Tuesday, June 27, 2017

New Tool to Detect Ransomware May Prevent a Cyber Catastrophe

We here in the CAT – Law pressroom occasionally come to have a dispirited world view due to our constant and laser-like focus on the topic of catastrophes.  However, our Magic 8 Ball has been saying “it is most probable” every time we ask if the recent “WannaCry” ransomware virus might actually be the dark just before the dawn.  So rather than our normal article on a possible catastrophe, here is our take on a type of cyber catastrophe that is now more easily prevented.

Last month, hackers attacked businesses and government entities in 150 countries with a ransomware worm known as “WannaCry.” These hackers gained access to business and government servers, infecting them with WannaCry, either by exploiting software vulnerabilities in an older, yet popular, Windows operating system or through phishing emails designed to trick users into giving hackers access. Once WannaCry was in, it spread rapidly and autonomously throughout the system, encrypting the files on the victims’ systems and thus denying the victims access to their own data. The hackers then demanded a ransom, requiring victims to pay, on average, $300 for the release of their information.

Although WannaCry is the latest cyber-attack to make the news, it is by no means the only threat. IBM President and CEO Ginni Rometty, has described cybercrime as “the greatest threat to every profession, every industry, every company in the world.” And analysts predict that cybercrime will cost consumers more than $2 trillion globally by 2019, nearly four times the estimated cost of breaches in 2015.

But massive ransomware attacks like WannaCry are now more easily prevented.

The cyber-security community has developed a sophisticated new weapon for battling malware generally, and ransomware specifically, known as Endpoint Detection and Response (“EDR”). EDR software focuses on protecting each user device, which are known as endpoints. Endpoints include not only servers but individual computers and portable devices as well. EDR software uses artificial intelligence to learn and analyze system activity. So when a virus attempts to perform a function out of the ordinary, such as encrypting all of one’s files, it becomes a red flag and the EDR software can act to detect and prevent it.

Because EDR software focuses on the behavior of a program, it can detect malware other more traditional virus protection programs cannot. For example, traditional signature-based virus detection programs function by blocking malware when the program’s coding—or signature—reveals that it’s malware. Thus, traditional malware detection programs can only stop known viruses. But because EDR software focuses on a program’s behavior, rather than its signature, it’s able to detect malicious software (including unknown viruses) that affect the function of the endpoint. In short, EDR software is a more effective, proactive tool against cyber-attacks.

Entities looking to improve their odds against cyber-criminals should consider adding EDR software to their arsenal, to compliment their other weapons against cyber-crime such as ongoing training of personnel and restricting user privileges. And insurers covering the risk of loss from cyber-attacks should consider recommending—or even requiring—that policyholders use EDR software to better prevent or minimize loss from cyber attacks, thereby lowering their exposure to such losses. The use of EDR software as part of a diligent cyber-security plan may dramatically reduce the risk of loss from a number of cyber attacks.

Tuesday, June 20, 2017

Hold on to Your Hats: Another Active Hurricane Season Forecasted

Some wait for football season in the Fall while others anticipate baseball season in the Spring. Some sports fans are disappointed that basketball season just ended. But those in the insurance industry often anxiously anticipate the Atlantic Hurricane Season.
June 1 kicked off the official start of the Atlantic Hurricane Season, which incorporates property located in the North Atlantic, Gulf of Mexico, and Caribbean Sea. The season officially runs through November 30, but does not always abide by the parameters of the season’s timeline. For example, the first Named Storm of the season came early – Tropical Storm Arlene developed on April 20 in the central Atlantic region.
Like sports, the Hurricane Season has forecasters who provide watchers with guidance on what to expect this year. On May 25, 2017, the National Oceanic and Atmospheric Administration (NOAA) issued a press release outlining its 2017 Atlantic Hurricane Season outlook. The NOAA predicts that there will be 11-17 Named Storms and 5-9 Hurricanes – categorizing 2-4 as “major”. Named Storms are defined as having top winds of 39 mph or higher. A Hurricane has top winds of 74 mph or higher. And a Major Hurricane has wind speeds of at least 111 mph.
If the NOAA’s forecast is accurate, there will likely be at least 3-4 storms that will impact insured property. Hurricanes and Tropical Storms pose significant property risks – both direct and indirect. For example, high winds associated with these storms wreak havoc on roofing systems and windows, and cause damage from blown debris. The storms may stall over an area, unleashing downpours of rain and leave water with no place to go except into an insured building. And storm surge has proven to be a significant risk to property. The waves and water from a storm surge can level homes and, in extreme circumstances, reach further inland than anticipated or protected against. The over-all effect of these storms can damage local economies, affect power to neighborhoods and cities, and cause business interruption losses.
The question, therefore, is whether the NOAA’s forecast is reliable. Based on the last five years, the answer is yes. Below is a chart that compares the NOAA’s forecast with the season results:
 
