Insurance lessons from the cyber attack at DC’s police department
At the end of May, Washington DC’s police department experienced a ransomware attack that ended up with confidential documents on the Dark Web. The Babuk group adjudicated the attack and threaten to publish police department’s data, including HR.
According to Edition CNN News , the attackers posted a ransom note claiming they had stolen more than 250 GB of data and threatening to publish the material if they were not paid a non-reveled amount of money within three days.
DC’s police department attempted to pay. During the crisis MPD’s negotiator offered 100,000 dollars against a demand of 4 million “to prevent the release of stolen data” according to CNN.
The offer was, however, declined. Approximately 20 members’ information was released through the ransomware group’s website
Threat analyst Brett Callow from Cybersecurity firm Emsisoft, told CNN that the tactics used by ransomware gangs have become more extreme, steadily. “It’s not all surprising to see one make a threat such as this. In fact, it represents a logical and inevitable progression.”
In fact, the metropolitan police are not the first to suffer an attack by ransomware groups. City officials confirmed that the Azusa Police Department was also attacked later in May, an experience they have already had, in which they ended up paying $65,000 dollars to rescue their data.
“Ransomware gangs have been leaking sensitive data from victims for well over a year, but experts said they’ve not seen such aggressive new tactics used before against police departments. The cybercriminal mafias mostly operate in foreign safe havens out of the reach of Western law enforcement.” Says Alan Suderman from Claim Journal.
These examples show how cybercrime is threating not only big to mid-size businesses –their usual targets- but also reveal a growing lack of fear to what law enforcement can do.
Police computers are especially vulnerable to ransomware due to old software systems and exploits available for hijackers to steal data security. The spate of attacks comes as the Biden administration is trying to step up the nation’s cyber-defenses
Education and preparation are the best line of defense for this scenario combined with the best ally of security: the right insurance coverage.
Data breaches are rapidly increasing in complexity and can cross borders between coverage types, thus rendering standalone data breach insurance policies inadequate. For instance, a cyber insurance policy will protect your business from losses related to cyber-attacks and security breaches that compromise the proprietary data stored on your networks.
Also, technology errors & omissions policy will cover your liability and legal costs if a client sues you because of a data breach on their network that stems from a failure on the part of your product or service.
Currently, data protection and privacy are regulated under the Information Technology Act and reasonable security practice rules. Unfortunately, in regards to cyber security a lot of people are not adequately equipped to fully grasp the growth trajectory and disruptive implications of emerging tech-data driven industries, and this includes some insurtechs.
Presidential administration has allegedly made a commitment to “Boost defenses against attacks,” “improve efforts to prosecute those responsible,” and “build diplomatic alliances to pressure countries that harbor ransomware gangs.”
The conclusion? Combining technology for Insurance (InsureTech) is the most cost-efficient way to purchase companies’ insurance and provide optimal protection.