Ransomware attacks are one of the most common cyberattacks in the world, with malicious attackers targeting high-margin companies with systematic exploits and monetary gains as a clear end goal. I will. Since then, many companies, especially high-value companies, have opted for cyber insurance policies to address ransomware incidents, Cyber security The community believes that more ransomware attackers will be incentives by using cyber insurance to mitigate ransomware attacks by issuing payments. Threatpost’s research report on this issue cites several ransomware examples and explains why.
Financial “cushion” vs. responsibility
Is Threat post report Gives several examples of how cyber insurance claims have worked so far. In this regard, the report has so far referred to how cyber insurance has acted as an auxiliary buffer for businesses to help them recover from catastrophic cyberattacks. Obviously, the purpose in is not to use such a policy when paying an attacker for ransomware, but to assess the total cost incurred by the cumulative nature of the losses posed by the ransomware attack. , Is to mitigate.
In a standard ransomware attack, the enterprise is usually Cyber infrastructure, And the costs incurred can extend to ransom payments, infrastructure overhauls, corrupted file recovery, quick response security personnel, and more. Compensation for such assessed damages is an important objective behind cyber insurance policy, but security researchers point out that the liability aspect can fail the process. “Ransomware payments not only put the organization in a potentially suspicious legal situation, but also cybercrime that you funded a recent investigation,” said Brandon Hoffman, chief information security officer at NetEnrich. I’m proving to others. “
In India, cyber insurers are steadily increasing in frequency, both personally and personally. mint report. However, blind reliance on insurance, especially to mitigate the costs incurred by ransomware, also contributes to companies not strengthening cybersecurity standards and defenses in the way they should. Concerns are unwavering.
Regulatory guidelines required
Refraining from paying ransomware is not a regulatory need, but many security advocates emphasize that businesses need to pay the ransom easily. To this end, the United States is trying to set a certain precedent by advising state and local governments not to pay ransom in the event of a cyberattack. In this case, many attacks are usually organized by state-sponsored foreign state cybercriminals. For this reason, many cyber insurance companies have provisions in their service contracts to refrain from paying ransom due to hostilities or war.
However, like most technologies and insurance, cyber insurance remains unregulated in countries such as India. The country The biggest target of cyber criminalsHowever, it lacks a clear understanding and unity of recommended behavior for companies facing such cyberattacks. A February 2018 paper on this issue by Simran Sabharwal and Shilpi Sharma of the University of Amity emphasizes that ransomware is not covered under the Indian Information Technology Act of 2000. Action.
Until further regulation in India and around the world, ransomware attacks guarantee that payments from businesses will be sacrificed, and insurers will continue to bear the brunt of such attacks. Security advisors are primarily focused on fearing attackers using policies to further increase financial abuse, but the industry is good enough for businesses to deal with cyber crises. We need laws and regulations to establish a corresponding framework that holds down payments while providing compensation and resources.
Increasing ransomware attacks due to corporate cyber insurance, seeking regulation
Source link Increasing ransomware attacks due to corporate cyber insurance, seeking regulation