At The ALS Group, we are acutely aware of the evolving threats in the digital landscape, and swatting represents a particularly malicious form of cyber-attack with real-world implications. As a risk advisory firm, our mission is to illuminate the dangers of such activities and provide strategic risk mitigation strategies to safeguard businesses and individuals alike.

As we launch 2024, we, once again, recognize the escalating significance and pressing demand for treating cybersecurity as a priority, for organizations, individuals, and governments alike. Cyber insurance underwriters continue to look for their insureds (or prospective insureds) to have a myriad of IT security controls in place to mitigate various cyber exposures. One particular emerging technology that is giving the risk management and insurance industry reason for concern is Artificial Intelligence (AI).

As air travel for the upcoming Thanksgiving weekend spiked to pre-pandemic levels and AAA estimates over 53 million people will hit the road this holiday, the Cybersecurit

y & Infrastructure Security Agency (CISA) and FBI issued an advisory yesterday, warning critical infrastructure partners that malicious cyber actors tend to strike during holiday weekends.

“Although neither CISA nor the FBI currently have identified any specific threats, recent 2021 trends show malicious cyber actors launching serious and impactful ransomware attacks during holidays and weekends.”

As organizations are becoming more aware of Cyber-attacks and Ransomware and are improving IT security tools they use; Ransomware and Cyber criminals are also evolving and are devising new ways to breach a company's systems.  In addition, expenses related to Cyber breaches/attacks are steadily increasing.  Ponemon's 2019 Cost of a Data Breach study noted that "breaches originating from a malicious Cyber-attack were not only the most common, but also the most expensive."

Below are several tips to help combat Ransomware and other Cyber threats:

1. Strong passwords aren't enough - companies should be implementing and enforcing two factor authentication to prevent unauthorized access using a company account, especially for users with elevated access rights. 
2. "Over the counter" anti-virus is a bit outdated - look into rolling out Endpoint Detection and Response (EDR) software.  It's smarter and responds fast to threats than your average anti-virus software. 
3. Implement Email Spam Filtering - a quality spam Filtering service will not catch all spam and phishing attempts but it will prevent most of them from reaching a user's inbox; therefore reducing the threat that a user errantly clicks on a malicious link For the ones that do get through, educate your staff on how to identify and deal with phishing attempts. 
4. Introduce multiple point of redundancy - in some cases your backup system may be compromised or unavailable.  Remember, cloud servers and backup systems can get hit with ransomware too. It's best to have a backup to your backup.
5. Patch servers and computers regularly and update firmware on hardware devices. 

Last but not least, make sure you have adequate Cyber insurance that covers ransomware events, extortion payments, legal and forensic fees and data recovery in additioon all of the other beneficial coverages that are provided by a Cyber Liability policy.  

Despite being full of positive, useful and educational information, the internet is chock-full of potential dangers, and your children can unintentionally get into quite a few uncomfortable and, sometimes, dangerous situations. These risks are even more prevalent now, as many parents are working from home and children are attending classes remotely. As highlighted in our past blogs on this topic, if you have a standard Homeowners policy, you will likely have little protection from the legal liabilities that can result from inappropriate actions via the internet. So, what can you do?

Most CEOs or CFOs are probably not Cyber Security experts, but are entrusted to ensure the company runs efficiently and profitably. In today’s business IOT world, having a safe and secure network is a large part of keeping the business operational. This includes ensuring that all cyber related risks are minimized as much as the budget will allow. Cyber related issues that threaten the company’s income are scary for sure, but perhaps the most frightening aspect of keeping your network and data secure are the “unknowns” of IT.

Most companies have been forced to quickly implement a remote work solution that suited essential employees or even the entire firm’s staff. This has exposed many companies network to new risks as everyone has a different set up at home. Some are using MACs, some using PCs, some have outdated operating systems and software while others are already infected with viruses or malware. 

For the last several years Allianz has published a concise and informative report on the top risks that businesses face globally. It is a great opportunity to think about how these risks could affect your business operations and what the impact would be. When thinking about risk, it is important to think about "materiality" and what "financial impact" would be material for your company to cause a disruption. Even through many of the risks on this year’s report are readily insurable, the "disruption factor" of having to manage through a loss is worth considering.

Ransomware strikes. Your critical data files have been encrypted and your business grinds to a halt. Do you:

a) spend countless hours rebuilding from backups (if you were diligent enough to ensure they'll work) or

b) pay the perpetrator to unlock your files?

Now that ransomware is spreading like wildfire through malicious emails, "malvertising" campaigns, and exploit kits, many firms and individuals face this exact scenario.

Globalization and dependence on the internet for data storage over the past decade has exposed companies to a whole new set of risks. As this trend continues, so too does the risk associated with breaches of domestic or international servers. Massive data breaches happen with alarming frequency. In the past few years, there have been several high profile attacks affecting companies like: