Normalizing Outliers in Cybersecurity - Ransomware Edition
Last week, I wrote an article titled “Black Swan in Data Security”. The primary point I made is that most IT projects fail to consider even mild outlier events when it comes to security (such as compromised passwords or breach).
However what used to be an outlier event, ransomware threat is becoming normal. AXA, a large global property and casualty (P&C) insurance carrier, announced that they will not sell new policies that covers ransomware extortion payments (link).
They are acknowledging that their models do not factor in this risk sufficiently. These events are occurring so frequently that they need to update their models and pricing before covering the risk. This makes sense.
AXA France, Cyber Insurance and Ransomware.
Across many industries we are seeing “normalization” of ransomware; what was once an outlier event is becoming “normal”. The process plays out in three phases.
- Initially the outlier event are not given too much attention. In the past, AXA covered this risk and made claim payments, because it occurred rarely.
- As these events start to occur more frequently; everyone figures out how to cope with it. I think this is the stage AXA is in, right now. They are taking a step back to recalibrate.
- Eventually the outlier is accepted as normal. There will be a well-defined coverage for ransomware with suitable pricing.
Once the normalization process is complete, you can expect to see two things:
- Higher cost of doing business: Take for example, medical malpractice lawsuits. When malpractice suits started to happen frequently, cost of malpractice insurance shot up. Healthcare cost shot up followed by healthcare insurance premium. Since most of the healthcare premium is borne by employers, cost of doing business shot up. We will see a similar cycle with spike in ransomware events. This is not good for the society at large.
- Insurance carriers will offer premium discounts to those who take adequate measures to protect their data. Like in home-owners insurance, where homeowners get discount on premium if they install a burglar alarm. This will result in all operators looking for good data protection solution.
There are two types of exposure with ransomware.
1. Business Disruption:
An adversary will typically encrypt a key piece of data (rendering it undecipherable), that is critical to running the IT systems. This could be your customer master table, product catalog, inventory data etc. This will disrupt your ability to run your business. The adversary will then demand a ransom in order to decrypt the data, to let you run your business.
One way to mitigate the impact is through well designed backup and recovery strategy. Backup solution providers (like Rubrik, link) can help.
2. Data Leak:
The adversary will exfiltrate your sensitive data (e.g. PII, PCI, PHI, trade secrets, blueprints, financials, budgets etc.) to an offsite location and threaten you that they would leak the information. They may even threaten your business affiliates and customers directly (if the exfiltrated data pertains to those parties). This results in repeated extortion and irrecoverable loss of trust, credibility and reputation.
Titaniam can help with the latter. Titaniam protects your data in such a way that you can continue to operate your business as usual, but if your data is exfiltrated, the adversary will not be able to see anything in clear text. Once you protect your sensitive data with Titaniam, you will not lose sleep over:
- Paying ransom for data leak threats
- Disclosing the breach to authorities (in the U.S. loss of encrypted data is not a disclosable event)
- Losing your customers’ trust
Titaniam is not just another data-at-rest encryption solution. Most data-at-rest encryption solution does not protect all the attack surfaces. In fact despite all the data-at-rest encryption, if an adversary can get to your data store (and gains ability to run a query), it is game over.
Titaniam Protect offers a comprehensive solution that protects…
- Your applications through data-protection APIs,
- Your data stores by enabling full query-ability/ search-ability on protected data, and
- Your most critical data that you want to safe keep in a secure data vault.
Titaniam offers FIPS 140–2 compliant and NIST-approved data protection solution while the data is being queried. It goes way beyond data-at-rest encryption. Titaniam’s powerful protection engine can
- Execute queries on protected data on a variety of platforms (such as Relational databases, S3, Elasticsearch etc.),
- Install wherever your data source is (on-premise or cloud) and
- Allows you to get started within days not months
See a Demo. Reach out at firstname.lastname@example.org for an evaluation.