-sponsored hacks from stand-alone cyber insurance policies” beginning in March 2023. This elimination of cyber policies involving adversaries of states -nations is not surprising. Based on “worrying trends” in our post-pandemic world, cybersecurity insurance as a whole “has a big problem,” as PCS Insurance Group reports. Notes by Tom Johansmeyer in harvard business review.

What is the problem? In short, in 2020, “the world has apparently entered a new era of cyberattacks” in which “the severity of the financial consequences has been profound”. Take ransomware, for example. Last year, ransomware affected 66% of midsize businesses interrogates in 31 countries. That’s a 78% increase in just one year. While there is often a very fine line between a nation-state threat actor and highly organized criminal gangs based in adversarial countries, organizations across all sectors must be well protected against any sophisticated offensive cyber attack. used as “an element of national strategy”. power,” as IronNet Founder and Co-CEO Keith Alexander put it mentioned.

Geopolitical tensions exacerbate cyber risk.

No industry is immune to cyber threats from state-sponsored adversaries. Last month, the US Cybersecurity & Infrastructure Security Agency (CISA) issued a Attention against North Korean cyber actors targeting healthcare and public health sectors with Maui ransomware. In May, the United States and Five Eyes intelligence partners released a alert for managed service providers indicating that more cyberattacks by nation-state threat actors may be on the horizon.

It is therefore not surprising that 86% organizations believe they were the target of nation-state cyberattacks following Russia’s invasion of Ukraine, with Forest suggesting that the incident has “permanently altered the cyber threat landscape” and that every organization must prepare for a new era of increased cyberattacks and ruthless persistence. At the same time, an organization’s cybersecurity team must also manage volumes of rather unsophisticated threats, such as phishing, which are still very powerful.

The particular challenge of cyber threats from nation states is that companies often cannot detect them until it is too late. Adversaries of this magnitude like to hide in networks to plan and scale their attack, whether it’s dropping a debilitating ransomware payload, exfiltrating data, or taking over the network for physically destructive purposes. . Only 27% of organizations recently surveyed “are completely confident in their organization’s ability to recognize such an attack unlike other cyberattacks.”

Better cyber defense starts with better threat detection.

So how can today’s cybersecurity teams prepare for worst-case scenarios, including destructive attacks on critical infrastructure? The answer is advanced network detection and response (NDR). Using artificial intelligence and machine learning, advanced NDR provides early detection capabilities during the crucial dwell time when bad guys lurk in corporate networks to define their plan of attack. Spotting threats before they are associated with known signatures is key to mitigating the impact of an attack on a nation state in the early stages, long before there is any business or security impact. compromised public.

Time is running out, as an attacker’s overall median dwell time has fallen to just 24 days in 2021, less than half of the observed residence time reported in 2020 at 56 days.

The good news is that while the most egregious ransomware (and other malware) attacks have shorter dwell times, the process of deploying these attacks doesn’t happen instantly. The golden opportunity for a stronger defense is to detect anomalous activity at the reconnaissance and access stages of the intrusion cycle.

In the case of ransomware, the ransom note itself is the very last step an attacker takes after fully compromising a network to monetize their efforts. Therefore, early detection of the initial network intrusion is imperative before the attacker has a chance to move the campaign forward.

Advanced NDR works by focusing on abnormal behavior on the network. While endpoint detection and response (EDR) and firewalls are capable of detecting signature-based threats, nation-state adversaries rely on tactics, techniques, and procedures (TTPs) – or behaviors – to compromise networks. IronNet’s behavioral analytics detect these indicators of behaviours “left of the boom” keeping a few steps ahead of threat actors. Attackers can modify known signatures such as hash values, IP addresses, and domains quite easily, but it is much more difficult for them to modify their TTP. This is why NDR can be a powerful tool to ward off potentially catastrophic and costly nation-state cyberattacks – ones for which many companies across industries next year may not have cyber insurance as a backstop. of security.