Just as technology continues to evolve so does cyber extortion methodology. Case in point is ransomware, a type of malware that prevents the victim from accessing their data until a ransom is paid. While ransomware has been around for more than a decade, only in the last few years has it become a primary driver of cyber liability claims, according to the U.S. Cyber Market Outlook.
Even though both are forms of cyber extortion, ransomware differs from a data breach in several important ways. It is an industry-agnostic exposure. Hackers pick their targets based more on a company's willingness to pay rather than its revenues or the type of data it stores in its system.
The U.S. manufacturing sector provides a good example of how ransomware has changed the cyber liability stakes for many industry classes.
When a data breach was the primary cyber exposure, manufacturers were considered to be a relatively low-risk industry class. The majority of manufacturers weren't attractive as a data breach target as they held very little personally identifiable information or credit card numbers compared to a retailer or a healthcare organization. Most employees didn't use a computer, which limited the number of system entry points and also made them less vulnerable to social engineering.
Today, however, the automation of the manufacturing process has increasingly brought technology onto the shop floor. And while the advanced technology has made manufacturing companies more productive and globally competitive, it has also increased the number of potential entry points for a hacker. For example, a piece of equipment that utilizes software connected to the internet can provide a bad actor with a gateway to a company's corporate network.
Few manufacturers can afford to be out of production for hours or days, let alone weeks. So as attackers have learned, they are often quick to pay.
Paying for a decryption key is just one part of the cost of ransomware. Other costs include the time and money required to make sure that the data is restored properly. Attackers are also increasingly including a payment demand to prevent the release of customer data and nonpublic information.
Having grown in both frequency and severity, ransomware attacks have caught the federal government's attention. Because of the potential impact of ransomware following the Colonial Pipeline attack in June 2021, the U.S. Department of Justice elevated ransomware investigations to the same priority level as terrorism. This was followed in September by the U.S. Treasury Department issuing an update of its October 2020 advisory highlighting the sanctions risks associated with ransomware payments.
Steve Robinson, RPS area president and national cyber practice leader, welcomes the recent government attention.
"Combatting ransomware requires a collaboration among IT, government, insurance and private enterprise," Robinson said. "It's our best chance against this global cyber extortion epidemic."