Wave Systems Corp. (fka WAVXQ)

[Genz2]

Global cyber attack could cost up to $193bn, study shows

https://www.computerweekly.com/news/252456612/Global-cyber-attack-could-cost-up-to-193bn-study-shows

A coordinated global cyber attack could have an economic impact of up to $193bn, an insurance industry-backed report claims

Cyber defence tools alongside appropriate insurance are essential in the light of an insurance industry report on the potential cost of a global cyber attack, say security industry representatives.

A coordinated global cyber attack spread by email could have an economic impact of between $85bn and $193bn, according to a report by the Cyber Risk Management (CyRiM) project, a Singapore-based public-private initiative that assesses cyber risks.

CyRiM’s objectives include research into the definition of cyber risk, the creation of a set of cyber event scenarios for impact quantification, the creation of benchmark cyber loss models, and the development of a non-intrusive cyber security exposure assessments capability.

According to CyRiM, the “lack of sound data, the rapidly changing cyber threat environment, developing regulation and policy landscape, and the global nature of cyber risk with potential for high accumulation risk, constrains the development of the current cyber risk insurance market”.

The report, co-produced by Lloyd’s of London, Aon and other CyRiM partners, explores a hypothetical scenario in which companies’ devices are infected with malware that threatens to destroy or block access to files unless a ransom is paid.

The attack is launched through an infected email, which, once opened, is forwarded to all contacts and, within 24 hours, encrypts all data on nearly 30 million devices worldwide. Companies of all sizes and in all sectors would be forced to pay a ransom to decrypt their data or to replace their infected devices.

The report estimates that a cyber attack on this scale could affect more than 600,000 businesses worldwide.

In the least severe scenario, retail suffers the highest total economic loss globally ($15bn), followed by healthcare ($10bn) and manufacturing ($9bn). In the most severe scenario, retail and healthcare would be the most affected ($25bn each), followed by manufacturing ($24bn).

According to the research, the economic impact would be the greatest in the US ($46bn-$89bn) driven mainly by the infection of “premier-sized”companies, followed by Europe, where $30bn-$76bn is at stake, with retail, business and professional services, and manufacturing likely to be the hardest-hit sectors.

Despite the high costs to business, the report shows that the global economy is under-prepared for such an attack, with 86% of the total economic losses uninsured, leaving an insurance gap of $166bn.

Ed Macnair, CEO of cloud security company CensorNet, said there is no doubt that the potential economic impact of cyber attacks is increasing.

“Should an event like this occur, it would be devastating, but this seems like the very worst-case scenario,” he said, pointing out that the research is based on a phishing attack.

“The kind of spread they are talking about would be prevented if just a couple of companies had email security in place. The chances are that many more than that do. Of course, phishing attacks are getting smarter and can catch out even the savviest, but modern security tools can also prevent such a rapid propagation of infection,” said Macnair.

“Security tools have got much smarter over the last few years with more and more integration, and could, in theory, be picked up by an email security tool and blocked from being sent on. Then email security speaks to a web security tool, and malicious links are blocked from opening in web clients.”

Cyber insurance is a good idea to have, said Macnair, but without preventative tools in place, it is the same as insuring household contents and leaving the door unlocked, he said. “It’s there as a back-up and, if you do everything right, insurance shouldn’t be needed.”

The report estimates that the total claims paid by the insurance industry in this scenario would be between $10bn and $27bn.

“Comparing the insurance loss estimates to the economic losses shows insurance industry losses are between 9% and 14% of the total economic loss, which shows there are high levels of underinsurance for this type of cyber attack,” the report said.

With the estimated 2019 “cyber affirmative insurance premium” globally at $6.4bn, the research shows the insurance industry is “significantly exposed” to a contagious malware event.

According to the report, the scenario shows that the reliance of the global economy on connectivity significantly increases the scope of the damage caused by malware and, for the first time, quantifies the impacts of a global, systemic, ransomware attack.

“The scenario challenges assumptions of global preparedness for a cyber attack of this nature and sends a clear message to organisations, individual entities, industry associations, markets and policymakers that they must improve their awareness, and assessment of this threat,” the report said.

