Tag: Insider threat

The Takeaways:

1. Colonial Pipeline ransomware attack was one of the best known cyber insecurity incidents in the US. It potentially cost the firm multiple millions on ransom and disruption of operation for days with the largest fuel pipeline system.
2. Cyber security threats range from phishing, ransomware, malware, Distributed Denial of Service, Advanced Persistent Threats, Zero-day exploit, social engineer, insider threat and Internet of Things (IoT) threat.
3. The best approach to dealing with cyber security is to do both risk management and risk transfer.
4. Risk management covers fields of identifying vulnerabilities (knowing where weaknesses are), prioritizing risks (knowing which risk brings bigger loss), developing risk mitigation strategies (firewalls, access control, incidence response plans and regular testing), monitoring for threat (staying up to date with the latest threat) and continuing improvement (regular review, invest in new technologies).
5. Risk transfer means purchasing cyber insurance, which helps companies hedge against the potentially devastating effects of cybercrimes such as malware, ransomware, distributed denial-of-service (DDoS) attacks, or any other method used to compromise a network and sensitive data. It cover the costs associated with a cyberattack, including loss of business income due to the attack and additional direct costs such as forensic expenses. In some cases, policies can even cover losses from an attack on a third-party such as a vendor or partner. It can also incentivize companies to implement stronger cybersecurity measures as many insurance policies require businesses to meet certain security standards in order to be eligible for coverage.
6. It’s worth noting that traditional insurance policies like property liability, general liability, or directors and officers insurance, may not cover some of the consequences of a cyber-attack. This concept is known as “Silent Cyber,” where traditional insurance policies are silent on whether they will cover cyber-related losses.
7. Cyber insurance is designed to protect companies from these primary risks through four distinct insuring agreements: first-party coverage, third-party coverage, crime coverage, and cyber terrorism coverage.

The Cyber Insecurity Story

On May 13, 2021, Colonial Pipeline, the largest fuel pipeline system in the United States, allegedly paid an unknown amount to a ransomware group named DarkSide, despite FBI’s advice for not paying it.

For those not familiar with ransomware attack, it is an attack of criminal groups holding data hostage until the victim pays a certain amount of money as they demanded. In this case, the demanded sum was nearly $5 million, and the CEO of Colonial Pipeline said he authorized a ransom payment of $4.4 million.

The attack resulted in the company shutting down its operations of 5,500 miles of pipeline, carrying 45 percent of the East Coast’s fuel supplies for several days, which caused fuel shortages and price increases in many parts of the country, a move that has led to panic buying and massive lines at gas pumps.

As New York Times pointed out, “In recent months, officials note, the frequency and sophistication of ransomware attacks have soared, crippling victims as varied as the District of Columbia police department, hospitals treating coronavirus patients and manufacturers, which frequently try to hide the attacks out of embarrassment that their systems were pierced.”

Turns out that paying ransom in cryptocurrencies is a bad idea as it’s harder to trace perpetrators and exacerbated attacks “’hitting soft targets like hospitals and municipalities, where losing access has real-world consequences and makes victims more likely to pay,’ said Ulf Lindqvist, a director at SRI International who specializes in threats to industrial systems. ‘We are talking about the risk of injury or death, not just losing your email.’”

Cybersecurity Top Threats

A CNN Report tells us that “CISA and the FBI confirmed that DarkSide was used as a ‘ransomware-as-a-service,’ in which developers of the ransomware receive a share of the proceeds from the cybercriminal actors who deploy it, known as ‘affiliates.’” In other words, people are now calling themselves ransomware professionals offering specialized “services” for any clients with such a need.

Now is the good time to look at the top cybersecurity threats. ChatGPT lists the major types, to which I did addition search to add more details to each:

Phishing: This is a type of cyber-attack that can target both individuals and businesses. Phishing starts by an attacker sending fraudulent emails, text messages, or other electronic communications that appear to be from a legitimate source in order to trick the recipient into providing sensitive information such as login credentials, credit card numbers, or other personal data.

