5 minute read
Hackers Having A Banner Year
Hackers Having A Banner Year
Even during a pandemic, there are other viruses to worry about
BY MATTHEW BRODERICK | CONTRIBUTING WRITER, NATIONAL MORTGAGE PROFESSIONAL
Over the past several months COVID-19 – with its state-bystate fluctuation of spikes and flattening –transformed nearly all aspects of society from social life to business to education. But as millions of American from kindergarten to the corporate C-Suite transitioned to a virtual world of remote logins and teleworking, another potential threat was escalating: the heightened risk of cybercrime and ransomware.
As hackers see new opportunities like a pandemic, says Nate Gravel, vice president of information security and IT for Massachusetts-based GraVoc, an information security firm with more than 450 clients, they look to exploit it. “Like anybody else, [even] hackers follow market trends,” he said.
And those trends, particularly with ransomware – a type of cyberattack in which company or client data is hacked, encrypted and held for ransom - evolved in recent years in the frequency of attacks, the number of target industries and the size of the ransom amounts.
A GROWING THREAT
Cyber security threats like ransomware are not a new phenomenon. According to a 2019 report Cybersecurity Ventures, a cybercrime industry publication, global ransomware damages are projected to increase from $325 million in 2015 to $20 billion by 2021. That was the projection before the pandemic hit.
The coronavirus crisis presented increased cyber risk in two ways: the increased number of employees accessing networks remotely and the intensified use of COVID-related phishing attacks, the fraudulent practice of using emails to secure personal information such as password or client details.
Shawn Stroud, director of information security at Sagent, a fintech company modernizing mortgage and consumer loan servicing for banks and lenders, says malicious actors are actively targeting mortgage companies with ransomware.
Even indirect attacks against city government systems have had a direct impact on mortgage operations, by shutting down systems essential for completing home sales. “This comes at a critical time for the industry, when mortgage companies are operating at capacity, and the ability to quickly service their clients is a primary concern,” said Stroud.
FINANCIAL SERVICES TARGETED
Healthcare and financial services companies, including banks and mortgage brokers, remain the top two most frequently targeted sectors for cyberattacks, given the sensitive personal and financial data they maintain. A 2020 report by the Cypris Group, a Virginia-based IT firm, found that nearly one-third of all cyberattacks collectively aimed at those two sectors.
It’s like the notorious bank robber Willie Lohman said when asked why he robbed banks. “Because that’s where the money is.” In 2018, finance and insurance represented 7.4% (or $1.5 trillion) of U.S. gross domestic product. In 2019, the healthcare industry generated $2.4 trillion in revenue.
Despite those figures and continuing risk, reported ransomware attacks among U.S. banks have trended downward over the past year. Between April 2019 through April 2020, according to data reported by the American Banking Association, ransomware attacks in the domestic banking sector declined from 57 incidents to 40, a 34% year-over-year decrease.
While there are no numbers available on ransomware attacks in the mortgage industry, their impact is devastating, says Stroud. “It is safe to say that mortgage companies will continue to be a target due to the opportunity they present to attackers. We operate in an environment dependent on complex systems and data to provide services. Attackers are increasingly sophisticated. They do their research and know that mortgage companies could be crippled by a ransomware attack,” he said.
Even the big guys aren’t safe. In July, Opus Capital Markets Consultants LLC, a due diligence vendor for Freddie Mac was hit with a ransom demand. It said, at the time, no Freddie Mac data was misused or stolen. Still, Freddie Mac needed to contact all affected borrowers and extend free credit protection.
REDUCING EXPOSURE
Another factor in reducing exposure to – and fallout from – cyberattacks. Gravel says, is more frequent back-up on data, a trend that has been on the upswing in recent years. “in the past, backups [of data servers] might have been done daily or even weekly,” Gravel said. “Now we’re seeing more companies backing up data incrementally throughout the day.”
That extra measure of security can make a huge difference in the event of a ransomware attack. “Companies will often weigh the cost of lost productivity [staff time and resources] to restore the data vs. the cost of paying the ransom,” said Gravel. For instance, according to figures compiled by Sophos, an internet security firm, among organizations whose information was encrypted, more than twice as many retrieved their data via back-up (56%) rather than paying a ransom (26%).
Backups are needed but not necessarily a be-all and end-all for mortgage originators, said Stroud. “Many mortgage companies cannot wait on an extended recovery time. The time it could take to restore from backup could extend over a week, which is an unacceptable timeframe for most companies to be dead in the water. Attackers are increasingly sophisticated and they understand this can increase their chances of a payout,” he explained.
CYBER INSURANCE
And more companies – from small businesses to Fortune 500 corporations – are adding in an extra layer of security through cyber insurance, which has seen steady growth in recent years, said Bob Wice, head of underwriting management for cyber & tech at Beazley Group, a Farmington, Connecticut-based insurance agency. Wice says market growth for insurance coverage has been particularly strong in the small business sector which is less likely to have robust cyber defense and is being targeted more frequently by a cyber -criminal market that, like a franchise model, provides malware tools as a service.
“There’s basically ransomware in a box and there’s not much sophistication [needed] in the [small] end of the market,” Wice said. “These [novice] cyber criminals, are sending thousands of emails scattershot trying to get someone to click on a [ransomware] link.”
But it’s not simply the indemnity coverage that make cyber insurance so attractive to customers, according to Wice. It’s the suite of services – especially for those without in-house IT support – that cyber insurers can deploy in the event of an attack. “Clients not only get the financial backstop of the insurance,” he said, “but also access to law firms, [cyber] forensics vendors, and crisis management teams so they have all these experts working on their behalf to make sure the loss [and impact] is mitigated.”
