RIMScast: Emerging Cyber Trends with Davis Hake

Emerging Cyber Trends with Davis Hake

Nov 7, 2023

Welcome to RIMScast. Your host is Justin Smulison, Business Content Manager at RIMS, the Risk and Insurance Management Society.

In this episode, Justin interviews Davis Hake, Co-Founder of Resilience, about his career in national security work, including working with former Congressman Langevin, Homeland Security, and Obama’s National Security staff. Davis tells about co-founding Resilience in the private sector to help organizations build cybercrime resilience. He introduces the Resilience Midyear 2023 Claims Report, revealing important trends discovered in cybercrime through claims data, Reliance research, and partner research.

Davis closes the interview with a look to 2024, his plans for pushing the flywheel faster, and his analysis of what it will take to break the new cybercrime business model.

Key Takeaways:

[:01] About RIMScast.

[:27] About today’s episode, where we will discuss cyber security trends from Resilience’s Midyear 2023 Claims Report.

[:36] First, a quick shoutout to the RIMS New Zealand Pacific Island Chapter and Marsh Australia and New Zealand, who welcome you to Embrace The Unknown: Unleashing the Power of Risk, a one-day event on February 12, 2024 at the Pullman Hotel in Auckland, NZ.

[1:00] It will be a gathering of experts, thought leaders, and professionals from various industries to explore and discuss the critical role of risk management in today’s dynamic and uncertain world. There will be sessions on AI, Resilience, and Adaptability, highlighted by case studies and insights. See the link in this episode’s show notes.

[1:21] It’s never too early to talk about RISKWORLD 2024! Save the date, May 5th–8th, 2024 in sunny San Diego, California. Booth and sponsorship sales are open. Member registration opens this month, November 2023 and public registration opens in December 2023. Visit RIMS.org/RISKWORLD to learn all about it.

[1:51] Our guest today, Davis Hake, is the Co-Founder of Resilience, which recently released its Midyear 2023 Claims Report. They say ransomware is entering a new era as cybercriminals have begun shifting their tactics to bypass security controls by hitting critical vendors and seeking larger targets for extortions.

[2:14] They’re big game hunting again and we're going to talk all about it with Davis Hake. Davis had a fascinating career in government and we will learn about that, as well.

[2:33] Davis Hake, welcome to RIMScast! This episode was recorded in October, National Cybersecurity Awareness Month, but as Davis says, every month is National Cybersecurity Awareness Month!

[3:18] Davis grew up working in politics on the Hill, for Congressman Jim Langevin. Congressman Langevin was one of the first on the Hill to identify we had serious problems in our critical infrastructure in everything from power plants to communication. At about that time, Stuxnet became a public concern.

[3:50] Congressman Langevin dove into looking at what we need to do as a nation to secure these larger problems. He realized cyber is an economic problem of incentives, cost, and how businesses manage their digital innovation. He set Davis on a path to be passionate about trying to fix it.

[4:14] Davis worked for a time in the Obama administration for the National Security Council. He came to the private sector to work in cybersecurity and got together with his Co-Founders to build something that would take this technical problem to understand a company’s risk and how they invest against it.

[4:41] They looked at the insurance industry for how to drive better risk management practices and applied RM to cyber. They started in 2016. Now, in 2023, they have an amazing insurance team with some of the best folks in the industry, serving clients in the U.S., the EU, and the UK with close to 200 staff members.

[5:32] Davis praises former Congressman Langevin for his intense concern about national security, not as a politician but as one who served not only his constituents but the nation. He worked across the aisle to serve the national good. Most importantly, he got things done.

[6:18] Congressman Langevin left Congress in 2023. Before he left, he worked on the Cyber Solarium Commission, helped establish the office of the National Cyber Director, and helped establish some of the authorities that allowed DHS to build CISA. Congressman Langevin has retired to work on issues in the state of Rhode Island.

[7:43] Resilience’s Midyear 2023 Claims Report covers events from January through June of 2023. They wanted to report the data with actionable analysis on top of it. Besides Resilience claims data, they analyzed public data from other organizations to understand Resilience’s data in the context of the broader cybercrime trends.

[9:08] Third-party vendor risk has always been a concern. The change is that fewer and fewer companies are paying extortions to ransomware actors. So now groups are targeting critical vendors and running data extortions with thousands of victims. They don’t encrypt. Resilience clients have filed incident reports on these attacks from Clop.