Phishing is also one of the most common cybersecurity threats. According to a report by Verizon, 36% of data breaches involve phishing. It is also relatively easy to execute through email, social media, SMS, or phone calls.

Ransomware (like in the Colonial Pipeline case): This is a type of malware that encrypts a victim’s files and demands a ransom payment in exchange for the decryption key.

Ransomware is a type of malware that has become increasingly common in recent years. According to a report by Cybersecurity Ventures, ransomware damages will cost the world $20 billion in 2021, up from $11.5 billion in 2019. The report also estimates that a business will fall victim to a ransomware attack every 11 seconds in 2021, up from every 14 seconds in 2019.

In addition, ransomware attacks have become more sophisticated and can now target specific organizations and industries.

It is important for individuals and organizations to take steps to protect themselves against ransomware, including regularly backing up important data, using strong passwords, and implementing security software and practices that can help prevent and detect attacks.

Malware, to which ransomware is one type, is any software that is designed to harm, disrupt, or gain unauthorized access to a computer system. It can include viruses, worms, Trojans, spyware, and adware.

Malware is a significant threat to individuals, businesses, and governments and can cause a wide range of problems, including theft of sensitive data, disruption of critical systems, financial losses, and damage to an organization’s reputation.

I should know because I have been hit by malware myself. It’s not a big deal but it switched my search engine from Google Chrome to Yahoo — without my knowledge. I finally called Microsoft supports and they had to use a tool to access my computer screens and after 2 hours they still cannot change the machine back to Chrome. In the end, I had to set up another new login account to move everything over in order to be able to use Chrome again.  

Malware can lead to legal liabilities and compliance violations, as well as loss of customer trust. According to a report by AV-TEST, there were over 700 million malware instances in 2020, a significant increase from previous years and highlights the growing threat of malware.

In addition, the report notes that the majority of malware is designed to steal data or gain unauthorized access to systems, making it a serious threat to organizations of all sizes.

Distributed Denial of Service (DDoS) attacks are designed to overwhelm a target system with traffic, making it unavailable to its intended users. An attacker floods a website, server, or network with a large amount of traffic, overwhelming its ability to respond to legitimate requests.

Imagine you are a Prime member of Amazon and one day you want to log onto your account to order something there. DDoS however could make the website appearing too busy to allow your access to the account.

A DDoS attack is typically carried out by a network of compromised devices, known as a botnet, that are controlled by the attacker. These devices can include computers, servers, routers, and even IoT devices. The attacker can use various methods to gain control of these devices, such as exploiting vulnerabilities or using social engineering tactics.

Needless to say, DDoS attacks can have serious consequences for businesses and organizations, such as loss of revenue, damage to reputation, and legal liabilities. In addition, DDoS attacks are often used as a distraction or smokescreen for other types of attacks, such as data theft or malware installation.

Zero-day exploits are a funny name because they are vulnerabilities in software or hardware that are unknown to the legitimate owners and are exploited by attackers before a patch or update is released. “Zero day” means threat discovered before the vendor or programmer is made aware of it.

In recent news, Apple released updates to its operating systems and Safari browser to fix a zero-day vulnerability in its WebKit browser engine that was actively being exploited.

Hackers like zero-day exploits as they can provide a way to gain access to sensitive data, systems, or networks without being detected. Because there is no patch or fix for the vulnerability, organizations may not be aware of the threat until it has already been exploited.

Keep in mind that it is always a game of time to see who moves faster than others.

Insider threats are threats that come from within an organization, such as employees or contractors who have access to sensitive information and use it for malicious purposes.

Social engineering is a technique used by attackers to manipulate people into revealing sensitive information or performing an action that is against their best interests. This type of attack usually involves psychological manipulation or deception rather than exploiting technical vulnerabilities.

Cloud securities are becoming more complex, such as data breaches, insecure APIs, and unauthorized access as the use of cloud service increases.

