Source URL: https://cloud.google.com/blog/products/identity-security/cloud-ciso-perspectives-ransomware-cyber-insurance-reporting/
Source: Cloud Blog
Title: Cloud CISO Perspectives: Ending ransomware starts with more reporting
Feedly Summary: Welcome to the second Cloud CISO Perspectives for November 2024. Today, Monica Shokrai, head of business risk and insurance, Google Cloud, and Kimberly Goody, cybercrime analysis lead, Google Threat Intelligence Group, explore the role cyber-insurance can play in combating the scourge of ransomware.As with all Cloud CISO Perspectives, the contents of this newsletter are posted to the Google Cloud blog. If you’re reading this on the website and you’d like to receive the email version, you can subscribe here.–Phil Venables, VP, TI Security & CISO, Google Cloud
aside_block
Ending the ransomware scourge starts with reporting, not blocking cyber-insuranceBy Monica Shokrai, head of business risk and insurance, Google Cloud, and Kimberly Goody, cybercrime analysis lead, Google Threat Intelligence GroupRansomware is wreaking havoc around the world, underscoring the need for better collective defensive action from public and private sector organizations.Globally, ransomware continues to be a complicated and pernicious threat, according to our M-Trends 2024 report. It accounts for more than 20 percent of cyberattacks, year after year. Ransomware at one U.S. health insurance organization forced the shut down of operations at hospitals and pharmacies for several weeks earlier this year, a move that cost the company an estimated $872 million so far.
Monica Shokrai, head of business risk and insurance, Google Cloud
The numbers paint a dire picture of the security impact of operating legacy systems:71% said that legacy technology has left organizations less prepared for the future.63% believe that their organization’s technology landscape is less secure than it was in the past.More than 66% told us that their organizations are investing more time and money than ever in securing their environments — but still experience costly security incidents.81% of organizations experience at least one security incident per year.Organizations experience eight security incidents on average per year.We know many security leaders have convinced the business to invest in more security tools, because the survey also found that 61% of organizations are using more security tools than they did two years ago. Yet while more than two-thirds of organizations are investing more time and money in securing their environments, many are still experiencing expensive security incidents.
Kimberly Goody, cybercrime analysis lead, Google Threat Intelligence Group
Victims of these attacks are often left with the difficult decision to pay a ransom. At least $3.1 billion has been paid in ransom for more than 4,900 ransomware attacks since 2021, wrote Anne Neuberger, U.S. deputy national security adviser for cyber and emerging technology, in October — and these are only the attacks that we know of because they’ve been reported.Law enforcement and impacted organizations have stepped up their fight against ransomware this year. Some of them have developed a multifaceted approach that combines strategic interventions, technological defenses, and law enforcement efforts to combat it, and so far that’s proven helpful. These efforts led to 14 disruptions by law enforcement in ransomware operations as of September.
Despite these actions, attacks continue. Defending against ransomware is so complicated that even some independent cybersecurity researchers, who had been calling for bans on insurance payments to organizations suffering from ransomware attacks, have backed down from their hard-line positions.While solutions to the threat are complex, cyber-insurance can play a key role. Cyber-insurers can help reduce attackers’ financial gains from incidents, first and most importantly by requiring a minimum level of security standards to strengthen an organization’s defenses before approving an insurance policy.Insurers have also been shown to reduce attackers’ financial gains by limiting or avoiding ransom payments altogether and advising on best practices, particularly regarding backups. If a ransomware attacker demands a $2 million bounty to restore data, but cyber-insurance can embolden an organization under attack to more confidently assert their counter-demand for a reduced payment, that can help the attacked organization strengthen its position and even pay a lower sum — or none at all.
Cowbell Cyber, a cyber-insurance firm, recently found that ’businesses using Google Cloud report a 28% lower frequency of cyber incidents relative to other cloud users.’
