The Cold War ended in 1991, but in its place, a proxy cyberwar has grown in the shadows. Many of the IP addresses tied to the highest profile hacks in recent memory, like the Sheet Metal Workers Union attack in Indiana in 2016, or the stoppage of the colonial pipeline in 2021, are tied to citizens and state actors within the borders of old Cold War adversaries.
As western companies and countries cut Russia off from the global economy, an unintended consequence is materializing in the growth and legal acceptance of digital piracy in Russia. Still, Russian citizens already dominated more than 20% of FBI’s Cyber Most Wanted list before troops even began their 2022 invasion of Ukraine.
With the average cost of $4.24 million, 40% of ransomware victims had less than 100 employees in 2021. Survey data shows 36% of manufacturers and producers report being hit by ransomware, with the average time for ransomware sitting in a company’s critical infrastructure being 220 days before they became aware of the hack. As of 2020, manufacturing is now the fifth most targeted industry.
Jerry Liddell of SET Duct Manufacturing says his company suffered from a malware attack that infected plasma cutters and other equipment. But he was prepared with an insurance policy and a nearly closed off system. However, after a parent company’s security was compromised, hackers were eventually able to gain access to the manufacturer’s equipment.
"I did get pretty lucky. In October, I bought the insurance policy, and I was hit in January. It was a $5,000 deductible,” Liddell says, noting the attack would have cost him millions without the policy. “It’s worth every penny. That’s all I can tell you. Don’t hesitate and get your insurance.”
Speaking at the Spiral Duct Manufactures Association general meeting in Las Vegas at the end of January, Cyber Risk Specialist Autumn Stone advised Liddell and others on security controls. She says that even though security precautions are required for insurance coverage, malware can still get through. Case in point: One of America’s largest insurance carriers, Travelers, netted a loss in 2021 due to the high ticket price of cybersecurity claims.
“Back in the day. I would say 3 years ago, we were able to just pay a couple $1,000, get a couple million dollar policy and you were set,” Stone says. “You were set for anything to happen. It was probably a five-question application. But nowadays, you basically have to apply. They're going to dive deep into your company, they're going to see that you are actually performing your security controls to the best of your ability and it costs money.”