Tag Archive for: minimize

Can You Minimize Ransomware Settlement Exposure with Cyber Insurance?


Nearly anyone can be a victim on the cyber battlefield, including celebrities. The personal data of Madonna, Bruce Springsteen, Lady Gaga, and Elton John was stolen from Grubman Shire Meiselas & Sacks (GSMS), and because GSMS refused to pay the ransom in full, much of the information ended up for sale on the internet. Even though the FBI got involved and GSMS hired private individuals to recover the data, only some of it was reclaimed.

The GSMS attack used what’s referred to as the double extortion method:

  • First, they stole data
  • Then, they threatened to publish the data if GSMS didn’t pay the ransom within a specified time frame

A ransomware attacker can gain access to your system through a number of ways, including guessing an employee’s password, using malware to infiltrate your network, email spoofing, or spear phishing, which is explained in this video by Cisco.

While cyber insurance cannot prevent a ransomware attack, there’s a lot it can do if you find your systems hacked and your data held for ransom. But each attack—and insurance policy—is different. 

Below, we’ll discuss how cyber insurance works, how it can be used to reduce the impact of ransomware settlements, what it covers, and the trends shaping the cyber insurance industry.

What Is Cyber Insurance and Who Needs It?

An organization can obtain cybersecurity insurance, also known as cyber liability insurance or cyber insurance, to help mitigate internet-related risks such as ransomware and other forms of cyberattack. The insurance contract transfers some of the risks to the insurer in return for a monthly or quarterly payment.

Cyber insurance benefits companies that produce, store, and handle electronic data online, such as credit card details, client contact information, and consumer purchases. It can help pay for the costs of reclaiming data in case it gets stolen. Cyber insurance is also an advantage for e-commerce companies because downtime resulting from a breach may result in lost clients and sales. 

Can You Minimize Ransomware Settlement Exposure with Cyber Insurance?

Ransomware attacks are becoming more prevalent. And because no company is too big or small for malicious actors, it’s only a…

Source…

Defense in Depth to minimize the impact of ransomware attacks


Ransomware attacks continue to plague organizations globally regardless of their size. In a press release by the NCC group that preceded the Annual Threat Monitor Report 2021 published for the year 2021, there were an estimated 2,690 ransomware attacks, a 92.7% increase from 2020s figures of 1,389. The increase of ransomware attacks builds upon the general gradual rise in cyber-attacks in the wake of the COVID-19 pandemic. Ransomware accounted for roughly 65.4% of global cyber incidents in 2021. North America and Europe accounted for the most attacked regions with 53% and 30% of all the attacks respectively.

In a Ransomware report published by Cyber Security Works for Q1 of 2022, there has been an increase in eight of the ten ransomware foci. One positive revelation is that ransomware vulnerability detection capabilities appear to be improving. However, it is uncertain if this accounts for copycat variants, or if these are truly unique signature detections. Regardless of that curiosity, the figures in comparison to 2021 show the unrelenting nature of the current ransomware ecosystem.

DevOps Connect:DevSecOps @ RSAC 2022
Figure 1 – Ransomware index 2022 Q1

Accordingly, in the PhishLabs Ransomware Playbook for Q1 2022, enterprises are specifically being targeted by ransomware operators to disable their critical systems and publish their stolen data. This has led to a 144% increase in ransom demands with victims being convinced more to pay ransoms in the hope their stolen data is not sold to third parties or published in criminal marketplaces.  

Understandably, most organizations that suffer ransomware attacks are left with the options of either not paying and risking their data being exposed, or paying the ransom in the hope that the threat actor does not release their data afterwards. Either way, it is a difficult position to be in, one often influenced by (Read more…)

Source…

Threat hunters minimize Russia’s cyber prowess


Dive Brief:

  • Russian cyberattacks against Ukraine and its allies have yet to materialize at the scale and severity many expected. Russia’s attack against Viasat’s KA-SAT management network during the first hours of its invasion of Ukraine remains its most significant success to date.
  • The Russian wiper malware attack on Viasat was “one of the biggest cyber events that we have seen perhaps ever, certainly in warfare,” Dmitri Alperovitch, CrowdStrike cofounder and executive chairman of the Silverado Policy Accelerator, said Tuesday at the RSA Conference. It blocked the Ukrainian military’s ability to communicate in the first days of the invasion, but Russia’s gain was short-lived.
  • “As we have seen time and time again, for now almost three and a half months of this war, the Russians are horrible at combined arms,” Alperovitch said. This extends to its traditional military that’s faltered on the ground and in the air due to a lack of coordination.

Dive Insight:

Russia has consistently displayed a lack of foresight and planning in its cyber activities since it invaded Ukraine more than 100 days ago. Despite tactical successes in Ukraine, Russia failed to turn those into potentially more devastating campaigns. 

While cyber is an important weapon in warfare, the assumption that it will be such a critical element has been overblown, Alperovitch said. “Even the best tactics, even in cyber, don’t compensate for a really, really bad plan.”

Russia hasn’t, despite expectations, retaliated for the sanctions via cyberattacks against Ukraine’s allies but those attacks may still come. While Russia’s cyberthreat remains lower than expected, the White House and federal cybersecurity authorities continue to caution organizations to remain vigilant. 

The Department of Justice in April disrupted the state-backed Russian botnet Cyclops Blink and Attorney General Merrick Garland pointed to the Russian government’s use of similar infrastructure to attack Ukrainian targets.

Sandra Joyce, EVP and head of global intelligence at Mandiant, said her team observed wiper attacks on individuals and Chinese threat actors operating…

Source…

Learn to minimize the risk of computer threats at cyber security workshop – The County

Learn to minimize the risk of computer threats at cyber security workshop  The County
“computer security news” – read more