Is this massive cyberattack ushering in a new era of hackers increasing their focus on supply chain vulnerabilities?
“Ultimately cyber insurance is going to demand a level of underwriting precision that is probably higher than any other form of insurance because of the nature of risk,” Seth Rachlin, of Capgemini, said.
The overall damage dealt by the SolarWinds incident is still be determined, but the event could send shockwaves through the cyber insurance market, as it highlights the massive exposures this sector must contend with as hackers revamp their approaches.
Brian Krebs, a well-known security and cybercrimes journalist, noted the SolarWinds incident might have exposed as many as 18,000 customers after installing what they thought were routine software updates. However, hackers injected malware into the update. This gave the malicious actors, who are believed to be Russian-backed, undetected and unfettered access to high-value data.
“SolarWinds will have a chilling effect on the market,” Seth Rachlin, executive vice president and insurance lead at Capgemini, told PropertyCasualty360.com. “The most interesting aspect is that it is a supply chain attack.”
He explained typical cyberattacks in the past used methods such as phishing to gain access. These were attacks on a single organization. With a supply chain attack, the vehicle of entry is something used by many companies, such as SolarWinds’ security automation software. This results in cataclysmic events involving hundreds or, in the case of SolarWinds, thousands of companies simultaneously.
“From a market perspective, insurance companies tend to not like things like this,” Rachlin said. “This could become a sort of model event, if you will, for attackers going forward.”
While bigger payouts could be part of the reason hackers start deploying this strategy, he told PC360 it is more about other forms of malicious actions.
“Russians aren’t concerned with the payday; they want access and disruption,” Rachlin said. “As it moves to more state-based actors, some of the ransomware activity will really be a form of disruption. I’m not convinced it is so much about money as it is about power and economic influence.”
Is SolarWinds a cybercrime stalking horse?
Given the SolarWinds breach went undetected for months, there is a possibility a similarly scaled malicious endeavor is currently being run.
“There is always a chance, particularly given that a lot of the objectives of certain breach events is to steal secrets and data,” Rachlin explained. “The hackers are getting pretty crafty at doing this in an unobtrusive way. More and more, the time between the actual event and awareness of it seems to be growing.”
For some carriers, this has been a wake-up call to how pervasive cyberattacks can be.
To stay ahead of these developments, Rachlin said insurers need to consider the evolution of cyber insurance products to include more risk management and “protection type” features as opposed to strictly focusing on risk transfer.
“Ultimately, cyber insurance is going to demand a level of underwriting precision that is probably higher than any other form of insurance because of the nature of these risks,” he said.
Additionally, the industry should look at working with government agencies on something similar to the Terrorism Risk Insurance Program that would trigger protection mechanisms following catastrophic cyber losses. This, Rachlin explained, would bring stability to the market.