Cybersecurity and Insurance
That was an expensive click
by Charles Parker
Everyone needs or is required to have insurance. This may take the form of auto, health, dental, short- or long-term disability care, or any of the other types of insurance. It seems as though if there is a need, you can find insurance for it. One of the largest commercial insurance carriers in the US is CAN. While being one of the largest insurance carriers in the nation certainly is a success to be applauded, this also has the tendency to put a target on you. After all, when a company is this huge, there is a literal mountain of data to target, and the company certainly has deep pockets to pay a ransom, if they so choose.
Recently CNA had the pleasure of working through an incident much like this. Ironically, CNA sells cyber insurance. In this case, the attackers were able to compromise CNA’s system. Post-breach, they were able to encrypt over 15K of the company’s devices using Phoenix Crypto Locker, a variant of Hades. This variant is engineered to encrypt the files on the compromised machines and demand a ransom for the decrypt key. The group, Evil Corp, was paid the ransom by CNA.
For everyone and organizations that believe “This can’t happen to me!”, yes it can. If CNA who has a vast number of resources and even sells the insurance for this type of incident can be successfully attacked, you certainly can also.