An experienced cyber insurance broker’s reply to my blog

This reply to my blog, Should I buy cyber insurance? is written by David McNeil, principal, of EPIC Insurance Brokers & Agents. He brings 20+ years of professional industry experience to the topic on cyber insurance. Some of Alvaka Networks' clients have been utilizing Dave's services for many years.

---------------------------------------------------------------------------------------------

Hi Oli,

Always enjoy your insights and thoughts on Tech-related subjects.   Lately, the plethora of headlines regarding cyber-related issues has meant the interest in cyber-insurance has reached a new level. This is a huge topic and this comment can only scratch the surface.

That said, a bit of an insider-view may be helpful…

Currently, cyber-insurance coverage forms are NOT standard (ISO) forms.  As a result, insurance carriers forms differ greatly.  Many parts, definitions, limits and coverage triggers are negotiable.

Definition negotiations are critical.  It is important to know what to look for and how to modify a particular carriers form to best suit the needs of a specific client/insured.

EXAMPLE:  Trigger for Notification of a Breach - (A hypothetical…. Sort of)....

An experienced cyber insurance broker’s reply to my blog2018-08-09T11:15:46-07:00

Ransomware and Phishing Awareness Training for your end-users

If you don’t treat network security as important, don’t expect your users to treat security as important. Irvine, CA - Ransomware and phishing threats are the most prevalent cyber-risk problem facing your organization today. Securing your system is a layered [...]

Ransomware and Phishing Awareness Training for your end-users2019-09-08T21:59:01-07:00

CryptXXX is ransomware that also steals your passwords and your Bitcoins

Most of my recent blogs are about ransomware. That is because ransomware is the most prevalent cyber threat today facing individuals, small and large businesses, governments and not-for-profits. No one is safe from this scourge.

Today I must tell you about a new one. Like Jigsaw, this new one called CryptXXX, is a game changer. Jigsaw was different from prior strains in that it immediately starts to delete your files just to show you that it means business. CryptXXX is different in that it introduces two new problems other than encrypting all your files and then demanding payment. Up until now ransomware has not actually breached your system and exfiltrated data. Sure you had a security incident, but it was not identified as a breach in the classic sense. Now with CryptXXX not only is your data held hostage, but now the culprits steal two new things from you. CryptXXX steals login names and passwords which puts all your systems, local and in the cloud, and any websites you frequent at risk. CryptXXX also steals your Bitcoins if you have any. The stealing of the Bitcoins is a particular insult because....

CryptXXX is ransomware that also steals your passwords and your Bitcoins2024-04-21T19:40:11-07:00

What is Phishing, aka Social Engineering, and How Do I Avoid It?

I recently warned of a very large recent upsurge in ransomware.  Now I must warn you to beware of new successful social engineering exploits.  What is social engineering?

Wikipedia has a good definition:

Social engineering, in the context of information security, refers to psychological manipulation of people into performing actions or divulging confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional "con" in that it is often one of many steps in a more complex fraud scheme.

In other words, phishing, the internet term for social engineering scams is simply a way to trick you into doing something so that you reveal vital information like bank account info, tax return info or send money unwittingly to a devious person.

Let me tell you about social engineering exploits in three recent real world examples.  In the first case, City of Hope in Duarte, CA (City of Hope employees fall victim to phishing attack) had three employees targeted by a phishing scam. They unwittingly revealed protected health information (PHI) which by law must be kept confidential. In the other two cases, the loss of data was much more vast. Both Seagate Technologies (Seagate Phish Exposes All Employee W-2’s) and Snapchat (Snapchat falls hook, line & sinker in phishing attack: Employee data leaked after CEO email scam) had an employee get tricked into providing W2 information on all past and current...

What is Phishing, aka Social Engineering, and How Do I Avoid It?2017-09-18T00:27:31-07:00

Be Ransomware Aware

Educate your users - Don’t let them be tricked into downloading malware

 Everyone should follow this advice:

  1. Be very cautious when opening an attachment or clicking a link in an email, instant message, or post on social networks (like Facebook)—even if you know the sender. If you are suspicious, call to ask the sender if they sent it.  If not, delete it.
  2. The attack can look like it is from an official sources like banks, UPS, FedEx, USPS, eFax, etc. This has been the most common attack method to date.
  3. If an e-mail gets blocked and quarantined by your spam filter...
Be Ransomware Aware2016-02-29T22:28:51-08:00

I Am a Non-Technical Executive: What Seven Things Should I Be Asking My IT Guys About IT Security?

Irvine, CA - Overseeing IT and security is a daunting task, even if you are an IT professional. If you are an executive to whom IT reports, then the task becomes near impossible. The list of following questions is designed to empower you to have a meaningful discussion with your IT team so you can be an informed and responsible manager pursuing your due diligence role in protecting the assets of your firm. If you are an IT professional, these are questions you should be prepared to answer.

1.       Q. When did we last do a risk assessment? Please share that document with me. I would particularly like to see the Risk Assessment Table.

A.      Make sure your IT team is periodically assessing the risks to your IT systems.  They should be recommending upgrades and new solutions for you from time-to-time, and you should be listening.  They need to be able to express the threat in operational and economic terms in order to justify the expenditure.  If your team can’t give you a clear and coherent answer on when and how they last did this, send them off with a task and a deadline.

2.       Q. When did we last do a Vulnerability Scan? What were the results of that scan? I would like to see the report.  Who did the remediation? When is our next scan planned?...

I Am a Non-Technical Executive: What Seven Things Should I Be Asking My IT Guys About IT Security?2021-01-28T18:23:01-08:00

New Virulent, Wide-Spread and Expensive Ransomware Outbreak Coming to You Soon

Orange County, CA - We have seen a surge in ransomware attacks in the past week.  While only two Alvaka clients have gotten hit, they are a tale of different system administration acumen. 

1.  A multi-state firm got hit with the latest breed of ransomware on Friday.  Where an otherwise non-event for the most part went wrong was that a key user insisted on having elevated administrative rights for their IT infrastructure.  Instead of using a regular user account, with very limited user rights for day-to-day activities, this more powerful account, when struck by the ransomware, infected all the important file shares of the firm, including the branch location file stores.  Fortunately they had good backups, but because of poor folder naming conventions and structures it took the guys in our Alvaka Networks’ Network Operations Center about 28 hours straight to get all the user permissions back in order for client to get back to work.  The lack of least-permissions as used by this client goes in direct opposition to what we recommend at Alvaka.  Least-permissions is the practice of using accounts that grant the user to only the locations on the network for which they have a business need to access.

2.  In another example, that struck today, a $200m manufacturer/distributor got hit by the same ransomware.  This time it was a Jr executive.  He saw some problems with his system, but did not report the problem not knowing what it was and went home.  The problem was detected after he left, but the outcome was very different than the prior scenario.  Why?  Because this user only...

New Virulent, Wide-Spread and Expensive Ransomware Outbreak Coming to You Soon2024-03-14T00:20:41-07:00

Could Your Computer Breach Have Lasted Three Years?

Irvine, CA - Juniper had a flaw in their networking equipment that may have allowed breaches in government networks for as long as three years.  I would presume the same risk applies to Juniper users in private enterprises as well.The [...]

Could Your Computer Breach Have Lasted Three Years?2015-12-19T03:24:37-08:00

Beware of CryptoLocker v4.0

It appears this new ransomware, rather than exploiting through e-mail attachments, is exploiting users by redirecting them to infected websites.It then delivers its payload through an installer.  This makes the case we are always trumpeting at Alvaka, your users should [...]

Beware of CryptoLocker v4.02015-12-03T21:15:17-08:00