[9:47] How do you protect against vendor risk? Risk transfer through cyber insurance is so important. Don’t just look at the risk mitigation side, but also the risks out of your control. Insurance helps absorb environmental risks. With vendors, you can require that they prove verification from certain audits, like the SOC 2 Audit.

[10:30] You can have vendors tell you best practices they follow with other clients. Are they practicing what they’re preaching with their data security? You can limit the data you share with them. By just working with any vendor, which we all have to do, you are assuming their risk if they’re holding your data and they’re not your company.

[11:22] The ransomware criminal marketplace is a bunch of startups, taking the easiest path to revenue. Running a negotiation, locking up a company, and ensuring that you get access to their backups all take a lot of time.

[11:52] It is easier to target companies that have highly sensitive data they wouldn’t want exposed and threaten to release it. Resilience sees a lower rate of payment for these types of attacks but those who pay, end up paying large amounts. The Moveit attack and following attacks are estimated to have made Clop around $100 million.

[12:44] The Resilience report discusses data from other groups that show less than 40% of encryption victims are paying ransom, down from 80% in 2022. Resilience works to prepare their clients against ransomware attacks and about 15% of their clients attacked by ransomware pay the ransom. That number has gone down since 2022.

[15:06] Resilience helps clients to imagine the worst day for their clients. Let’s work backward to ensure that the worst day doesn't happen. That thinking has been core in helping companies reduce paying extortions. When executives pay extortions, it’s usually in a panic, thinking they can make this worst day immediately go away.

[15:49] If criminal groups have access to your data, they will do everything they can to use it against you. Prepare to protect that data in a way that is incredibly secure or resilient or make your organization resilient to this type of pressure. That’s the best thing you can do to limit financial loss and protect your customers from their worst day.

[16:21] RIMS plug time! Upcoming Virtual Workshops: Visit RIMS.org/virtualworkshops to see the full calendar. December 7th starts the three-part course, Leveraging Data and Analytics for Continuous Risk Management, which will be led by our friend Pat Saporito.

[16:42] Fundamentals of Insurance returns on December 12th and 13th. It will be led by our good friend Gail Kyomura. Information about these sessions and others is on the RIMS Virtual Workshops page. Check it out and register!

[16:59] Metrics That Matter has cyber on their minds with Enhance Decision-Making Across Your Cybersecurity Program on November 7th. CLARA Analytics makes its RIMS debut on November 9th with Risk Management in the Era of Artificial Intelligence.

[17:22] On November 16th, Nationwide returns to present U.S. Customs Surety Bonds: A Primer for Risk Professionals. On November 21st, Beazley returns to present Business Risk: Helping Your Executives to Navigate Today’s Volatile Risk Environment.

[17:41] On December 12th, Prepare Yourself for the New Generation of Risk with Riskonnect. On December 14th, Aon will be Addressing Today’s Risks While Preparing for the Risks of Tomorrow.

[17:54] Visit RIMS.org/Webinars to learn more about these webinars and to register! Links are in the show notes. Webinar registration is complimentary for RIMS members.

[19:01] After the Colonial Pipeline attack, the U.S. security establishment got much more serious about ransomware. Defense against cybercrime was something that had been left up to the private sector. The administration started to take cybercrime seriously and cooperate with industry, working with CISA and the FBI heavily to fight back.

[19:48] When the War in Ukraine happened, the cooperation between the public and private sectors in the fight against ransomware intensified. As organizations have become more resilient against paying extortion, cybercriminals have to go after the big guys to get a payment. Cybercrime is indiscriminate between industries it targets.

[20:29] In Q1, 2023 there was a tide of cybercrime targeting healthcare organizations. In Q2, there was a big tide against manufacturing organizations. Clop then hit a few vendors for educational organizations. Organizations like MGM and Caesar’s which were hit, have massive networks full of devices they monitor, with different networks.

[21:13] MGM refused to pay, while Caesar’s paid the extortion. The reporting shows that Caesar’s has had an easier road to recovery. It may make more economic sense for large companies to pay the extortion. But that’s a bad message. That’s what has Resilience concerned. More complex clients, though better defended, are likely to pay.

[22:02] Groups like Clop are choosy about their targets and prioritize large organizations with a lot to lose. To successfully defend cyber in an enterprise, all the tech teams must work together and not remain siloed. Incentives have to come from the top that get the CIO, Risk, and Finance planning budgets together. It’s how your team works together.

[23:06] Davis served briefly on the National Security staff in the Obama Administration after working in Homeland Security.

