January 18, 2018 by Jason Contant
The operating model for cybercrime appears to have changed, with criminals using ransomware to target smaller companies and ask for smaller currency amounts, a cyber underwriter with Beazley told Canadian Underwriter on Wednesday.
Jimaan Sané said cybercriminals used to attack very large, sophisticated corporations. Because these organizations had ‘deep pockets’ — i.e. plenty of resources and money — they had the financial wherewithal to refuse to pay the ransom demands.
“Now, we are seeing bad guys going after low-hanging fruit,” Sané said in an interview. “They are asking [smaller companies] for smaller amounts, transacting and then moving on.”
The newly emerging strategy of cybercriminals is leaving small businesses exposed.
“If you’re a small florist and your website is down for two days, and you can’t ship any of your orders,” Sané said, “that can have a more significant impact to your business than if you are a very large corporate who has resources and infrastructure to deal with it.”
Sané reported that there has been an “explosion” in ransomware incidents recently, with Beazley itself handling 400 to 500 per cent more ransomware incidents over the past 18-24 months. “But the amounts they are asking for is getting smaller,” he said. “They want to go in, ask for a small amount, get paid and move on. I don’t think that’s going to go away.”
For larger attacks, Beazley is witnessing “disruption over cash,” Sané said. Pointing to the WannaCry and Petya/NotPetya incidents, he said the “disruption and the cost to businesses went through the roof. I’m not sure they made a ton of money from that, it seems like they just wanted to cause disruption.”
Automation is amplifying the risk associated with a cyberattack, Sané also observes. Given our increasing reliance on technology, a breach or hack could have an expanded effect on production or a company’s ability to trade. For example, heavy industries like mining and manufacturing are less worried about a data breach and more concerned about downtime that might affect their ability to conduct their operations.
“In that space, it almost seems that the more sophisticated you are, sometimes the bigger the loss,” which may seem counterintuitive, Sané said. “We’ve seen clients who have a manual workaround or who can revert to paper, they sometimes are not affected as much by downtime.”