LAS VEGAS — In an ever-shifting and intensifying threat landscape, cyber insurance carrier Coalition is urging Chief Information Security Officers (CISOs) to take a more active role in policy decisions and work closely with insurers. Catherine Lyle, head of claims at Coalition, emphasized this message during her presentation at Black Hat USA 2023. Lyle spoke about the growing sophistication of threat actors and how it is impacting both insurers and the insured.
The session highlighted that while many threats to enterprises remain consistent, such as phishing, funds transfer fraud (FTF), ransomware attacks, and business email compromise (BEC), the evolving techniques of threat actors are contributing to a higher success rate. Lyle stressed the shared mission of insurers, IT departments, and enterprise security teams to adapt to the shifting cybercrime landscape, where threat actors apply increased pressure with aggressive extortion tactics.
In an interview with TechTarget Editorial prior to the conference, Lyle described the session as a “very frank discussion with CISOs.” She emphasized the need for CISOs to be active participants and not rely solely on security measures to solve all cyber threats. Lyle stated, “This falls to you [CISOs], and you really need to be active and participate in this. It’s not something you can think that security is going to solve it all, because it’s not. Time and time again, that’s been proven.”
There has been ongoing contention between insurers and CISOs as premiums increase and coverage in some policies decreases. Lyle listed ongoing security assessments, patch alerts, and retrieving stolen funds as incentives for cyber insurance. She also mentioned that Coalition is working on building forensic relationships to assist insured organizations with incident response.
Many CISOs face challenges with cyber insurance policies, including higher premiums and lesser protections. Fawaz Rasheed, a field CISO at VMware, highlighted the difficulty of justifying the implementation of new requirements posed by insurers. However, he recognized that insurance carriers’ new security requirements are contributing to better security postures. Rasheed mentioned that cybersecurity vendors are now demanding cyber insurance coverage from CISOs.
Lyle emphasized that insurance carriers are there to help organizations in more ways than they may think. She stated, “Many CISOs think that somehow insurance companies are going to make it worse, and I promise you, it makes it better. Our job is to make sure they’re getting the most out of their product.” Coalition’s assistance includes identifying threats and attack trends while advising customers on how to reduce their attack surfaces.
Based on Coalition customer claims, threat actors have become more effective, particularly in ransomware attacks. Coalition observed a 27% increase in ransomware attacks from the second half of 2022 to the first half of 2023. During these attacks, ransomware operators demanded an average of $1.4 million according to customer data. The growth of ransomware-as-a-service has contributed to the growing sophistication of this threat.
Phishing was identified as the attack vector in 76% of Coalition customer claims in 2022. Defending against funds transfer fraud attacks was also emphasized by Lyle. Coalition observed an increased dwell time in FTF events, indicating that threat actors took longer to plan their attacks. Lyle highlighted the dangers of this increased patience, as attackers maintain persistence to carry out successful social engineering attacks.
Lyle urged organizations to address their attack surfaces by prioritizing patching and implementing vulnerability patch management protocols. She mentioned that organizations using end-of-life (EOL) software are three times more likely to be attacked. Lyle stressed the importance of timely patching and mentioned that Coalition is making it easier for enterprises by providing alerts and prioritization methods.
Regarding ransomware, Lyle encouraged enterprises to maintain efficient backups for recovery and implement multi-factor authentication (MFA). MFA is increasingly important as threat groups share and abuse stolen credentials.
In conclusion, Coalition is encouraging CISOs to actively participate in cyber insurance policies and work closely with insurers to adapt to the evolving threat landscape. By collaborating with insurers, CISOs can better protect their organizations and reduce the impact of cyber threats. It is crucial for organizations to prioritize patching and implement effective security measures to defend against advanced threat actors.