Beyond the headlines – CFC on the highest cyber threats impacting companies

This article was produced in partnership with CFC.

Mia Wallace, of Insurance Business, sat down with Tom Bennett, cyber risk evaluation workforce chief at CFC to debate the cyber threats impacting UK companies.

Last month, headlines have been dominated by information of a cyberattack impacting a number of high-profile organizations together with the BBC, Boots and British Airways. But although the discourse generated was unsurprising given the prominence of the targets, it is usually symptomatic of an ongoing problem within the cyber market – of stopping the tales that dominate headlines from taking consideration away from the threats most related to the broader market.

This Cl0p-attributed assault epitomizes the tendency of the mainstream Press to zero in on such occasions, famous Tom Bennett (pictured), cyber risk evaluation workforce chief at CFC. However, when you take a look at these objectively, they’re really fairly small run-of-the-mill incidents – albeit involving high-profile gamers.

“Cl0p is a group which has carried out thousands of attacks,” he stated. “It simply occurred to be an enormous headline that day, but it surely ignores the truth that lots of Cl0p’s hundreds of victims have been very small companies.

“For another example, BlackBasta – one of the ex-Conti groups who sided with the Russian state – has hit loads of companies who are £5 million-£10 million in revenue, or even smaller. They aren’t necessarily only going after billion-dollar international megacorps. They’re hitting what they can and unfortunately, it’s proving very effective.”

With latest figures from GOV.UK’s ‘Cyber security breaches survey 2023’ revealing roughly 2.39 million situations of cybercrime throughout all UK companies within the final 12 months, the true scale of the cyber problem turns into clearer. And delving into the cyber risk panorama dealing with UK companies as we speak, Bennett highlighted why ransomware stays entrance of thoughts.

“From an insurance perspective and in terms of what’s really impacting our customers, ransomware is still number one,” he stated. “What’s changing isn’t so much the type of cyber threat, but how they are playing out and how threat actors are using new strategies and techniques to strong-arm victims while making boatloads of money.”

The altering profile of cyber criminals’ conduct

CFC is seeing a unbroken transfer away from cyber gangs simply encrypting information to as an alternative stealing information and threatening its publication – a development which began again in 2019 with Maze Ransomware. As a end result, Bennett stated, regardless of the insurance coverage trade’s advocacy for high-quality backups to permit the restoration of information, victims nonetheless pay ransoms to keep away from the ramifications of their information being stolen and printed. 

In flip, criminals have realized that this is the reason victims are paying, he stated, in order that they’re zeroing in on that information theft piece and spending extra time in networks, trying to steal info that may make victims really feel obligated to pay the ransom demand. What’s been fascinating to see is how the market has come full circle – from the pre-ransomware emphasis on information breaches to being about information breaches once more, propelled partly by privateness legal guidelines and the obligations round notifying topics within the occasion of a breach.

“The extra tier of this is how criminals are becoming increasingly nasty,” he stated. “They’re making private assaults towards stakeholders within the enterprise. I do know of 1 incident the place the CEO of a corporation was hit by extortion, and the group appeared prefer it wasn’t going to pay. So, the criminals despatched footage of [the CEO’s] grandchild to the corporate with a really imprecise risk, in an try and intimidate.

“And it had the desired effect of making them want to cave in, to avoid any threats to life in the real world. That’s something we’re seeing more of – people getting harassing phone calls on personal numbers that the criminals have spent time to discover in order to use real-world intimidation rather than just cyber extortion to encourage them to pay. That’s something we hadn’t really seen in previous years.”

The energy of in-house experience and options

The overwhelming majority of the instruments CFC’s policyholders profit from are ones that the enterprise has constructed in-house, leveraging the experience of its 100-plus software program growth workforce. And understanding the place to finest direct these sources has been made attainable by its in-house cyber forensic capabilities – making a seamless suggestions loop of monitoring what’s impacting clients after which constructing the instruments to guard and assist them as this modifications over time.

“My team is basically the conduit for interfacing this with our customers,” he stated. “We take all those lessons about what’s causing claims, and the constantly changing shifts in attacker methodologies and targeting behaviors and then focus our efforts there. And our focus is on making this as simple as possible for the customer, so we can hold their hand through the process of managing threats, irrespective of their technical knowledge or the size of their company.”

Bennett and his workforce carry collectively a number of risk intelligence feeds alongside CFC’s proprietary information, in order that they’re effectively positioned to step-in the place a buyer has an issue and to mitigate threats earlier than they grow to be claims. And there’s no “sting in the tail” of this providing, he stated, it has no influence on a consumer’s danger profile as a result of CFC has a mutual curiosity in its policyholders not claiming on their insurance policies.

“We have pretty unparalleled access to what criminals are doing – literally in real-time in many cases,” he stated. “We can see the attacks that happen and alert customers in that small timeframe between their initial compromise and something very serious having happened. Because criminals are now looking for that valuable data, it creates that very small window of opportunity – and that’s where we leverage our ability to intervene.”