CSIRT vs Cyber Insurance and Why You Need Both
Malicious hackers have been targeting companies of all sizes lately with ransomware. Some new attacks have included: modifying company executives’ e-mail inboxes to make it look like they’ve been involved in insider trading, compromising the systems of telemedicine providers by sending malware disguised as x-rays or medical history, and offering discounts to victims if they will point the groups in the direction of new victims.
Over half of all cyber insurance claims in 2022 were for ransomware losses and/or fraudulent funds transfer. The average insurance claim for a ransomware incident in the US was $256,000, according to Corvus.
Ransomware attacks typically involve the locking of workstations and encryption of data, exfiltration of data to the attacker’s data center, and ransom ‘notes’ displayed on screens with further instructions. Ransomware groups look for payment in cryptocurrency and threaten to permanently delete data or post it for sale on the darkweb.
If you have been following a proper security-conscious IT policy then you should have off-site backups of your important systems and data.
With a professional Cyber Security Incident Response Team (CSIRT) on-call to help you, you should be able to limit the damage to your network and be able to restore backups. With Cyber Insurance you should be indemnified for financial losses incurred due to the downtime and recovery costs.
Here’s an example of how a ransomware incident might go:
Ideally the above reflects how your ransomware incident goes. It’s disruptive but relatively smooth. You have downtime in between points 3 and 5, but you end up back at the state your systems were in at point 1. You may lose days, weeks, or months of data and work that you had already completed. Depending on the type of organization you run, you may be liable for fines from regulators if the data gets made public. The CSIRT team will have helped you get back online and your Cyber Insurance should allow you to claim for financial losses.
The Spotit CSIRT is ideally placed to respond to all security incidents, including ransomware, since on our team we have experts in cyber security, networking, systems administration, governance, and data protection. The Spotit CSIRT is on-call 24/7 with real US (+1 984 884-0140) and Belgian (+32 9 394 44 79) telephone numbers posted on our website. Each member of the team is certified in multiple disciplines by major vendors including (ISC)², Microsoft, Palo Alto Networks, and Cisco. The CSIRT service is available on demand or via a retainer agreement. For more information, visit our service page.