Supply chain attacks are the next big threat in cyber-space: The attacks on Kaseya or Solarwinds have shown in a frightening way how profound and expensive the consequences can be for medium-sized businesses. Therefore, no company can avoid good cyber hygiene, says Michael Daum, Senior Cyber Underwriter at Allianz Global Corporate & Specialty in Central and Eastern Europe.

The employees of American IT company Kaseya just wanted to enjoy the weekend, on which this year Independence Day was also celebrated in the US. But then the holiday mood at the company’s US headquarters in Florida quickly came to an end. A cyberattack on the company, which claims to be the leading provider of information technology and IT security for small and medium-sized enterprises, not only hit the company hard. Kaseya’s software had also been manipulated by blackmail software in such a way that more than a thousand companies – mainly small and medium-sized enterprises – were affected. Among those who suffered was the Swedish supermarket chain Coop, which had to temporarily close 800 stores due to malfunctioning cash registers.

This example shows that even if you are not the direct victim of a cyber-attack, you can still feel the effects in your own company via the supply chain. Supply chain attacks are the next big trend in cyberspace, with experts at Allianz Global Corporate & Specialty (AGCS) observing two main types: First, we are seeing more attacks targeting software/IT service providers such as Kaseya and using them to spread the malware. Another example was the SolarWinds attack earlier this year, which affected tens of thousands of companies. All of the victims were using SolarWinds’s Orion software platform. Using a compromised update, the attackers were able to inject a backdoor, christened “Sunburst”, into the systems and networks of users of the listed US company. Such service providers or software vendors are likely to become prime targets for cybercriminals in the future, as they often supply hundreds or thousands of companies with software solutions and therefore offer criminals the opportunity for higher revenues.

Second, we are increasingly seeing attacks that target physical supply chains or critical infrastructure, such as the attack on the Colonial Pipeline, the largest oil pipeline in the US. Nearly half of all fuel consumed on the U.S. East Coast passes through the pipeline. As a result, parts of the country experienced gasoline shortages and airlines also felt the effects.

The attack pattern is similar in both cases. The attackers from cyberspace lock or encrypt the computer systems of their victims in order to extort a ransom (ransomware) from the users for the release. Not all attacks are targeted. Criminals also often take a shotgun approach to target those companies that are unconcerned about or unaware of their vulnerabilities and security holes. According to Accenture, the number of cyberattacks increased 125% globally in the first half of 2021 compared to the previous year, with ransomware and extortion attempts being one of the main reasons for this increase. According to the FBI and CISA, there was a 62% increase in ransomware incidents in the U.S. during the same period, following a 20% increase in the entire year of 2020. These trends in cyber risk are reflected in AGCS’ own claims experience. AGCS was involved in over a thousand cyber claims in total in 2020, up from around 80 in 2016; the number of ransomware claims increased by around half compared to 2019. In general, losses from external cyber incidents such as ransomware or distributed denial of service (DDoS) attacks account for the majority of the value of all cyber losses analyzed by AGCS over the past six years.

In view of these frightening figures, the understanding in large companies of the complex cyber risks and also of the possibilities of risk transfer has now increased significantly and is contributing to greater risk awareness. In small and medium-sized companies, on the other hand, there is still a clear need to catch up, as evidenced by our risk dialogues that are regularly conducted in the companies. For example, we found that multi-factor authentication (for remote access, privileged IT accounts or remote maintenance) is lacking in many cases or that employees have not been sufficiently trained against external attacks.

However, regular patching and two-factor authentication, as well as information security training, are just as important as good cyber hygiene in preventing ransomware attacks. Cybersecurity tools such as endpoint detection and response (EDR) services and anti-ransomware toolkits and services can also help prevent attacks, detect threats. Reliable response and business continuity plans are also key to mitigating the impact of a ransomware attack, with focused preparation and rapid response making all the difference in managing a crisis. Response plans should be regularly tested against ransomware scenarios, and roles, responsibilities and lines of communication should be clearly defined. Frequent backups, including of critical systems and data, are also critical to mitigating the impact and speeding recovery and operations. In the event of a ransomware or other cyber extortion incident, companies should follow their response plan and specifically inform senior management and the legal department. If the legal department is involved from the beginning, the risk of class action lawsuits or other legal claims that could be brought in the wake of the data breach can be reduced. If cyber insurance is in place, it is also recommended that the insurance carrier be informed from the outset to verify that the applicable cyber insurance policy provides coverage.

Regardless of the final confirmation of cover, cyber policyholders at AGCS benefit from 24/7 access to emergency services. These services typically include the services of a professional crisis manager, forensic IT support and legal advice. Another service offered is the free creation of a cyber crisis management plan. Our estimates suggest that the losses in around 80% of ransomware incidents could have been avoided if companies had followed basic security measures.

