We seem to be taking the crime dictionary and just adding "cyber" to all the range of criminal activities available to bad guys around the world. The latest is called "cyberextortion." What is cyberextortion? Instead of kidnapping your son or daughter, the bad guys kidnap your data or computer system.
Imagine that you walk into work one day and try to boot up the key piece of software that makes your business run smoothly or accounts for all your sales. Instead of your login page or even the dreaded blue screen of death, you are greeted by a screen that tells you your data is being held hostage and will be released in exchange for dollars. Sounds like a movie, right? Unfortunately, it is very very real. From the print edition of Best's Review:
"Cyberextortion in particular is disturbing because any company can be a victim," [Greg] Bangs [of Chubb] said. "Every company in the world has some degree of computerization. If they have any type fo network applications, which is probably 99% of the companies out there, they are at risk of someone hacking into the system and committing cyberextortion against them."
One of the newest and fastest growing cyberextortion methods is ransomware, a category of malicious software that is used to disable a computer and hold it hostage. It displays a message on the victim's monitor demanding payment to restore functionality. Symantec, an information security and management firm, identified ransomware as one of the top cyberthreats of 2013, particularly for small- and medium-enterprise businesses.
The Best's Review also reports that many of these ransomware threats can be false. The difficulty is knowing when the threat is real and just how harmful the breach or lock-out is.
Insurance carriers are just starting to come out with policies to address these cyberextortion concerns. The policies are basically kidnap and ransom insurance policies and can provide support services to help the insured determine whether the threat is real and ultimately resolve the issue. Obviously, your IT provider may also be a resource, but usually the target of these attacks is some proprietary software that falls outside your IT provide network management agreement.
This is an emerging risk that really has not been fully realized at this time. We do business with a lot of contractors who use computer estimating software to bid jobs and manage their work. Imagine if this software was suddenly locked out. How would they bid a job? It is not hard to imagine how such an attack might be crippling.