Narrowing the cyberthreat gap: Network Coverage discusses current threats and how to counter them

March 1, 2023

Bridget Wilson

The statistics are clear: Cybersecurity threats are escalating in number and sophistication at an alarming rate. For example, The National Association of Insurance Commissioners (NAIC) reported that in 2021, data breaches outpaced those in the previous year by 68 percent, while breaches involving personally identifiable information (PII) like Social Security numbers increased from 80 to 83 percent.

Business owners need to be aware of current and evolving cyberthreats to determine where their investment and staff training should be focused to keep their operations as protected as possible.

Rental Management spoke with Bridget Wilson, chief information security officer, Network Coverage, Danvers, Mass., a firm that provides information technology solutions and managed cybersecurity services, to learn more about the most dangerous cyberthreats businesses face today and to receive some tips on protecting against them. An edited version of that conversation follows.

Rental Management: What threat is looming large right now in the cyber landscape that businesses should know about?

Bridget Wilson: One of the biggest is vulnerability disclosures by big vendors like Microsoft, hardware vendors like Lenovo or Dell, and firewall vendors. Those folks report [operating system] vulnerabilities fairly soon after discovery, and that’s great because it allows end users and IT admins to be aware and to patch them. But these vulnerabilities are also being publicized on the internet and in the news; they are widely disclosed, so now you have attackers who might want to take advantage. An example of this was the Kaseya breach in 2021. Kaseya provides an IT tool that allows remote access into workstation servers, laptops and desktops. There was a vulnerability that they disclosed, saying that they were working on a fix, but months down the road it hadn’t been fixed. Somebody went in and used that vulnerability to compromise machines that had that software installed. So, not only are we as the consumer finding out about vulnerabilities right away, but attackers are also aware. I’m sure that is going to continue in 2023 and that we’ll see even more disclosures than previous years.

Rental Management: What is a business’ best defense against that type of threat?

Wilson: The key is making sure that your enterprise is patching against vulnerabilities. Ideally, you’re going to want to have an automated patch schedule in place. I recommend that for servers, you want to apply critical updates and reboot them at least once a month. For workstations, I usually say once a week. For example, you could make all staff aware that on Sunday nights, you are going to apply updates and reboot their machines. As a managed service provider, we come into environments where servers have not been rebooted in six months because it’s a pain, but it is more important now than ever with all of these vulnerabilities being disclosed and patched by the vendor.

Rental Management: Phishing scams — where fraudsters attempt to pass themselves off as a known and trusted person or company to somehow steal sensitive information — are commonplace today. What are some of the latest devices cybercriminals are using?

Wilson: Phishing scams come in all shapes and forms. Sometimes it is an email with a link that, if you click on it, takes you to a malicious site, or it has an attachment that is loaded with a virus payload. That has been around forever, but the volume, frequency and design of phishing campaigns is making them really hard to spot. We are seeing a lot of text message scams now. One involves gift card requests, such as, “I just got a text from the CEO of my company; he is in a meeting and is really busy but needs me to buy three $500 Amazon gift cards from CVS and send them to him.” Obviously, we know that doesn’t happen in real life, but a lot of people don’t, and they think they need to do this urgently. They are inclined to just do it without asking questions given the expressed urgency and the fact that a company exec appears to be making the request. Information like a CEO’s name is public, and the scammers do their research before they craft that fake email or text — it’s pretty well put together. That scam has been around for a while, but it’s more rampant now than ever.

Rental Management: That sounds like a problem only if the scammer gets your cell phone number. What steps could be taken as a precaution?

Wilson: I usually recommend that our employees refrain from posting their cell phone numbers on any social media. LinkedIn is a big one because people think that because it is business focused, it’s safe to have your phone number there so recruiters can call you. But potential threat actors are on there too and all of that is public information. I would also advise against listing a cell phone in your email signature to reduce the number of phishing texts you’re receiving.

Rental Management: Texting is how most people communicate today; what would be another example of a text message-based scam?

Wilson: A big thing we are seeing more and more of is account compromise fakes. For example, I personally get fake Amazon texts all the time saying, “Your account has been accessed from an IP address in California — was this you?” No, I’m in Massachusetts. So, I’m inclined to think, “Oh, I have to jump in and change my password. Let me just click the link in this text.” And of course, if I plug a password in or if I confirm my account, my account has been compromised at that point. The key here is to not click on links of this nature in unsolicited texts. If you are concerned about an account being exposed or compromised, log in directly to the website to check for alerts, or call the company using the number published on their website.

