Normalizing Outliers in Cybersecurity — Ransomware Edition

Last week, I wrote an article titled “Black Swan in Data Security”. The primary point I made is that most IT projects fail to consider even mild outlier events when it comes to security (such as compromised passwords or breach).

However what used to be an outlier event, ransomware threat is becoming normal. AXA, a large global property and casualty (P&C) insurance carrier, announced that they will not sell new policies that covers ransomware extortion payments (link).

They are acknowledging that their models do not factor in this risk sufficiently. These events are occurring so frequently that covering them at old price points do not make business sense. They will have to update their models and pricing before explicitly offering it as a coverage. I think this makes sense.

AXA and Cyber Insurance

Across many industries we are seeing “normalization” of ransomware; what was once an outlier event is becoming “normal”. The process plays out in three phases.

1. Initially the outlier event are not given too much attention. In the past, AXA covered this risk and made claim payments, because it occurred rarely.
2. As the event occurs more frequently; everyone figures out how to cope with it. I think this is the stage AXA is in, right now. Taking a step back to recalibrate.
3. Eventually the outlier is accepted as part of normal. There will be a well-defined coverage for ransomware with suitable pricing.

Once the normalization process is complete, you can expect to see two things:

1. Higher cost of doing business: Take for example, medical malpractice lawsuits. When malpractice suits started to happen frequently, cost of practitioner insurance (something that healthcare providers buy) shot up. Healthcare providers in turn passed on the cost to payers (insurance and patients); so health care premium went up. Since most of the healthcare premium is borne by employers, cost of doing business shot up. We will see a similar cycle with spike in ransomware events.
2. Insurance carriers will offer premium discounts on cyber policies to those who take adequate measures to protect their data. Like in home-owners insurance, where homeowners get discount on premium if they install a burglar alarm. This will result in all operators looking for good data protection solution.

There are two types of exposure with ransomware.

1. Business Disruption:

An adversary will typically encrypt a key piece of data (rendering it undecipherable), that is critical to running the IT systems. This could be your customer master table, product catalog, inventory data etc. This will disrupt your ability to run your business. The adversary will then demand a ransom in order to decrypt the data, to let you run your business.

One way to mitigate the impact is through well designed backup and recovery strategy. Backup solution providers (like Rubrik, link) can help.

2. Data Leak:

The adversary may exfiltrate sensitive data (e.g. PII, PCI, PHI, trade secrets, blueprints, financials, budgets etc) to an offsite location and threaten you that they would leak the information. They may even threaten your customers directly (if the exfiltrated data pertains to your customer). This results in repeated extortion and irrecoverable loss of trust, credibility and reputation.

Titaniam

Titaniam can help with the latter. Titaniam protects your data in such a way that even if your data is exfiltrated, the adversary will not be able to see it in clear text. Once you protect your sensitive data with Titaniam, you will not lose sleep over:

1. Paying ransom for data leak threats
2. Disclosing the breach to authorities
3. Losing your customers’ trust

Titaniam is not just another data-at-rest encryption solution. Most data-at-rest encryption solution does not protect all the attack surfaces. In fact despite all the data-at-rest encryption, if an adversary can get to your data store (and gains ability to run a query), it is game over.

Titaniam Protect offers a comprehensive solution that protects…

1. Your applications through data-protection APIs,
2. Your data stores by enabling full query-ability/ search-ability on protected data, and
3. Your most critical data that you want to safe keep in a secure data vault.

Titaniam offers FIPS 140–2 compliant and NIST-approved data protection solution. It goes way beyond data-at-rest encryption. Titaniam’s powerful protection engine can

1. Execute queries on protected data on a variety of platforms (such as Relational databases, S3, Elasticsearch etc.),
2. Install wherever your data source is (on-premise or cloud) and
3. Allows you to get started within days not months

See a Demo. Reach out at info@titaniamlabs.com for an evaluation.