Until July 2, many cybersecurity experts knew little about Kaseya, a privately owned provider of IT management software services. That is the scariest thing about the hack of one of the firm’s software packages, which enabled thieves to encrypt the data of as many as 1,500 companies and demand USD 70 million in ransom to date.
This cyberattack marks a fresh and dramatic escalation of the threat that ransomware poses to organizations around the world. It follows on the heels of recent hacks of a leading meat processor, a major provider of email services, and network management supplier SolarWinds. And importantly, it widens the threat aperture to small- and medium-sized companies — including a Swedish grocery chain that was forced to close — the main market for Kaseya’s software.
These growing attacks underscore the urgent need for companies and governments to collaborate in the fight against ransomware criminals. This involves sharing information about threats and software vulnerabilities and developing incident-response plans. The Federal Bureau of Investigation and the U.S. Cybersecurity and Infrastructure Security Agency have been working with Kaseya to respond to the attack and reach out to affected victims. Paul Mee, Partner, Digital and Financial Services at Oliver Wyman, and Erica Davis, Global Co-Head of Cyber at Guy Carpenter, discuss insurance industry challenges.