Cybersecurity

DarkReading has written an article discussing the consequences for companies and cyber insurers in the wake of Lloyd’s of London’s decision to require member insurers to exclude state-backed cyberattacks from customers’ cyber insurance policies. The experts consulted unanimously agreed that this action damages trust in cyber insurance, increasing the uncertainty around whether an organization will be reimbursed after an attack. The main criticism is that the term “state-backed cyberattack” is extremely broad and can be abused by the insurance industry to limit payouts.

CSO Online has posted an article detailing how business email compromise (BEC) attacks continue to have a larger impact on the economy compared to ransomware attacks, despite the more significant amount of media attention devoted to the latter. Based off of data from the FBI, in 2021 BEC attacks were responsible for the loss of $2.4 billion, in comparison to a loss of $49.2 million to ransomware attacks. The article offers a few explanations for this mismatch between reality and expectation.

Despite the ability to significantly reduce the risk from account takeovers, MFA is not without its challenges. While MFA is a simple control to use, configuring it isn’t necessarily so seamless – yet it’s a control that can’t be dismissed. From MFA push notification fatigue to exploiting weaknesses in self-enrollment configurations, multiple threat actor types seem to be increasingly bypassing this important cyber defense technique.

A new report from Microsoft analyzes the evolving nature of the ransomware business into a ransomware as a service (RaaS) model and offers important lessons and recommendations for network defenders. The most notable finding, among others, is that over 80 percent of ransomware attacks can be traced to common configuration errors in software and devices. The RaaS model lowers the barrier to entry and obfuscates the identity of the attackers behind the ransomware.