Qantas is progressively emailing customers impacted by last week’s cyberattack. In a media statement the flagship airline also confirmed that the data of 5.7 million customers was compromised but said there was no evidence any stolen information was “released”.
The airline did not mention who was behind the attack, if a ransom was paid or what compensation, if any, would be offered to customers. However, the attack does offer cyber risk management lessons for insurance brokers. Insurance Business has reached out to experts for their views.
Specialist cyber broker Andrew Brett (pictured) said cyber assaults on larger companies are now rarely direct attacks.
“Threat actors seem to be commonly compromising smaller third-party external service providers of these larger companies within their supply chain and then gaining access via these trusted internal avenues,” said Brett who is director of Infosure Insurance.
He suggested brokers renew their focus on clients’ supply chains. “It is now highlighting the crucial risk that supply chains are only as strong as their weakest link and it’s not just the cybersecurity posture of your own company that you need to concern yourself with,” said Brett.
He said through his cyber risk management work he’s found that it can be newer firms with tight budgets and more cost pressures that are more likely to be this weak link.
“It should be very concerning to all companies that within these supply chains the less mature and less financially abundant companies are the ones that do not have a sufficient cybersecurity posture, or a reasonable financial ability to respond to a suspected cyber incident, yet are still dealing with very large companies,” said Brett.
He said threat actors know this.
“It is a lot easier to compromise these smaller companies quietly and then work your way up the chain, than try and breach the large companies directly,” said Brett.
Another issue, he said, is the high proportion of companies along the supply chain that don’t carry cyber insurance and don’t “adequately investigate suspected cyber incidents, due to the costs involved.”
He said these firms run the risk of failing to rid their systems of the cyber issues from an attack which can remain live and ultimately spread throughout the supply chain.
Qantas hasn’t provided information around any possible insurance coverage implications the firm may have from the attack. It’s unknown whether the airline has cyber cover or if it was activated. However, Brett suggested that several could be coming into play if the firm has a comprehensive cyber insurance policy, including digital forensics cover and legal aid cover. “[Possible solutions include] digital forensics to investigate the scope of the incident, specialist cyber legal aid to be able to discuss next steps and all possible options, as well as converse with the relevant government authorities,” he said, “[along with] specialist cyber public relations assistance to be able to communicate confident and comforting messaging to those affected customers.”
Brett said a lesser known coverage could also be deployed that would cover ongoing assistance for customers, including a fraud hotline.
Qantas hasn’t identified the attacker but some experts are pointing towards Scattered Spider.
Praneil Kumar, incident response lead for Coalition in Australia, said the attack came days after an FBI warning that this group was focusing on global airlines.
“Scattered Spider, a cybercriminal group known for its multifaceted and highly coordinated attack tactics, has recently pivoted its focus to the airline industry,” he said in comments sent to IB. “Their tactics share distinct similarities to the recent Qantas breach.”
Kumar agreed with Brett’s assessment that a major broker lesson from the attack could be the implications for smaller companies that are part of a larger firm’s supply chain.
“Larger businesses typically make headlines, they often have the resources, such as cyber insurance, to weather such incidents,” he said. “Conversely, SMEs usually lack both the financial resilience and protection to recover quickly. Cyber risk is a fundamental business continuity threat that SMEs must urgently prioritise.”
Kumar recommended a range of preventative actions that brokers could suggest SMEs take to help prevent any future attacks. The measures included strengthening MFA protections, securing help desks and call centres and reviewing and monitoring third-party access
What do you see as the insurance and risk management lessons from the cyberattack on Qantas? Please tell us below.
