Cybersecurity—Can a Good Defense Beat the Best Offense?

8 June 2022, Singapore - Blackpanda came together with key players in the cyber industry to discuss the importance of proactive cyber security in the current APAC cyber threat landscape.

The panel was chaired by Ivy Wong, chairperson at RIMAS Cybersecurity Chapter, and speakers included Pramodh Rai–Cyber Sierra Co-Founder–Justin Ward–Head of Treaty at Guy Carpenter, Singapore.

Representing Blackpanda was Timothée Grange, Chief Revenue Officer and overall responsible for overseeing the development of the group’s activities, including cyber risk advisory, incident response and digital forensics, and loss adjusting.

Representing Pandamatics Underwriting was Struan Todd, Co-Founder and overall responsible for the company’s cyber insurance and insurtech portfolio.

Just because you don’t see it, doesn’t mean it isn’t there

Starting off the discussion was Pramodh Rai, who explained that every company has vulnerabilities in the tech stack, however strong the defense measures in place.

“What we're seeing now is that on the other side, the folks that are attacking these companies, they can be your teenager that is sitting in their parents’ house”

This is especially dangerous as many companies give security a secondary priority as compared to other goals, even though awareness is growing in the market. 

During the past two years we have seen a  massive wave of ransomware attacks.  Ransomware is clearly one of the biggest threats in cyber space. Some large players in the market have been pretty badly hit by ransomware, which ultimately generated large business interruption claims that insurance companies had to sustain. 

Other large cyber threats include business email compromise and fraudulent transfer.

Pramodh stressed that, whilst cyber companies receive claims from attacked clients on a regular basis, breached rarely make the news. This is largely because, in many jurisdictions in the APAC region, breach notification is not yet a legal requirement. Still, the impact of data breaches is  starting to be very significant for the APAC market.

No business is safe from ransomware

Next to speak was Blackpanda’s Timothée Grange, who discussed the issues with large actors–including Ransomware as a Service (RaaS) providers and state actors–becoming stronger and targeting organizations in Asia. 

“Ransomware really came into focus for insurers and reinsurers over the last 18 to 24 months and I think the first issue to think about is not only the private actors involved in ransomware, but the state actors involved in ransomware” said Timothée.

He went on: “I think that's the number one consideration when we think about the availability of insurance or reinsurance: capacity”. That is, insurers and reinsurers do not have the financial bandwidth to take on the large costs involved in such massive scale ransomware attacks.

The second issue Timothée discussed is the systemic nature of ransomware. This is becoming a larger concern for the industry and for regulators, as ransomware impacts not only cyber policy, but all other lines of business. 

Insurers used to think of the Small and Medium Enterprise (SME) segments and the personal line segment of cyber as a good diversifier of risk in a cyber insurance portfolio. Today, things have changed massively, as ransomware attacks become more widespread and target companies of all sizes and industries. As capacity crunches, we have to think about public private partnerships that will need to take place.

Struan Todd from Pandamatics Underwriting discussed in more detail how the insurance market views this capacity crunch liked to the rising threat of ransomware.  

“Ransomware attacks have hit everyone and anyone in various different market spaces. Insurers have really struggled to deal with that. So the way the insurance market has tried to address that has been to lift prices and limit coverage”

“Capacity is pulled out of certain marketplaces, and Asia has unfortunately been relatively hard hit”, he continued, stressing that this was not necessarily due to anomalous losses in the region, but rather to a slightly different approach on the underwriting side about how to address ransomware. 

Instead of learning more about the cyber space and adapting to it, insurers have deprioritized cyber coverage. 

SMEs are the most vulnerable

Next, Struan picked up on how SMEs are a main target of cyber attacks.

“There are two axes to measure risk. One is likelihood and one is severity.”

In the past, many SMEs considered themselves safe from ransomware, as they believed to be too small a target for large cyber attackers. 

“Actually, what we need to understand is that you don't necessarily need to be a target to be a victim. There is a large number of hackers who use scanning, and they are scanning thousands of domain names every day, in order to detect potential opportunities and entry doors”. SMEs are now just as much of a target of large-scale cyber attacks as large corporations. 

Cyber insurance is the single best thing a company can do in terms of proactive cyber security. This should not just include cyber expense coverage, but also an in-house cyber incident response team, so that any attack can be dealt with as soon as possible. 

Know your firefighters

The discussion then moved on to some of the challenges that companies face during a cyber breach.

“We said there is one main challenge is access to the data in order to be able to conduct our investigation”, Timothée said. 

“There is a different level of maturity for the victim of organization”. Timothée talked about how the level of access that the incident response team as to a client’s teams, processes, systems is key in speeding up forensics and recovery. 

“If we have a relationship with the company that is being attacked, it is quite easy to obtain the logs that we need in order to conduct our investigation, collect evidence, eradicate the attack, understand the causation and the vector of the compromise”. This is why companies should ensure that they connect with incident responders in a proactive manner, before a breach even occurs, and conduct frequent compromise assessments which not only catch cyber threats early, but also help the incident response team familiarize itself with the company’s digital environment, so they can go in and respond as quickly and effectively as possible in the event of a breach. 

The key takeaway from the discussion was that proactive cyber security is just as important as preventive security, and that a focused cyber insurance package is the single best thing a company can do in terms of proactive cyber security. Together with this, building a strong relationship with the cyber incident response team that is going to support your business in the event of a breach makes sure that threats are caught early and that the response to an attack is more efficient. 

Relying on a team that is hyper-focused on ransomware response is the only way an enterprise can successfully manage such a catastrophic incident. Blackpanda is Asia’s premier digital forensics and incident response firm, and partners with best-in-class service providers to handle a cyber crisis from a holistic perspective. With our compromise assessments, we help organizations comply with local regulations and prevent large-scale attacks, and by establishing a relationship with us, your company can get access to Asia’s first and best cyber incident response focused team. Contact us today to learn more.

Interested in speaking to a DFIR specialist?

Contact Us

Trusted by the best to defend against and respond to cyber crises.

See our partners