You are here

Home » Cybersecurity

Cybersecurity

Cyber Resilience – Insureds, Know Thy Exclusions

The cyber insurance industry has definitely matured in recent years, but it’s far from being all grown-up (aren’t we all). However, a recent observation by critical infrastructure security industry veteran and evangelist Dale Peterson points out some attempted adjustments by insurers in response to increased claims, including raising rates (varying between 11% and 40%) and building in more exclusions. Two notable exclusions that would result in a claims denial noted by Dale, the presence or vulnerability of: (vulnerable versions of) SolarWinds Orion and Microsoft Exchange.

Ransomware Want Ads

Cybersecurity firm KELA posted a report based on recent observations of ransomware discussions in dark web forums on what ransomware groups/actors are looking for in the ideal target. According to the report, approximately 40% of listings were created by players in the Ransomware-as-a-Service (RaaS) space. Here’s the quick list of desirables that some ransomware operators are willing to pay on average up to $100,000 for valuable initial access services:

CISA Insights on Risk Considerations for Managed Service Provider Customers

The Cybersecurity and Infrastructure Security Agency (CISA) released a new Insights, Risk Considerations for Managed Service Provider Customers (MSPs), which provides a framework that government and private sector organizations (to include small and medium-sized businesses) outsourcing some level of IT support to MSPs can use to better mitigate against third-party risk. As CISA notes, IT managed services can provide cost benefits and operational efficiencies to many organizations. However, managing these services can be complex, costly, and time-consuming.

Security Awareness – Cybercrime Recruiting for BEC Accomplices

Although ransomware incidents persistently make international headlines, Business Email Compromise (BEC) is still a global menace and may become more difficult to detect. In 2020, BEC cost U.S. businesses $1.8 billion and represented 43 percent of all cybercrime losses for the year. Researchers at the cybersecurity firm Intel 471 recently observed actors on multiple cybercrime forums seeking partnerships with other criminals to engage in BEC attacks.

Vulnerability Management – Exchange Servers are Finicky to Patch, but Shouldn’t be Overlooked

No one plans on compounding deferred patches, but when error messages are confounding, we often move on to seemingly more immediate (and less frustrating) fires. This initial patch deferment often lasts months, or even years until the device is either compromised or replaced (often due to end-of-life). For instance, several events this year have highlighted the significant vulnerabilities affecting unpatched Microsoft Exchange Servers and the subsequent risk that presents to the system or an entire network.

It’s Difficult to Paint the OT/ICS Threat Landscape Picture when Incidents aren’t Reported

While there seems to be interest in the OT/ICS cyber threat landscape, it’s truly a challenge to paint an accurate picture when organizations don’t report incidents – it’s like trying to paint a beautiful sunset with only black and white. Nonetheless, some organizations develop surveys with questions believed to capture the perceived issues and challenges in order to at least cover the broad strokes. The latest such survey report comes from the SANS Institute, for which 480 of your OT/ICS peers have spoken – A SANS 2021 Survey: OT/ICS Cybersecurity.

Pages

Subscribe to Cybersecurity