Plain English Cyber in 3 articles, 2 numbers and 1 action.
This week: MFA applies to your Tesla too, cyber insurance is covering less and costing more, and 24% of ransomware payments do not enable the victim to recover their data.
If you’d prefer to listen to Cyber 3-2-1: This week’s episode is accessible from https://www.codeinmotion.ie/podcast or wherever you get your podcasts.
This week’s action: It’s time to test that your backup is more useful than a chocolate teapot.
1: Greenland’s health service suffers a cyber attack
Graham Cluley reports that “Greenland’s health service has been struggling to recover from a cyber attack that has crippled its IT systems, causing long waiting times and forcing doctors to resort to using pen and paper instead of computers. Although it is not currently believed that any data has been stolen by the attackers, the attack on Greenland’s health service has caused large amounts of disruption since May 9 2022. [..] Coincidentally, the attacks on Greenland’s health service came almost precisely five years after the WannaCry ransomware struck the United Kingdom’s National Health Service (NHS), causing headlines worldwide.”
And I don’t think I need to remind any Irish readers about the attack on Ireland’s health service last year.
2: Multi-factor authentication applies to your Tesla too
CyberNews reports that “Threat actors can conduct a relay attack to unlock and operate Tesla Model 3 or Model Y without the car owner’s permission. [..] NCC Group researchers found that cars with similar technology can be unlocked remotely, meaning that threat actors can break into and operate the vehicles even when authorized devices are out of range. [..] Researchers were able to unlock and drive a 2020 Tesla Model 3 using a small relay device designed to bridge the gap between the Tesla and its owner’s phone. [..] [NCC recommended that] Users should be educated about the risks of [these types of] attacks and encouraged to use the PIN to Drive feature”.
I don’t own a Tesla, but ‘PIN to Drive’ sounds suspiciously like a password. It sounds like Multi-Factor Authentication is a recommended security measure for modern vehicles too.
The spectrums of ‘Security vs Convenience’ and ‘Efficiency vs Resilience’ are very interesting to me, especially after giving up on my fancy but unreliable Nest thermostat and also because I’m currently listening to an audiobook about cyber attacks called ‘This is how they tell me the world will end’. But this is a discussion for another day.
3: Cyber insurance continues to get more expensive and more restrictive.
Another area that interests me is developments in cyber insurance. One risk mitigation strategy is to transfer the risk – In other words, find someone else to pay the cost of an incident.
Given the likelihood of a ransomware attack on a business with weak cybersecurity measures, and the impact (i.e. cost) to recover from the attack ,It has amazed me how cheap it was for organisations to get cyber insurance cover and how few questions they are asked about their security defences on the proposal form. I always felt that this was a risk / pricing issue which would come back to bite insurers.
It looks like the insurers are figuring this out now as well.
According to a ransomware trends report released by Veeam recently (and mentioned below), over one third of organisations with cyber insurance policies said that their policies explicitly excluded cover for ransomware payments. I wonder how many of the remaining two-thirds have similar exclusions but won’t realise this until they try to make a claim?
In a separate article on CyberScoop, similar trends are discussed. “There are a lot of companies that have gone through their renewals and ended up either becoming uninsurable or have implemented some new controls in order just to get to the point of being insurable [..] The scope of what insurers are covering is also narrowing as costs go up [..] CEOs of major insurance companies said last year that cyber insurance premiums sector-wide had spiked dramatically, with AIG’s chief executive saying rates increased by 40% [..] Ransomware is driving most of the cyber insurance woes, accounting for 75% of all cyber insurance claims in the summer of 2021 compared to 55% in 2016.”
To put a positive spin on this, maybe the increasing cost and reducing coverage of cyber insurance will motivate organisations to implement appropriate security measures, even if the actual risk of an attack wasn’t enough motivation already.
According to a recent “Ransomware Trends Report” released by Veeam, a backup company, 24% of the 1000 ransomware victims (across 16 countries) involved in the survey paid the ransom but were still unable to recover their data.
19% of the ransomware victims in the survey were able to recover from the attack without needing to pay the ransom.
It is likely that reliable backups played a key role in their ability to recover without paying the ransom. The survey suggests that many of those surveyed used backup solutions that were difficult or impossible for attackers to destroy (including many large organisations that continue to use backup tapes).
1: It’s time to check that your backups work
This is not the first time I’ve reminded you about your backups.
- In March and April, I recommended that you confirm your backup strategy is ready to help you recover from a cyber attack.
- I also recently wrote a short article that explains the amazing world of backups, and the difference between full, differential and incremental backups. I highly recommend that you read this page-turner (https://www.codeinmotion.ie/a-backup-is-your-best-buddy).
This week, I recommend that you check your backups actually work, by trying to restore at least one file from backup.
I will focus in on the smallest set of actions that you can take to get some comfort that you can rely on your file backups:
- Find a file that was last edited a couple of months ago – Let’s say some time in March.
- Take a note of the file name and the folder that it is in.
- Do not open the file or edit it – Just move it from its current location to another folder.
- Do not tell anyone that you have moved it. As far as anyone is concerned, it has been deleted.
- Now ask your IT team to use a backup to restore the file (noted in step 2) back to its original folder (also noted in step 2).
If they can restore the file from a backup quickly, then it’s a small success that suggests you have something you can rely on.
If this can’t be done or if it seems to take them a long time to do it, you need to investigate why and address the issue.
This is not a foolproof backup recovery test, but if you’ve done nothing like this before, it’s a good start.