There are a few sexy cybercrime cases that pervade the public consciousness. They fill anxious minds with visions of hooded hackers reaching through glowing ones and zeroes to steal their data. Last month’s global ransomware attack WannaCry dominated real estate on every major tech website, including PYMNTS. But in the shadow of these attacks, a cyber pandemic is being overlooked.
You probably heard news about the attack at University College London. In the vein of ransomware attacks that crippled the National Health System earlier this year, the University College attack locked campus computer systems and threatened to install damaging software if users didn’t pay up. Systems were infected June 14, and normal operations did not resume until June 20. The malware infection was blamed on a pop-up ad from a compromised website.
And it’s likely you caught wind of the one at the George Eliot Hospital in Nuneaton, U.K. Staff had to switch to paper records for two whole days while the hospital’s 1,500 PCs were shut down and then, one by one, checked for residue of the malware. CT scans and X-ray images could be taken and reviewed, but not saved, due to the risk of spreading the virus.
PYMNTS readers know that companies are still riding the aftershocks of WannaCry: Honda had to shut down production plants in Japan after finding the ransomware in its system on Monday, June 19. Security experts are saying that new versions of the malware could still strike.
But those are the sexy ones.
“There [are] many you don’t hear about because companies don’t want to publicize them, and it’s not legally required to report every incident,” Bill Kelly, senior vice president for underwriting at San Antonio insurer Argo Pro, told Xconomy.
Argo is a mid-sized insurance carrier offering cyber insurance as an additional layer of coverage on top of its other policies. Dozens of other carriers are doing the same, offering stand-alone cyber insurance policies to address the growing threat. It would seem that criminals aren’t the only ones who stand to make money off cybercrime.
“As more and more people and devices become ‘connected’ and companies and economies continue to advance technologically, the exposure to cyber incidents will grow, and opportunities for criminals and hackers will increase,” said Kelly.
Although Kelly’s company and others have recognized the extent of the threat, not everyone is there yet. A recent FICO survey showed that half of U.S. firms do not have cybersecurity risk insurance, and of those that don’t, 61 percent don’t even have the intent of getting a policy.
According to Kaspersky Lab, it’s not that people don’t see the risk. Seventy-four percent expect to experience an attack, and this spring, 54 percent of them did. The problem is that they mis-prioritize the risks. The aforementioned attacks have done a good job of keeping ransomware and targeted attacks in the public psyche, yet good old conventional malware still causes the most trouble overall.
They say the best offense is a good defense. Here’s how some people are bracing themselves for the almost-inevitable attacks.
The European Central Bank (ECB) will now require Eurozone banks to report all major cybersecurity incidents within the central bank in order to document the threat that cyber incidents pose to financial stability. The ECB piloted a cyber incident reporting framework in 2016, and it is that framework which will be placed on Eurozone banks starting this summer.
“This will help us to assess more objectively how many incidents there are and how cyber threats evolve,” said Sabine Lautenschläger, the European Central Bank’s vice chair for supervision. “It will also help us to identify vulnerabilities and common pitfalls.”
Canada is already talking electoral security for its 2020 election, in the wake of claims that Russia interfered in the U.S. presidential election.
Girl Scouts are earning cybersecurity badges through a partnership with security company Palo Alto Networks in a move that both breaks down gender barriers in the workplace and equips the next generation to clean up the cyber-mess we’re leaving them.
“The World Health Organization says that the best way of stopping diseases from spreading is basic hygiene: washing your hands. And the same is true for IT,” said Lautenschläger.
“Basic IT ‘hygiene’ can take banks a long way. Have the latest updates been installed? Are passwords strong enough? Have backups been made and their restoration tested? Such simple things are so important, but often neglected.”