3 Key Takeaways
- Cyber threat actors are using AI and automation to create deepfakes and convincing phishing emails, and to exploit software vulnerabilities faster than ever.
- Most companies, especially SMEs, need to outsource their Endpoint Detection and Response (EDR) and work with a virtual CISO to maximize their cybersecurity efforts cost-effectively.
- As more companies in our highly interconnected world depend upon a few key vendors, third-party risk management is an increasingly important issue.
How the NetDiligence Ransomware Advisory Board Provides Bleeding-Edge Insights for Cyber Insurers and Their Policyholders
Continuing our series of educational discussions with cyber risk management experts, NetDiligence® President Mark Greisiger and Sherri Davidoff, Founder and CEO of LMG Security, talked about how NetDiligence’s Ransomware Advisory Board helps cyber insurance companies and their policyholders face today’s cybersecurity threat landscape more confidently and successfully.
NetDiligence formed the Ransomware Advisory Board by gathering 50 leading forensic experts from the global cybersecurity community. These professionals think about and deal with such issues as data breach remediation and how to prevent ransomware on a daily basis.
In addition to her work at LMG and as a leading expert on the Ransomware Advisory Board, Sherri is also the author or co-author of three books about cybersecurity, including Ransomware and Cyber Extortion: Response and Prevention (Addison-Wesley Professional, 2022).
Read edited highlights from Mark and Sherri’s conversation below, and watch the full interview above.
Trends in Ransomware Attacks to Know About
Mark Greisiger: Can you give us a recent takeaway for cyber insurance providers that came from the Ransomware Advisory Board?
Sherri Davidoff: Right now, we’re seeing ransom payment amounts declining slowly. That’s a good thing. We’re digging into why it’s happening.
We’re also regularly seeing double extortion. Data is being stolen, then leaked and also encrypted. We’ve been watching that trend over the past couple of years. It helps us understand what to expect and how to respond.
We’re also seeing that, as law enforcement takes action, ransomware groups are splintering. Sometimes they’re not as organized. They might wait a few days before leaking information, or they’re leaking it in batches, all at once. That trend helps us inform public relations and negotiation strategy.
AI and Automation in the Cybersecurity Threat Landscape
MG: What cyber threat actor tactics should top cyber insurance companies and their policyholders know about?
SD: Attackers are seizing on AI and automation. Recently, in LMG’s lab, we saw WormGPT, which attackers use. FraudGPT is coming out.
We’re seeing threat actors regularly use deepfake voices and sometimes even video. We also see phishing emails in multiple languages, and they don’t have spelling and grammar errors. Thanks, Jet GPT!
Why Companies Should Outsource Their EDR and CISO
MG: How else might the Ransomware Advisory Board’s discussions benefit cyber insurance companies? We summarize what we discuss and make it available to carrier partners inside their eRiskHub Portal.
SD: I’ll give you an example. At the end of Q1, we produced a summary, and the top control people wanted to talk about was the importance of staffing and monitoring. All the time, we see companies have invested in tools like Endpoint Detection and Response (EDR) and multifactor authentication (MFA); but if you don’t have trained and knowledgeable staff to configure and monitor those security tools, they can be liabilities.
So the Ransomware Advisory Board emphasized that having EDR and MFA aren’t enough. You must have trained, knowledgeable people to configure them appropriately—in-house, or fractional, outsourced staff.
MG: My recommendation to any SME is outsource, outsource, outsource EDR monitoring. Very few companies have the staff and bandwidth to stay on top of and maximize that control. There are so many good “managed security providers” that will do so cost-effectively for SMEs.
SD: We’re seeing that demand trend with virtual CISOs, too. There aren’t enough CISOs to go around. Also, SMEs often don’t need a full-time CISO. You need someone who’s going from company to company and learning, and coming to you fractionally or part-time.
Monthly Vulnerability Scans Are No Longer Adequate
MG: What’s a leading safeguard control many of our cyber insurance carrier partners want for their policyholders, especially SMEs?
SD: A big one that’s bubbled up this year is proper vulnerability scanning and patch management. We’re seeing so many zero-day software vulnerabilities, or even vulnerabilities people forget to patch, and then your whole organization gets taken over.
Obviously, we’ve been concerned about software vulnerabilities for a long time. But partly because of AI, the speed with which attackers create exploits and find vulnerabilities is increasing.
Ten years ago, we used to recommend a monthly vulnerability scan. Now, you can’t wait a month to do another scan. You need to be looking at continuous scanning. Make sure you have a product. Make sure you’re doing penetration testing so you’re catching things automated scanners don’t find.
Important Questions About Third-Party Risk Management
MG: What other trends will the Ransomware Advisory Board be watching in the coming months and years?
SD: Third-party risk management is becoming huge. We, as a society, haven’t figured out how to rein it in. More importantly, we haven’t figured out how to track that risk from an insurance perspective.
We need to start thinking about not just, “What are the risks to this company?,” but, “What key vendors do they rely on?” If everybody relies on the same few vendors we might have a problem. Sometimes, you don’t even realize how connected we all are until a third party gets hacked and there are ripple effects.
Learn more about LMG Security. If you have questions for Sherri, reach out to her at LMGSecurity.com.
Click here to learn more about the NetDiligence Ransomware Advisory Board.
Lastly, if you’re a cyber insurer in need of a one-stop cyber risk management solution for your internal staff and policyholders, then you need the eRiskHub® platform from NetDiligence. Our white-labeled platform is specifically designed to deliver powerful tools and resources for anyone and everyone working in the cyber risk management ecosystem. Contact us today to learn more.