Rental Management: Due to the nature of their operations, equipment and event rental companies are especially susceptible to wire fraud and business email compromises. What kind of actions should they regard as suspicious?

Wilson: When a mailbox is compromised, the attacker isn’t necessarily sending out spam or doing anything that is super obvious. They will lie in wait and gather information around somebody who is involved in invoicing or billing. An equipment rental business is a good example, because there tends to be a lot of correspondence around billing that happens via plain text email. The attacker might figure out who owes who what sum of money and then interject themselves into the email thread pretending to be an individual on one side or the other. They’ll say, ‘By the way, our payment address has changed. Here is the new place to submit your ACH payment or mail your check.’ And that payment is sent out to the new address. The person who has been compromised is none the wiser. If you don’t have cyber security insurance and you don’t figure it out within 72 hours, you often cannot get that money back or reverse that payment. That is wire fraud.

Rental Management: What can a rental business do to protect themselves as much as possible from bad actors who are getting craftier with that kind of method?

Wilson: I have been advising people — especially if you are in accounts payable or accounts receivable — to put a tag line in your email signature field in big letters saying something like: ‘Never trust payment information updates sent via email; we require confirmation over the phone for any changes to payment accounts.’ And have that be a policy that staff is aware of and has to adhere to so they don’t make changes on the fly.

Rental Management: It sounds like many of these threats are new twists on some of the same cybercrimes that have been around for a while.

Wilson: It’s nothing groundbreaking, just more well-crafted versions of all the stuff that we have seen in the past. These criminals are getting really good at lying in wait, observing what’s going on and knowing who your power players are. They know who is privy to your sensitive information so when they do strike, they know exactly where to go to get the information that, if they are going to hold you for ransom, is going to be super important, like PII, sensitive data or contract data that you are most likely to pay out the ransom to get back.

Rental Management: What would you say is the No. 1 proactive step a business owner can take to help prevent cyberattacks?

Wilson: The best thing you can do is have a staff who is aware of new and emerging threats, is constantly reminded and goes through cybersecurity awareness training. You want to get the wheels spinning and get people to stop and think before they click on the link. The way attackers get in the door is by catching an employee just not paying attention. Their guard isn’t up and one ‘oops’ click later, the attacker is in.

Insuring against cybercrimes

In today’s technology-dependent workplace, insurance coverage that can help a business respond in the event of a cyberattack is crucial. In some cases, such coverage brings with it resources that go beyond just financial backing to help the insured get back on its feet.

“One of the points that I normally go over in terms of [cybersecurity] protections to have in place is cybersecurity insurance, for obvious reasons, because you need to be able to pay out ransom if you don’t have viable backups and you need to get a decrypter. But if you make a cybersecurity insurance claim, you are going to have the benefit of a crisis support team at your disposal,” says Bridget Wilson, chief information security officer, Network Coverage, Danvers, Mass., a firm that provides information technology solutions and managed cybersecurity services.

Specific features of cybersecurity insurance coverage can vary, but Wilson says a crisis support team often is involved with some coverages and can include:

Legal counsel: Either a recommended or a required team, depending on the insurer.
Ransomware negotiators: “These are people who are specifically trained to deal with attackers,” Wilson says. “They could negotiate the payment, for example, down from $9 million to $3 million in Bitcoin. The last negotiators I worked with had somewhere around 500 negotiations in the previous 30 days. These guys are staffed 24 hours a day and are on the dark web in chat rooms, talking to the attackers and the bad actors, trying to go back and forth and negotiate a better payment [for the insured client].”
Forensics team: Digital experts who investigate the actions taken by the cybercriminal and develop strategies to assess damage, stop the spread and begin the recovery process.

American Rental Association (ARA) members in the U.S. with business insurance through ARA Insurance can discuss cybersecurity coverage details by contacting their local agent or request quote and coverage information at ARAinsure.com.

ARA members in Canada now have access to a comprehensive insurance package thanks to ARA’s partnership with Westland Insurance. Included among Westland’s insurance products is cyber insurance — coverage for 1st and 3rd party claims, including cybercrime (phishing scams, ransomware, EFT [electronic funds transfer] fraud) and 24/7 incident response coverage. Learn more about ARA’s Canadian Insurance Solution under the “Resources” tab at ARArental.org.