- Pricing and telematics lead the charge as insurtech patents jump 40pc
- FCA puts general insurance pricing practices under review
- Volvo and Baidu reach agreement to produce autonomous vehicles
- Cyber and D&O exposures increasingly intertwined, Airmic report finds
- Arch selects Touchstone for cat risk modelling
Government report reveals reality of ransomware risk
Written by staff reporter
A report from the National Crime Agency and National Cyber Security Centre this week revealed the growing impact of ransomware attacks directed at businesses and households.
The use of ransomware has increased dramatically in the last two years and this trend is continuing. Considering the implications for both consumers and businesses, Tim Smith, partner and head of technology and cyber at insurance law and risk firm BLM, said that with an average of four internet-connected devices per person, it was only a matter of time before cyber criminals looked to take advantage of such devices.
“Whilst such attacks have often been aimed at businesses it comes as no surprise that criminals are seeking to commoditise the attacks by directing them against consumers, as their devices are often less security-focused than those used by businesses and they therefore represent the ‘low-hanging fruit’ for criminals," he said.
“Fraudsters have also become increasingly sophisticated in their approach, making the threat of a cyber attack less apparent. This also poses a significant risk to individuals’ personal and financial data, as malware can be used to export information not just to lock users out."
In seeking to protect IoT devices from cyber threats, digital security experts at Kasperksy say there are some basic practices that should be followed by everyone, from individual consumers to the largest global enterprises. These include: using strong passwords, regularly checking for and installing software updates, and implementing appropriate security software. It says this approach should be applied to every connected device on the network, including routers.
Protecting vulnerable IoT devices: Simple rules (Source: Kaspersky)
* Ensure that the default username and password are changed; this is the first thing an attacker will try when attempting to compromise your device. Remember that even if it’s a non-smart product, such as a satellite receiver or a network hard drive, the administrative interface might be vulnerable to attack.
* Ensure all your devices are up to date with all the latest security and firmware updates. If it’s not obvious how to check for such updates, you should check with the manufacturer – applying security updates is one of the key things you can do to make it harder for attackers to compromise your device and your home network. This will also tell you if the manufacturer considers it to be an obsolete product.
* Use encryption, even on the files you store in your network storage device. If you do not have access to an encryption tool, you can simply put your files in a password-protected ZIP file – this is not as secure, but it’s still better than not doing anything at all.
* Most home routers and switches have the possibility to set up several different DMZ/VLAN. This means that you can setup your own ‘private’ network for your network devices, which will restrict network access to and from this device.
* You can monitor the outbound network traffic from these devices, but this does require some technical knowledge.
* Prevent network devices from accessing sites they’re not supposed to access, only allowing them to download updates and nothing else.