Cyberattacks, Cybersecurity, and Cyber Liability in 2022

Protecting your business from cyberattacks with both cybersecurity and cyber liability insurance has been something we’ve recommended for quite some time. However, as the U.S. put sanctions against Russia in place because of its invasion of Ukraine, it’s more important than ever that we discuss these topics.

While experts predict a spike in cyberattacks coming from Russia, we want to let you know what our top issues of concern are for business owners related to cybersecurity, why you should invest in cybersecurity for your small business, and how the current world events are affecting cybersecurity.

Top Issues of Concern for Business Owners Related to Cybersecurity

In our video video, Lisa Harrah will discuss her top three issues of concern for business owners related to cybersecurity.

First and foremost, businesses of every size need a cybersecurity program in place.

Next, you want to work with an experience insurance agent. Many insurance companies’ coverage varies from policy to policy, so it is extremely important that you work with an agent that has a thorough understanding of the policies and how the coverage comes into play.

Lastly, the market has hardened dramatically over the last couple of years. A hard market means prices are escalating dramatically and the coverage is becoming more difficult to obtain. Gone are the days when you could just fill out a quick application and get a quote from several carriers.

I can’t emphasize enough how you need to deal with a professional that understands cybersecurity and what your business needs, because again, all businesses need it. Small businesses probably need it more than larger businesses because they don’t have many of the cyber controls in place.

If you’d like to discuss this further, please feel free to reach out to me anytime.

Cybersecurity for Your Small Business

In our second video, Gary Newborn of G.S. Newborn & Associates is here to talk to Lisa Harrah about cybersecurity for small businesses, and bring awareness to what businesses should do to protect their business from cyber hacks and intrusions.

Cybersecurity experts that work with the insurance industry hand-in-hand have advised insurance agents that they should be advising all clients and potential clients of the activities that they should do in order to protect their business from any cyber threats.

First and foremost, insurance should always be the last line of defense.

As a business owner, there are many things that you can do that can protect your firm from a hack from even happening.

Number one, you want to make sure that you have up-to-date patching programs in place. That, coupled with endpoint threat detection, antiviral programs and multi-factor authentication will greatly improve the security for your firm.

It ultimately comes down to cyber hygiene. All the common sense things that we should always be doing, we should really emphasize now in these more difficult times.

Passwords need to be complex and secure, and you should change your passwords frequently. And please don’t share passwords in the office. Everybody should have their own password.

Make sure that all of your forms and programs are backed up.

And lastly, educate your employees. A significant number of data breaches occur when an employee clicks on an attachment that they shouldn’t click on. Everyone should have a sign on their desk that says think before you click.

These are just some common sense things that will help every business.

If you have any questions regarding this, please feel free to reach out to Gary or Lisa. They’d love to provide any assistance.

How Current World Events Are Affecting Cybersecurity

For our third and final video, Gary Newborn discusses how current events are affecting the landscape when it comes to cybersecurity.

We’ve clearly seen an uptick over the last several months in cyber attacks throughout the world. And with the current events in Europe and Russia, experts expect an even greater incidents of cyber attacks on public and private entities throughout the United States.

With the tightening of the insurance markets in cyber insurance, this makes it incumbent on all business owners to do their own planning and their own risk management to make sure their own internet, their access, their telephone, and their data are secure.

You need a policy and you need more than just an add on to your general liability or property coverage.

We can help you with this. Give us a call.

Experts Fear Global Impact from Russia's Cyberattacks on Ukraine

Russia launched a full-scale military assault on Ukraine in the early morning hours of Feb. 24, 2022, accompanied by a series of targeted cyberattacks that experts and officials say could ultimately have a much broader impact.

In the weeks leading up to the invasion, Ukrainian government entities, financial institutions and other key organizations faced website defacements, distributed denial-of-service (DDoS) attacks and destructive malware. Cybersecurity experts around the globe have kept tabs on these cyber events, warning clients and organizations to secure their systems without delay.

On Feb. 23, 2022, researchers at Symantec and ESET first tweeted the discovery of new wiper malware, dubbed “HermeticWiper,” that was used against Ukraine. Symantec researchers observed the use of this malware against an organization in Lithuania as early as Nov. 12, 2021. They noted that, with an invasion underway, there remains a high likelihood of further cyberattacks against Ukraine and other countries in the region.

Offering a technical breakdown of the malware, cybersecurity firm SentinelOne commented, “After a week of defacements and increasing DDoS attacks, the proliferation of sabotage operations through wiper malware is an expected and regrettable escalation.”

In a recent webcast, experts from Secureworks said they had long expected that any invasion would have a cyber component.

The wiper attacks make no pretense of being ransomware events and aim to destroy data with little hope of recovery. These attacks could contain an element of espionage as well, according to Mike McLellan, director of intelligence at Secureworks.

While the cyberattacks currently appear to be focused on Ukraine, the United States and its allies should be prepared for retaliatory attacks over severe economic sanctions announced by President Joe Biden following the invasion.

In an Axios interview, Sen. Mark Warner (D-VA) said that Russian cyberattacks could trigger expanded conflict with NATO countries.

“If you unleash not one, but five, 10, 50 or 1,000 [cyberattacks] at Ukraine, the chances of them staying within the Ukrainian geographic border are quite small,” Warner said. “They could spread to America or the [United Kingdom]. But the more likely effect will be [the attacks] spreading to adjacent geographic territory … [like] Poland.”

On Twitter, Warner added, “This is not something to take lightly—cyberattacks don’t have borders.”

U.S. House Intelligence Chair Rep. Adam Schiff (D-CA) expressed similar concerns in a news briefing.

“We have seen in the past Russia deploy attacks at a particular target—those tools get into the wild, and they cause global damage,” Schiff said.

According to McLellan, attacks targeting the United States would require a significant escalation between the West and Russia. However, threat actors unrelated to the situation in Ukraine could take advantage of the unfolding conflict to infiltrate systems.

Jen Easterly, head of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), said on Twitter, “While there are no specific threats to the [United States] at this time, all organizations must be prepared for cyberattacks, whether targeted or not.” She cited the 2017 NotPetya attack that brought commerce to a halt and caused billions in damage for corporations around the world.

To help prepare organizations of all sizes, CISA launched Shields Up, a program with guidance for preventing, detecting and minimizing the impact of cyber events.

Cybersecurity firms working closely with the insurance industry advise businesses to protect themselves by reviewing their business continuity plans and ensuring cybersecurity fundamentals are in place. This can include up-to-date patching programs, endpoint threat detection, antivirus programs and multifactor authentication.

Download Cyberattack PDF