#TechModTuesday - The Hacker Code

We're nearing the end of summer and I've got a playlist for that! Short and bittersweet, typical of Nebraska autumns — I think you'll enjoy it. You can find it on?Apple Music?and also on?Spotify.

We're taking a bit of a different twist this week — moving to look at a threat rather than an opportunity. Though frankly, the actuarial motto of "Risk is Opportunity" applies here as several companies have offered brand new insurance products (pricing these must be scary!). Today, we're talking about Ransomware and how companies can combat it (no comments on how Mutual of Omaha is ACTUALLY fighting it because...you know...it's intended to be a secret and honestly I don't know and really don't want to know?).

Ransomware, defined

It goes like this: A hacker gets into a network she's not supposed to. She could a) start deleting files, b) start exfiltrating files that have personal or proprietary information, c) leave immediately, or d) start encrypting those files. For awhile, most companies and people were concerned about b, but lately d) has been taking center stage. And these hackers are doing hacker things for fun AND profit because after they start encrypting files then they demand a ransom.

Most of that time that ransom is demanded in Bitcoin, due to its pseudonymous anonymity and ease of transfer. Then, most of the time, the hacker turns out to be kind of nice and actually unencrypts the files after receiving the payment? And also they tell you how they got in cause you probably wanna fix that? I don't know, cybercrime is weird this way. It's like the pirate code or some sort of gentlemen's/ladies' agreement applies in cyberspace.

Ransomware is the name of the software that the hacker uses to encrypt the files and generally, it is difficult if not impossible to stop it from achieving its goals. Earlier this year, the Health Service Executive of Ireland (similar to US Medicare) had to shut down its IT systems because of a ransomware attack. (To be fair to the hackers, they generally leave the health systems alone because they just want the money, they don't want people to actually die).

Similarly, the Colonial Pipeline was shutdown for ransomware as well. Colonial Pipeline paid a ransom of 75 bitcoin, only to have the government recover almost 64 of them (again, not really anonymous payments).?

Ransomware, protectioned

Good news — Mutual of Omaha has an IT security team. Even gooder news, they're regularly thinking about this, communicating with their peers, and have regular conversations with experts in the space. We're learning, literally daily, how other ransomware attacks have happened and how we might prevent them.

One way that seems to be effective is by training people not to be tricked into giving away their passwords. (See: Phishing Training). Scanning attachments for known bad software is another way. Limiting system access is a third. Regularly creating backups (and also testing the restoration of those backups!) is a fourth.

While not completely effective, these four in concert seem to be useful in managing our Ransomware risk. But I did promise that "Risk is Opportunity" and several companies have begun pricing and selling cyberinsurance that assists with protecting a business, consulting if/when a ransomware attack occurs, and paying insurance to cover the ransom demanded by the hacker group. This is an expensive, but useful way of outsourcing some of the cyber risk to a third party. As an actuary, pricing this makes me a bit nervous (low frequency, high severity, without a lot of historical data!).

So, next time a suspicious email comes through, you might want to hit that Phishing button in your inbox — you don't want to be responsible for having to negotiate with terrorists.

Colony House - Silhouttes

The Beatles - Twist & Shout