However, some believe that cyber-insurance encourages ransomware payments, and would prefer cyber-insurance coverage for ransomware to be banned. Outright bans on cyber-insurance coverage for ransomware payments are likely to harm small businesses more than large ones. Larger businesses are often better positioned to absorb the financial cost of ransomware payments on their own. Conversely, a ban would hurt smaller businesses in outsized ways.If the ultimate goal of banning insurers from reimbursing ransomware payments is to reduce the profitability of ransomware attacks, then actions that require victims to report payments have the potential to be more impactful. Mandatory reporting could improve law enforcement tracking efforts and introduce more opportunities to recover funds even after payment is sent.If larger companies continue to pay the ransom despite insurance not covering it, the impact of a ban on the insurance coverage becomes less meaningful. However, a more effective approach may be to incentivize the adoption of policies that improve the digital resilience of private and public-sector organizations to drive down the risks they face. As Phil and Andy wrote in the previous edition of this newsletter, this often means updating legacy IT.One approach is to incentivize the adoption of secure by design and secure by default technologies, such as those that we develop at Google Cloud. Cowbell Cyber, a cyber-insurance firm, recently found that “businesses using Google Cloud report a 28% lower frequency of cyber incidents relative to other cloud users.” The report also found that Google Cloud exhibited the lowest severity of cyber incidents compared to other cloud service providers.At-Bay, another cyber-insurance firm, found customers using Google Workspace experienced, on average, 54% fewer email security incidents.There is an opportunity with AI, as well, to better scale existing anti-ransomware efforts to meet the needs of defenders. We’ve already begun to see AI have a positive impact by helping organizations grow their threat detection efforts and more efficiently address vulnerabilities before attackers can exploit them.In your fight against ransomware, Google Cloud is here to help you every step of the way. From technology solutions and Mandiant Consulting Services, to threat intelligence insight, we can help you prepare for, protect against, and respond to ransomware attacks. You can learn more about the latest ransomware protection and containment strategies in this report.For more leadership guidance from Google Cloud experts, please see our CISO Insights hub.
aside_block
<ListValue: [StructValue([(‘title’, ‘Join the Google Cloud CISO Community’), (‘body’, <wagtail.rich_text.RichText object at 0x3e5991a9f460>), (‘btn_text’, ‘Learn more’), (‘href’, ‘https://rsvp.withgoogle.com/events/ciso-community-interest?utm_source=cgc-blog&utm_medium=blog&utm_campaign=2024-cloud-ciso-newsletter-events-ref&utm_content=-&utm_term=-‘), (‘image’, <GAEImage: GCAT-replacement-logo-A>)])]>
In case you missed itHere are the latest updates, products, services, and resources from our security teams so far this month:Cyber risk top 5: What every board should know: Boards should learn about security and digital transformation to better manage their organizations. Here’s five top risks they need to know. Read more.Make IAM for GKE easier to use with Workload Identity Federation: Workload Identity Federation for GKE is now even easier to use with deeper IAM integration. Here’s what you need to know. Read more.Shift-left your cloud compliance auditing with Audit Manager: Our Audit Manager service, which can help streamline the compliance auditing process, is now generally available. Read more.Learn how to build a secure data platform: A new ebook, Building a Secure Data Platform with Google Cloud, details the tools available to protect your data as you use it to grow your business. Read more.Bug hunting in Google Cloud’s VPC Service Controls: You can get rewarded for finding vulnerabilities in VPC Service Controls, which helps prevent data exfiltration. Here’s how. Read more.Finding bugs in Chrome with CodeQL: Learn how to use CodeQL, a static analysis tool, to search for vulnerabilities in Chrome. Read more.Please visit the Google Cloud blog for more security stories published this month.
aside_block
<ListValue: [StructValue([(‘title’, ‘Fact of the month’), (‘body’, <wagtail.rich_text.RichText object at 0x3e5991bfd640>), (‘btn_text’, ‘Learn more’), (‘href’, ‘https://cloud.google.com/blog/topics/threat-intelligence/ransomware-attacks-surge-rely-on-public-legitimate-tools’), (‘image’, <GAEImage: GCAT-replacement-logo-A>)])]>
Threat Intelligence newsUsing AI to enhance red team engagements: Mandiant researchers look at several case studies that demonstrate how we can use AI to analyze data from complex adversarial emulation engagements to better defend organizations. Read more.Empowering Gemini for malware analysis: In our latest advancements in malware analysis, we’re equipping Gemini with new capabilities to address obfuscation techniques and obtain real-time insights on indicators of compromise by integrating the Code Interpreter extension and the Google Threat Intelligence function calling. Read more.Understanding the digital marketing ecosystem spreading pro-PRC influence operations: GLASSBRIDGE is an umbrella group of four different companies that operate networks of “fake” news sites and newswire services tracked by the Google Threat Intelligence Group. They publish thematically similar, inauthentic content that emphasizes narratives aligned to the political interests of the People’s Republic of China. Read more.Please visit the Google Cloud blog for more threat intelligence stories published this month.
