Organizations should be wary of emerging cyber threats, including the difficulty of dealing with artificial intelligence, as the volume and sophistication of attacks increase, says the Chief Information Officer.
Developments in deep learning and quantum computing, the Internet of Things and new spyware are also causing concern, says Patricia Titus, Head of Privacy and Information Security at Markel Corp. in Richmond, Virginia.
She spoke during a session with the Second Head of Information Security at the Minneapolis-based Professional Responsibility Underwriting Society 2021 Cyber Symposium, which was held virtually last week.
"We had a pretty good year 2020, and it's not going as well in 2021
Criminals are more persistent and sophisticated, and activists, nation states, and disgruntled insiders continue to cause cybersecurity problems, says Phil Venables, New York-based information security manager for Google Cloud, a Google LLC entity.
Threats seem to be directed at the software supply chain, as bad players are looking for weaknesses and there are likely to be more events in the industry as companies reorganize themselves.
Ransomware attacks have evolved from criminals demanding payment in exchange for companies having access to their captured data to criminals threatening to release exfiltered data.
Opportunistic criminals continue to look for weaknesses they can reap for later attacks, Venables said. But while the number of incidents is increasing, there are companies that address the problem, he said.
Mike Convertino, security chief of Seattle's cyber program manager Resilience, discussed "package confusion" attacks. According to reports, these attacks, which have also been called "addictive attacks", involve malware that is uploaded to public repositories and given a name identical to that used by legitimate developers, which is then downloaded by unsuspecting developers.
This is similar to what happened with the SolarWinds attack, said Mr. Convertino.
"Some companies police it better than others, but many do not," he said.
The insurance industry and insurers should "ask more questions about the company's dependence on this type of programming," says Convertino.
Discussing AI, machine learning and quantum computation, Titus says that there is a responsibility for organizations to use AI without "getting off the guard rail" in the same way that the fictitious computer HAL did when it took over the spaceship in the 1968 film "2001: A Space Odyssey. "
In reality, AI could potentially give governments the opportunity to identify someone on the street," said Mr. Convertino. "On the other hand, AI can accelerate through airport security." Like many things designed by engineers and intended for a certain person, they can also be abused, "he said.
During a session on cyber-control measures, Joe Mann, CEO of Washington consulting firm Arete Advisors LLC, said that there are about 30 ransomware variants circulating with more criminals threatening "It just destroys the chaos and crisis scenario that happens," he said.
Ransomware exposure can affect multiple policyholders at once, says John Menefee, Cleveland- based cyber risk product manager at Travelers Bond and Specialty Insurance, a unit of Travelers Cos. Inc.
"There is no good way to write that kind of risk, although I think many carriers up to this point have addressed the exposure mostly with border management," he said.
Most claims come from organizations "which has very poor controls, "said Menefee.
Jon Rose, vice president, channel and strategic alliances in Washington, with a computer security company, Bishop Fox Inc., said that best practices can mitigate risk, including knowing where a company's crown jewels are. "is located.
The session was moderated by Jennifer Coughlin, a partner with Devon, Pennsylvania-based Mullen Coughlin LLC, who specializes in data privacy issues.