The report concluded that the expansion of the cyber insurance market is “both necessary and inevitable” and that scenarios such as those used in the research will help insurers expand their view of cyber risks and help them create “new products and services that make businesses and communities more resilient”.
=================================================================
Drive Trust Alliance Announces Free Fix for Lurking Ransomware Threats

https://www.prnewswire.com/news-releases/drive-trust-alliance-announces-free-fix-for-lurking-ransomware-threats-300569969.html

PITTSBURGH, Dec. 12, 2017 /PRNewswire/ -- There are many millions of computer hard drives, from every hard drive maker, that are especially open to devastating ransomware attacks. These drives are known as a TCG Self-Encrypting Drives (SEDs). If they are not properly initialized, there can be trouble with ransomware attacks. If these are properly initialized, there is little or no danger of these ransomware attacks.

Most Solid State Drives or SSDs and many hard disk drives in laptops, desktops, and servers worldwide fall into this uninitialized category. People worldwide use these SEDs today for boot drives, USB attached storage, and server storage. Very few even know the danger.

And ransomware is not a thing of the past. It continues. An unsuspecting victim clicks on an email attachment, or something on the web, and his data is encrypted by the attacker. The attacker then demands a ransom payment to unlock his data. Nobody is safe from a successful ransomware attack. As one government official has remarked, it is not a question of "if" it is a question of "when."

For over a decade these SED drives have been in distribution. All too often, software does not properly initialize the drives to prevent ransomware attacks. The hacker can then instantly employ the strong hardware drive encryption to encrypt the data on it. As Dr. Robert Thibadeau of DTA remarks, "Notably, even Microsoft Bitlocker often does not detect the Self-Encrypting Drive, and will use Software Bitlocker. Bitlocker then leaves the drive open to a ransomware attack that the guy didn't expect. The same is true for virus checkers and other security software."

The Drive Trust Alliance (DTA) has introduced a small Windows program, for free, SEDProtect.exe. This software will detect any vulnerable TCG Opal Self-Encrypting Drive connected to a computer. SEDProtect is based on DTA Open Source which can also be downloaded for inspection. See www.drivetrust.com/protect . The protection is simple and easy as typing an owner password for the drive. This need be done only once for the life of the drive.

To put these SEDs to safe use in USB Attached storage, DTA has introduced full featured software in DTA's Personality Series of USB SEDs. The USB Personality Series includes personal, small IT shop, family, archival, and forensic drives at the same low price. They are available on Amazon under "DTA hardware encrypting." Like SEDProtect, Personality Series USB software can also detect any other vulnerable USB drive that happens to be a TCG Opal SED, and will permit the owner to secure and manage that drive as well.

DTA urges everyone to check and protect their machines for TCG Opal SEDs. DTA (www.DriveTrust.com) has an educational and technical mission to improve the adoption of hardware-encrypting storage. Protected, the real owner of the drive can benefit from the self-encrypting drive's amazingly strong privacy and security assurances. Unprotected, ransomware wins.
==================================================================
Wave has an excellent SED management system for these SEDs in the market place! Because SEDs have been standardized on all SSDs and on business HDDs, there are many millions of SEDs in the market that could be managed by Wave to help prevent ransomware on computers. And according to this article ransomware could one day cause many billions in overall damage if computers aren't properly protected.
=================================================================
https://www.wavesys.com/products/wave-self-encrypting-drive-management

Excerpt:

Enterprises choose Wave to manage SEDs

Why? From our single console, you can manage all your organization’s self-encrypting drives (SEDs) easily and remotely, whether they number in the hundreds, or hundreds of thousands.

SEDs are the most secure, best-performing and most transparent encryption option for protecting data on laptops. These drives automatically encrypt all data written to the drive, so you don’t have to decide what’s important enough to encrypt. They also perform this encryption in the hardware of the drive, so you don’t end up with the performance issues software full-disk encryption is infamous for. SEDs are available as HDD or SSD, and are sold by most major drive manufacturers.

Wave’s management solution delivers remote drive initialization, user management, drive locking, user recovery and crypto-erase for all Opal-based, proprietary and solid-state SEDs.