Internet of Things (IoT) securities are vulnerable to attacks due to their limited security features and the lack of standardization in IoT security protocols.

How Risk Management Helps Reduce Cyber Risk

Risk management is a process that helps entities and individuals identify, assess, and prioritize risks, and then implement strategies to mitigate those risks. Risk management is a key component of an effective cybersecurity strategy and can help reduce cyber risk in several ways:

• Identifying vulnerabilities: Through risk assessments, entities and individuals can identify potential vulnerabilities in their systems, networks, and processes that could be exploited by cyber-attackers. By knowing these vulnerabilities, they can take steps to address them, such as implementing stronger passwords, regularly updating software, and conducting employee training.
• Prioritizing risks: Not all risks are created equal, and risk management can help entities and individuals prioritize which risks addressing first. This ensures that resources are used most effectively to mitigate the most significant risks.
• Developing risk mitigation strategies: Once risks have been identified and prioritized, entities and individuals can develop strategies to mitigate those risks. This may include implementing technical controls such as firewalls and intrusion detection systems, implementing policies and procedures such as access controls and incident response plans, and regularly testing and reviewing those controls.
• Monitoring for threats: Risk management also involves ongoing monitoring for new threats and vulnerabilities. This allows entities and individuals to stay up-to-date with the latest threats and adjust their risk management strategies accordingly.
• Continual improvement: Risk management is an ongoing process, and it requires continual improvement to stay effective. Entities and individuals should regularly review and update their risk management strategies to ensure they are keeping up with evolving threats and new technologies.

Why Firms and Individuals Need Cybersecurity Insurance

Cybersecurity insurance, also known as cyber insurance or cyber liability insurance, can help entities and individuals in several ways:

• Financial protection: Cybersecurity insurance can provide financial protection in the event of a cyber-attack. It can cover the costs associated with data breaches, such as legal fees, forensic investigation expenses, and notification costs. It may also cover costs related to business interruption, lost income, and damage to computer systems.
• Risk management: Cybersecurity insurance can also help entities and individuals manage risk by providing resources and tools to prevent cyber-attacks from occurring in the first place. Many policies offer risk assessments, cybersecurity training, and access to cybersecurity experts to help organizations better understand their risks and mitigate them.
• Reputation protection: Cybersecurity insurance can help entities and individuals protect their reputation in the event of a cyber-attack. Some policies may cover the costs of public relations and crisis management, helping to minimize the damage to an organization’s reputation.
• Compliance: Many industries have regulations and compliance requirements around data protection, and cybersecurity insurance can help ensure compliance by covering the costs of regulatory fines and penalties.
• Peace of mind: Cyber-attacks can be complex and costly, and cybersecurity insurance can provide peace of mind knowing that there is a plan in place to help mitigate the damages should an attack occur. It can also help organizations and individuals feel more confident in their cybersecurity strategies and risk management plans.

What Does Cyber Insurance Cover?

Cyber insurance works similarly to other types of insurance. Entities or individuals purchase a policy from an insurance provider, pay a premium, and in the event of a covered cyber-attack, the insurance company provides financial assistance to help mitigate the damages.

The specific details of cyber insurance policies can vary depending on the insurance provider and the policy purchased, but there are a few key elements that are common to most policies:

1. Network security and privacy liability – this coverage can include both first party (i.e., yourself as the policyholder, such as costs related to data breaches, such as legal expenses, notification costs, and credit monitoring services) and third-party (i.e., someone else) who suffers losses due to damages covered by the policy.
2. Network business interruption – this coverage can protect a company from lost income due to a cyber-attack that disrupts business operations. This is first party protection for yourself.
3. Media liability – this coverage can protect a company from claims of copyright infringement, defamation, or other types of media-related liability arising from the company’s website or social media activities. Again this is first party protection.

Errors and omissions – this coverage can protect a company from claims related to errors or omissions in the services or advice provided to customers in the course of doing business.