Predicted
Actual
Total Named Storms
9-15
 
Tropical Storms
 
9
Hurricanes
4-8
10
Major Hurricanes
1-3
2
 
Predicted
Actual
Total Named Storms
13-20
 
Tropical Storms
 
11
Hurricanes
7-11
2
Major Hurricanes
3-6
0
 
Predicted
Actual
Total Named Storms
8-13
 
Tropical Storms
 
2
Hurricanes
3-6
6
Major Hurricanes
1-2
2
 
Predicted
Actual
Total Named Storms
6-11
 
Tropical Storms
 
8
Hurricanes
3-6
4
Major Hurricanes
0-2
2
 
Predicted
Actual
Total Named Storms
10-16
 
Tropical Storms
 
9
Hurricanes
4-8
7
Major Hurricanes
1-4
4

With the exception of 2013, the NOAA’s predictions have been relatively accurate. Therefore, Hurricane Watchers should be prepared for over 10 Tropical Storms and a potentially large number of Hurricanes during this year’s Atlantic Hurricane Season.
Posted by Shannon O'Malley

Monday, June 12, 2017

What's in a Name?

The 2017 Atlantic Hurricane Season started on June 1, 2017, with one preseason storm already under our belt.  The first tropical storm, Arlene, formed on April 20, 2017, only lasted a few days and did not receive much attention.  The presence of a preseason storm also indicates that the 2017 Atlantic Hurricane Season may be particularly active.   On May 25, 2017, the National Oceanic and Atmospheric Administration (“NOAA”) issued a release advising that its Climate Prediction Center advised that the Atlantic could see another above-normal hurricane season.  Based on low-level El Niño activity, which stifles organization of storm systems in the Atlantic, the outlook is expected as follows: 



Source: www.noaa.gov/image_download/4029?itok=VoZr7icX

The early activity and several projected large storms may spur memories of seasons past where names like Andrew, Hugo, Alicia, Francis, Jeanne, Wilma, and Katrina made history and left a mark in the minds of many.  Given the immediate reaction elicited by some of these names, one may wonder why and how weather events tome to be named. 

The main purpose in naming a tropical cyclone/hurricane is to facilitate tropical cyclone/hurricane disaster risk awareness, preparedness, management, and reduction by associating each event with a name that makes it easy to understand and remember the tropical cyclone/hurricane in a region.  The shift to naming storms to assist with dissemination of information and encourage preparedness came in the United States between 1953 and 1979, during which time female first names were used to identify storms and then names associated with both genders were adopted. 

Despite a common misconception, the National Hurricane Center does not control the naming of tropical storms.  The World Meteorological Organization establishes the storm naming procedure.  For Atlantic hurricanes, there is a list of male and female names which are used on a six-year rotation. The only time that there is a change is if a storm is so deadly or costly that the future use of its name for a different storm would be inappropriate. If more than twenty-one named tropical cyclones occur in a season, any additional storms will take names from the Greek alphabet.  Tropical cyclones/hurricanes are not named after any specific person, the tropical cyclone/hurricane names selected are those that are familiar to the people in each region. 

Storm naming has other implications beyond the dissemination of tracking information.  It also affects claim adjustment preparedness.  The existence of a named storm may trigger the application of certain wind deductibles – wind/hail deductibles and hurricane deductibles.  Hurricane deductibles typically apply to hurricanes and named storms, which is when the naming of a weather event becomes a significant factor in the adjustment..  The other type of wind deductible is the wind/hail deductible which typically applies to any kind of wind-related damage.

In the United States, nineteen states and the District of Columbia have statutory hurricane definitions. One of those states is Florida where the Florida Statutes define residential “Hurricane Coverage” as follows:

(2) As used in policies providing residential coverage: 

(a) “Hurricane coverage” is coverage for loss or damage caused by the peril of windstorm during a hurricane. The term includes ensuing damage to the interior of a building, or to property inside a building, caused by rain, snow, sleet, hail, sand, or dust if the direct force of the windstorm first damages the building, causing an opening through which rain, snow, sleet, hail, sand, or dust enters and causes damage.

(b) “Windstorm” for purposes of paragraph (a) means wind, wind gusts, hail, rain, tornadoes, or cyclones caused by or resulting from a hurricane which results in direct physical loss or damage to property.

(c) “Hurricane” for purposes of paragraphs (a) and (b) means a storm system that has been declared to be a hurricane by the National Hurricane Center of the National Weather Service. The duration of the hurricane includes the time period, in Florida:

1. Beginning at the time a hurricane watch or hurricane warning is issued for any part of Florida by the National Hurricane Center of the National Weather Service;

2. Continuing for the time period during which the hurricane conditions exist anywhere in Florida; and

3. Ending 72 hours following the termination of the last hurricane watch or hurricane warning issued for any part of Florida by the National Hurricane Center of the National Weather Service. 

Fla. Stat. 627.4025(2)(a)(2016). 

According to the Insurance Service Office (“ISO”), hurricanes and tropical storms caused approximately $158.6 billion in insured losses (in 2015 dollars) in the United States from 1996 to 2015.  Therefore, understanding the implications of named storms becomes a critical component of claim management and risk projection – another form of preparedness during hurricane season. 

Posted by Anaysa Gallardo Stutzman