Halloween is a day reserved for ghosts and goblins looking for a trick or a treat, and as October draws to an end there are plenty of scary happenings to occupy the minds of organizations.
Here are some of the scariest things for organizations this Halloween:
Ransomware
Ransomware attacks show no signs of slowing. According to the Chubb Cyber Index, ransomware accounts for 23% of cyber claims for smaller businesses (revenue less than $25M) in 2019. In 2019 thus far, we saw many local government municipalities, educational organizations, manufacturers and health care organizations become ransomware victims. Many organizations opted to pay the ransom demand, while others chose to rebuild their systems and refused to succumb to the ransom demand. In addition, many organizations that paid the ransom demand turned to their cyber insurance policies to assist with the ransom payment, ransom negotiations and legal counsel.
Phishing
Beware of that click! Spear-phishing attacks, more often than not are what cause a ransom demand in the first place. Spear-phishing attacks are targeted, whereas a phishing attack is more like a “scattergun” approach. As of late, spear-phishing attacks are happening more often being that the payoff for hackers is typically going to return a higher profit. Before clicking on any link, or downloading any file attached to an email, it is important to make sure you’re not being tricked into a ransomware demand and becoming this afternoon’s breaking news story.
Cyber Insurance Exclusions
One final thing for organizations to think about is their cyber insurance coverages and cyber insurance exclusions. While many cyber insurance policies now include coverage for ransomware demands, smaller organizations may end up without any ransom payout in the event their policy retention (“deductible”) is higher than the ransom demand. Though lately this has not been too much of an issue since hackers have increased their ransom demand payments in some cases to six or seven figures. Besides ransomware coverage, it is important to check your cyber insurance policy to see what type of phishing coverage may be offered in the event of a phishing attack that results in financial funds transfers or theft. Some cyber insurance policies will not cover phishing attacks that lead to someone in your organization being tricked into making payment to a third-party. In this instance, although the parties involved may later learn they were scammed, the insurance carrier states in some cyber insurance policies that you or your employees made and authorized the payment, therefore the incident is excluded.
Indeed, there is a big supply of cyber insurance policies available today which is why it is important to remind all organizations on this Halloween and every day thereafter:
Beware of your cyber insurance policy as it may have many scary surprises that are not afraid to come out when you least expect!