Now hear this: Google Cloud Security and Mandiant podcastsYour top cloud IAM pet peeves (and how to fix them): Google Cloud’s Michele Chubirka, staff cloud security advocate, and Sita Lakshmi Sangameswaran, senior developer relations engineer, join host Anton Chuvakin for a deep dive into the state of Identity Access Management in the cloud, why you might be doing IAM wrong, and how to get it right. Listen here.Behind the Binary: Motivation, community, and the future with YARA-X: Victor Manuel Alvarez, the creator of YARA, sits down with host Josh Stroschein to talk about how YARA became one of the most powerful tools in cybersecurity, and why we need a ground-up rewrite of this venerable tool. Listen here.Behind the Binary: A look at the history of incident response, Mandiant, and Flare-On: Nick Harbour joins Josh to discuss his career journey from the Air Force to Mandiant, share insights into the evolution of malware analysis, and the development of the reverse engineering Flare-On contest. Listen here.To have our Cloud CISO Perspectives post delivered twice a month to your inbox, sign up for our newsletter. We’ll be back in two weeks with more security-related updates from Google Cloud.
AI Summary and Description: Yes
Summary: The newsletter discusses the significant impact of ransomware on organizations globally and highlights the critical role of cyber insurance in mitigating these threats. It emphasizes the necessity of improved security measures and reporting in combating ransomware while showcasing the advantages of using Google Cloud in reducing cyber incidents.
Detailed Description:
The text centers around the escalating threat of ransomware, presenting alarming statistics and insights from Google Cloud’s Cybersecurity leaders. Here are the major points addressed:
– **Ransomware Threat Overview**:
– Ransomware accounts for over 20% of cyberattacks.
– A single ransomware attack on a U.S. health insurance firm resulted in considerable operational shutdown and financial loss, costing approximately $872 million.
– **Impact of Legacy Systems**:
– A significant portion of organizations recognizes that legacy technology has made them less prepared for future threats (71%).
– The feeling of decreased security in organizations has increased (63%).
– Despite heightened investment in security measures, organizations still reported up to eight security incidents annually.
– **Cyber Insurance as a Defense**:
– Companies have paid approximately $3.1 billion in ransoms since 2021.
– Cyber-insurance can reduce attackers’ financial incentives and might help organizations negotiate lower ransom payments.
– Insurers could enforce minimum security standards prior to policy approval.
– **Statistical Insights**:
– Businesses using Google Cloud reportedly face 28% fewer cyber incidents, while Google Workspace users have 54% fewer email security incidents compared to other users.
– **Controversial Opinions on Cyber Insurance**:
– Some propose a ban on cyber-insurance that covers ransomware payments, arguing it could disincentivize attackers.
– However, this approach might disproportionately affect small businesses, which may struggle to absorb costs without insurance.
– **Need for Proactive Solutions**:
– Mandatory reporting of ransom payments could enhance law enforcement’s ability to track and recover funds from attacks.
– The focus should be on incentivizing secure technology adoption, updating legacy systems, and leveraging AI to strengthen defenses against ransomware.
– **Google Cloud’s Support**:
– Google offers a range of services to assist organizations in combating and preparing for ransomware attacks, including threat intelligence and consulting services.
This analysis showcases the intersection of cybersecurity, insurance, and organizational preparedness against ransomware, with an emphasis on the pragmatic steps organizations can take to improve their resilience. For security and compliance professionals, the insights serve as a call to action to rethink reliance on old systems, enhance reporting mechanisms, and strategically utilize cyber insurance as part of a robust cybersecurity strategy.