These figures show why, above all, a reliable response plan is so crucial: Business interruption damage and recovery costs are the biggest driver of ransomware damage. The average downtime after a ransomware attack is now 23 days, with total recovery and downtime costs also more than doubling in the past year. They have risen from around €700,000 in 2020 to €1.6 million in 2021. So when it comes to cyber business disruption, timing is everything. By the time a company pays a ransom demand after two weeks to obtain the decryption key, the business interruption loss has already manifested itself and the handsome cost of trying to restore systems and data has already been incurred. The cost of hiring forensic experts and legal advisors, for example, can be as high as €2,500 per day per head and easily reach a seven-figure sum.

We try to encourage our policyholders to avoid paying ransoms – especially as this only creates further incentives for the hackers’ criminal business model. The decision whether or not to pay a ransom is always made by the company in question. The better prepared the company is, the easier it will be to do without. In any case, the police authorities should be strongly involved from the very beginning. In Germany, the Federal Criminal Police Office is in charge, with which AGCS cooperates. The central office of the police continuously analyses current cybercrime trends and derives conclusions for the fight against cybercrime. This is important because cybercrime can only be successfully prevented and fought in close cooperation between businesses and security authorities. It cannot be done alone.

You may also like

UK/EU Summit - “Risk to Resilience”
icon External Engagement

UK/EU Summit - “Risk to Resilience”

Detlef Houdeau, Senior Director, Business Development at Infineon Technologies was a speaker at the inaugural UK/EU Summit organized by our newest Associated Partners Shared Assessments.

💡Under the theme “Risk to Resilience” the first event of this series was held in London and brought together professionals from different industries and regions. Detlef participated in the panel about the complex regulatory landscape and emphasized that new legislation like the EU AI Act, DORA and Hashtag#NIS2 continue to push the standard of care on cybersecurity and other risks.

Thanks to Shared Assessments for organizing such an amazing event and inviting the Charter of Trust to participate in this high-class panel alongside Andrew Moyad, CEO at Shared Assessments.
October 08, 2024
36th Cyber Security Day: Working together for more resilience in the digital future
icon External Engagement

36th Cyber Security Day: Working together for more resilience in the digital future

Strong networks and effective cooperation are the key to successfully shaping the digital future in Germany. Cybersecurity is a team effort, and that was again visible last week at the 36th Cyber Security Day in Berlin.

🌐On 26 September 2024, the Bundesamt für Sicherheit in der Informationstechnik (BSI), Alliance for Cyber Security, and the DIHK invited experts, companies, authorities and political decision-makers to jointly strengthen Germany's cyber resilience.

The event was a great mix of policy debate, practical exchange, workshop and networking under the motto ‘Stronger Together: Greater Resilience through Cooperation’.

✨ One of the highlights of the day was the closing panel with Claudia Plattner, President of the BSI, Dr. Stefan Saatmann, Deputy Head Berlin Office at Siemens, Konstantin von Notz, Member of the Bundestag for B90/Greens, and Alexander von Gernler, German Informatics Society, interchanging ideas to foster resilience through collaboration. Initiatives like the CoT baseline requirements and its huge potential for international harmonizing cybersecurity regulations were discussed as well.

Let’s all work together so that closer cooperation between the BSI and businesses bring more tangible effects to increase digital resilience. Special thanks to Nils Hasenau for providing the excellent photos and also to Simon Ulmer and Ralf König for attending the event.
October 01, 2024
Nordic Cyber Summit 2024
icon External Engagement

Nordic Cyber Summit 2024

The Charter of Trust at the Nordic Cyber Summit
What a great opportunity for Morten Kromann, Head of Industrial Security Denmark at Siemens, to present the Charter of Trust perspective on cybersecurity regulations like Hashtag#NIS2 at the Nordic Cyber Summit in Copenhagen.

This year the summit was again a formidable event to engage with top cybersecurity experts, share insights, and discuss strategies to navigate the ever-evolving threat landscape in the Nordic region with the theme “Fortifying the Future: Building Cyber Resilience in a Transformed World”.

A main aspect highlighted by Morten was the discrepancies between the NIS2 directive’s incidents reporting timeframe and related provisions adopted in other legislations. These regulatory overlaps create difficult compliance environments for industry and costly operational pressures which add to the fragmentation of the market instead of harmonizing it. That is why the Charter of Trust emphasizes streamlining reporting requirements stemming from these different legislative frameworks and developing single entry points for reporting on the national level.

These and more points have been discussed during our Security-by-default Webinar on the 29th of October. See the events section on this website to find the recording of the webinar.
September 16, 2024