[23:22] After the Obama Administration, a lot of the National Security staff moved to the private sector. Some continued to fight the security fight. The CEO of Resilience is a part-time Reservist working in Cyberdefense. He sees the national-level mission and the larger cyber trends.

[24:18] Most insurance is not operational; it’s reactionary, working with prior data to price the risk. In cyber, you’re too late if you’re taking that approach. Resilience has a threat intelligence team, taking in data much faster than a traditional insurance organization.

[25:07] Resilience is standing up a team that is working to provide technical analysis and trend analysis. They will show the large trends and the reasons they are happening, and validation from Resilience data and partner data. They’re combining financial loss and impact with threat intelligence they are monitoring from the security team.

[26:59] Davis says the tactic of encryptionless distortion is an evolution of the cybercrime business model, making it more efficient and effective. It’s a call to action for security. Building better widgets will not out-innovate these guys. We have to build better strategies and better business models that take their business models down.

[27:28] Resilience is working to build a better resilient flywheel, with insurance, visibility, and working with clients to address that will ultimately lead to lower financial loss for clients and the Resilience insurance company. They want to push the flywheel faster and faster until they can get inside the adversary’s business model.

[28:03] Special thanks again to Davis Hake for joining us on RIMScast. The link to the Midyear Report is in this episode’s show notes.

[28:13] Go to the App Store and download the RIMS App. This is a special members-only benefit. Everybody loves the RIMS App!

[28:37] You can sponsor a RIMScast episode for this, our weekly show, or a dedicated episode. Links to sponsored episodes are in our show notes. RIMScast has a global audience of risk professionals, legal professionals, students, business leaders, C-Suite executives, and more. Let’s collaborate! Contact pd@rims.org for more information.

[29:21] Become a RIMS member and get access to the tools, thought leadership, and network you need to succeed. Visit RIMS.org/membership or email membershipdept@RIMS.org for more information. The RIMS app is available only for RIMS members! You can find it in the App Store.

[29:46] Risk Knowledge is the RIMS searchable content library that provides relevant information for today’s risk professionals. Materials include RIMS executive reports, survey findings, contributed articles, industry research, benchmarking data, and more.

[30:02] For the best reporting on the profession of risk management, read Risk Management Magazine at RMMagazine.com and in print, and check out the blog at RiskManagementMonitor.com. Justin Smulison is Business Content Manager at RIMS. You can email Justin at Content@RIMS.org.

[30:25] Thank you for your continued support and engagement on social media channels! We appreciate all your kind words. Listen every week! Stay safe!

Mentioned in this Episode:

Riskworld 2024 — San Diego, CA | May 5–8, 2024

Embrace The Unknown: Unleashing the Power of Risk | Hosted Live & In-Person by RIMS NZ & PI | Feb 12, 2024 | Register early to save 18%:

Dan Kugler Risk Manager on Campus Grant

RIMS-Certified Risk Management Professional (RIMS-CRMP)

NEW FOR MEMBERS! RIMS Mobile App

Resilience Midyear 2023 Claims Report

RIMS Webinars:

Enhance Decision-Making Across Your Cybersecurity Program | Sponsored by Metrics That Matter | Nov. 7, 2023

Risk Management in the Era of Artificial Intelligence | Sponsored by CLARA Analytics | Nov. 9, 2023

An Introduction to U. S. Custom Surety Bonds | Sponsored by Nationwide | Nov. 16, 2023

Business Risk: Helping your Executives Navigate Today’s Volatile Risk Environment | Sponsored by Beazley | Nov. 21, 2023

Prepare Yourself for the New Generation of Risk | Sponsored by Riskonnect | Dec. 12, 2023

Addressing Today’s Risks While Preparing for Tomorrow | Sponsored by Aon | Dec. 14, 2023

How Risk Managers Can Combat Human Trafficking In 2024 | Presented by RIMS | Jan. 16, 2024

RIMS.org/Webinars
Upcoming Virtual Workshops:

Leveraging Data and Analytics for Continuous Risk Management | Dec 7

See the full calendar of RIMS Virtual Workshops

All RIMS-CRMP Prep Workshops — Including Chris Mandel’s Dec 13–14 Course

Related RIMScast Episodes:

“Cybersecurity Awareness Month 2023 with Pamela Hans of Anderson Kill”

“Cybersecurity Reporting Updates with Hilary Tuttle of Risk Management Magazine”

“Cybersecurity and Insurance Outlook 2023 with Josephine Wolff”

“Genuine Generative AI Talk with Tom Wilde of Indico Data”

“Getting to Know Jackware with Dan Healy of Anderson Kill”