Kaspersky Labs recently released its network security predictions for 2014. Among the predictions are increased focus on sophisticated security tools in response to Edward Snowden’s revelations; new tools to enable cybercriminals to steal cash; growing numbers of Bitcoin-related attacks; more attacks on cloud providers by targeting employees and an increase in cyber espionage.
Buried in the predictions is an almost off-handed comment: “Attackers may be interested in deleting or modifying information—in some cases manipulated misinformation could be worth even more to those who commission the attacks.”
Kaspersky doesn’t offer any examples of “manipulated misinformation,” but it doesn’t take a lot of imagination to visualize scenarios ranging from modifying college transcripts to sabotaging competitors to manipulating financial markets. Costs potentially run the gamut – notification, forensics, remediation, business interruption, regulatory investigations and third-party liability.
Criminals also may manipulate records to extract a ransom. Small organizations that are not rigorous about backing up their data already are attractive targets to hackers who break into a network, encrypt the data, and then demand a fee for the encryption key.
It seems likely that even those organizations that are diligent about defending against data theft may be caught off guard by their exposure to data alteration. Experts note that it can be hard to spot altered data, even when looking closely at file properties.
Fortunately, both third party and first party coverage may be available from cyber insurance policies.
Third party coverage most likely would come into play if a claim alleging damages caused by negligent security is brought against an insured whose information has been manipulated by a hacker, according to Laurie Kamaiko, partner with Edwards Wildman Palmer.
While language varies from insurer to insurer, many policies provide coverage for damages and claims expenses related to the “alteration” or “modification” of data stored on a system.