Where the next big cyberattack could come from

Cyber extortionists will soon likely gravitate toward attacks on global or shared infrastructure, a cybersecurity expert predicts.

From a cyber insurance perspective, brokers should highlight that the coverage helps organizations manage the risks they can control, as well as the ones they have little control over. “Regardless of the organization and the investment they’ve made in cybersecurity, there are forces outside their control – third parties – that can serve as a common risk exposure,” said Kevvie Fowler, partner of cyber risk with Deloitte Canada, in an interview with Canadian Underwriter Tuesday.

There’s been no shortage of cases recently where extortion has been a motivation. However, when looking at these cases, whether it’s ransomware or targeted extortion, it’s primarily focused on specific organizations or individuals.

“I see that threat migrating to global or shared infrastructure, like your DNS system or key Internet infrastructure or backbone,” Fowler said. “If you just think about that for a second, what these threats would involve would be a group, or a collection of different cyber adversaries, who would get together.”

Fowler was responding to a question from Canadian Underwriter about what he sees as the “next big thing” in cyber.

These cybercriminals, whether hackers from a nation state or groups of cybercriminals banding together, would first identify the key infrastructure. They would then make a threat or demand, which would have to be public as it’s not directed toward any organization or specific individual. “There would be some demonstration of strength, so they knock down partially the infrastructure.”

In terms of payment, Fowler sees a “GoFundMe page equivalent” that would be used by organizations or governments to help them make the payment to try to avoid the infrastructure from coming down.

“[Instead of] targeting one organization, which typically is going to have a much smaller ransom, being able to target an entire industry or country, you’d be able to collect a much larger ransom and there’d be far less work involved,” Fowler said. “I see that as the national evolution of extortion.”