Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Insurance Policy. Show all posts

Cybersecurity Nightmare: A Bank's Dilemma – To Pay or Risk It All

 


Schools, hospitals, and other institutions need to take more precautions to prevent cybercrimes from disrupting operations and putting people's data and safety at risk. As part of a congressional hearing held on Wednesday in Washington, DC, a familiar face among the Navarro and Judson school districts testified about how this issue is affecting individual children. 

In the event of a major cyberattack taking place, the possibility of a bank's failure is not too remote. The number of cyberattacks against financial institutions has risen significantly since 2006, and the number of attacks is expected to continue to rise shortly.  

As a result of the increasing risk of cyberattacks, and their potential impact on banks, financial institutions and the government are the top concerns when it comes to cyberattacks. Financial institutions are 300 times more likely to experience them than other institutions. 

As part of a joint hearing of two committees of the House Committee on Oversight and Accountability, Gosch offered a rare view into how institutions faced with ransomware threats are coping with these increasingly common attacks. As Gosch and Judson Independent encountered, a wide range of institutions are facing the same dilemma, not the least of which are banks as they have become disproportionately attractive targets for cybercriminals searching for ransomware. 

The US credit bureaus have reported that at least 15 banks and credit unions have reported that ransomware groups have stolen customer information from them this summer. Several reports have been made recently by cyber security consortiums that offer security services to banks that frequently refer to ransomware as a major concern. 

According to the district's Assistant Superintendent of Technology, the Judson Independent School District in San Antonio, Texas, which has approximately 30,000 students and staff, was attacked by adversaries using ransomware in June 2021, but no state or federal agency ever visited or offered assistance for regaining access to school resources after the attack.  

On Sept. 27, Lacey Gosch, the chairwoman of the House Oversight Subcommittee, urged lawmakers not only to restore budgets for school libraries, but also to increase funding for cyberattack mitigation, data protection, and equipment upgrades. It was also recommended that formal programs be developed within schools to help with school cybersecurity recovery and mitigation. 

It was also reported that a witness from the University of Vermont Medical Center – which suffered from a ransomware attack in October of 2020 – was present at the joint hearing of the House Oversight Committees on Cybersecurity, Information Technology, Government Innovation, Economic Growth, Energy Policy, and Regulatory Affairs. 

As Stephen Leffler, the president of the medical centre, said during the hearing, it was by far much more difficult for his staff to deal with the cyberattack than what they had to deal with during the COVID-19 pandemic, which affected the entire area. As a result of the attack, the hospital was taken offline for 28 days and the organization had to pay 65 million dollars for the incident. 

The Pros and Cons of Paying Ransoms 


Gosch's story is a cautionary tale that illustrates the stakes banks face when trying to prevent and mitigate ransomware attacks as the threat of ransomware for banks continues to grow and the threat of ransomware is growing. 

Moreover, showing banks the dilemma they are facing when receiving a ransom note in the wake of an attack, serves as an illustration of the difficulty they face. As a result, the FBI claims that paying the ransom encourages perpetrators to target more victims and increases the likelihood that other individuals will engage in this type of criminal activity. 

The biggest problem with a ransom payment is that it does not even guarantee that the data has been deleted. It was not until 12 days after being informed of the ransomware attack that Judson Independent negotiated a ransom with the ransomware actors, on Gosch's 34th day at the company. 

In exchange for the promise, but not the guarantee, that the hackers would delete the stolen data, Judson Independent paid a negotiated ransom of $547,000 to them. It was a difficult decision for Gosch, but he felt it was necessary to protect his constituents, even though it was difficult. 

There is an insurance policy available to the district against cyber-attacks, but it is primarily for attorneys' fees, data mining, and identity protection. "The insurance does not cover ransom payments or the costs of upgrading to mitigate damage to the system," Gosch stated. Cyber insurance coverage for ransom payments is a hot topic among experts.  

There has been some controversy about it. It has been reported, however, by the Royal United Services Institute, a London-based think tank, that cyber insurance providers do sometimes cover ransom payments. Despite this, according to the institute, there is no evidence that victims with cyber insurance are significantly more likely to pay ransom than victims without cyber insurance.