Attention risk managers: The 2015 cyber security trends are in

kroll | January 07, 2016

Your peers have spoken: there are a number of cyber security trends and threats that concerned them in 2015—all of which should be on your radar, too. We’ve compiled the highlights from a survey released this year by the Hartford Steam Boiler (HSB) to give you a glimpse into what risk managers across the country are currently facing

Spotlight

The WannaCry ransomware, also known as Wanna Decryptor, WanaCrypt0r, WannaCrypt, Wana Decrypt0r and WCry, has infected more than 200,000 devices worldwide. The attacks affected banks, hospitals, ISPs, government agencies, transportation companies and manufacturing plants. While the campaign has earned the attackers more than $50,000 in just a few days, some experts are not convinced that profit-driven cybercriminals are behind the operation, and suggested that it could be the work of a nation-state actor, including one sponsored by North Korea.


Other News
DATA SECURITY

SecurityScorecard Research Reveals Cyber Vulnerabilities Pose a Threat to U.S. Maritime Security

SecurityScorecard | December 21, 2021

SecurityScorecard, the global leader in cybersecurity ratings, today released a new report on the U.S. shipping industry, "Proactive Security Measures for Global Maritime Shipping." The research found that high severity cyber vulnerabilities pose a big risk to U.S. maritime security, especially ahead of a busy holiday season. In December 2021, SecurityScorecard conducted an analysis of the cybersecurity health of 100 global shipping container companies compared to the Forbes Global 2000 companies, finding that: Overall, the cybersecurity risk posture of the shipping industry was better than the Forbes Global 2000, but the shipping industry did not perform higher in every risk group factor The largest risks to the sector include vulnerabilities in application security, irregular patching cadence, and network security Data breach percentages for shipping container companies increased from 2018 through 2021, indicating that the industry may be an increasingly attractive target for malicious cyber actors during the 2021 winter holiday season Shipping container companies initially did better than the Forbes Global 2000 until April 2020, when high-profile attacks sank the industry average. Since mid-2020, shipping container companies have continued to struggle to build resilience in their cybersecurity and have not yet returned to their pre-2020 breach scores. Global supply shortages and shipping disruptions brought on by the COVID-19 pandemic pose a threat to U.S maritime security and threaten to disrupt the holiday gift-giving season. The maritime shipping network, which is responsible for 90% of the global trade, has gone from being a fast and cost-effective system to one plagued by delays, clogged shipping lanes, and exorbitant prices. "The shipping and maritime industry is already strained and taxed by the pandemic and resulting supply chain backlog,A potential cyber incident in the shipping industry could have catastrophic effects on people and businesses all across the world. This research is a key indicator that the industry should continue to keep a focus on cyber resilience through continuous monitoring." Aleksandr Yampolskiy, CEO and co-founder of SecurityScorecard SecurityScorecard continuously monitors millions of entities world-wide, and non-intrusively assesses their security posture across ten risk categories, including DNS health, IP reputation, web application security, network security, leaked information, hacker chatter, endpoint security, and patching cadence. This instantly delivers an easy-to-understand "A" through "F" security rating. About SecurityScorecard Funded by world-class investors including Silver Lake Partners, Sequoia Capital, GV, Riverwood Capital, and others, SecurityScorecard is the global leader in cybersecurity ratings with more than 12 million companies continuously rated. Founded in 2013 by security and risk experts Dr. Aleksandr Yampolskiy and Sam Kassoumeh, SecurityScorecard's patented rating technology is used by over 25,000 organizations for enterprise risk management, third-party risk management, board reporting, due diligence, and cyber insurance underwriting. SecurityScorecard continues to make the world a safer place by transforming the way companies understand, improve and communicate cybersecurity risk to their boards, employees and vendors. Every organization has the universal right to their trusted and transparent Instant SecurityScorecard rating.

Read More

DATA SECURITY

CloudCover Continues to Move Into a New Era of CyberSafety with the Launch of CloudCover’s Cyber Liability

CloudCover | December 27, 2021

The cybersecurity insurance market is in trouble, fueled by a rapid increase in cyber attacks – up 486% from the beginning of 2018 through the end of 2021, according to Aon. As a result, insurers have little choice but to raise rates and scrutinize policy terms and conditions, as there’s no historical data to set policies and premiums like traditional insurance products. CloudCover, the company Reimagining CyberSecurity, is making strides to improve cyber safety by creating the first end-to-end cyber security technology and insurance platform. Today, the company announces the continued rollout of its suite of CloudCover insurance products with the launch of a new insurance offering: CloudCover Cyber Liability (CCCL) and Information Systems Business Interruption (ISBI) insurance. The release of the cybersecurity insurance coverage brings forward an entirely new market category: cybersecurity network and data insurance cover that utilizes the CC/B1 PlatformTM to obtain the data analytic set required to efficiently underwrite and set accurate premiums. CloudCover’s $1 Million Ransomware Warranty was launched in September 2021. Through its CCCL insurance, CloudCover will issue a $1 million cover per occurrence and a $10 million aggregate policy. This insurance option covers: First-party response costs, including any costs associated with the investigation and remediation of cybersecurity breaches, as well as payment for costs associated with notifying affected parties of the breach, Third-party liability and regulatory costs, including any costs associated with the defense of lawsuits, regulatory fines, and penalties in addition to the costs associated with any judgements rendered from those activities, and Cover for any ransom demanded by cyber criminals who have locked the insured company’s network or computer systems. Similar to the CCCL coverage, CloudCover will also issue $1 million coverage per occurrence and a $10 million aggregate policy for its ISBI coverage. The insurance policy provides payment for lost revenue in the event that a Distributed Denial of Service (DDoS) attack disrupts or compromises the insured party’s network. Both insurance covers are powered by CloudCover’s CC/B1 Platform, an advanced Intelligent Threat ManagementTM security solution. The CC/B1 relies on a patented AI/ML (automated intelligence/machine learning), X-NDR (extended network detection and response), SOAR (security, orchestration, automation and response) technology that empowers risk awareness, risk control, and risk transfer in near real time. The platform operates as a Firewall EverywhereTM, collecting data from all corners of an organization’s network, streamlining and utilizing machine learning to detect, analyze, and stop suspicious activity – all while using the collected network patterns with risk scoring and building actuarial models for incremental cybersecurity network insurance. “This marriage of cybersecurity technology and cyber insurance represents the creation of a new market,No other security vendor is able to provide cybersecurity risk scoring, risk event mitigation and mediation, accurate identification and threat stopping, and cyber risk insurance underwriting and auto-adjudication for claims in one platform. Using cybersecurity technology to learn about a company’s network and utilizing that data to create more accurate premiums and better coverage gives our industry the opportunity to better control cybersecurity insurance losses in the future, as we’ll be able to detect threats and issue micro-policies in a fraction of a second.” Stephen Cardot, founder and CEO of CloudCover In the months ahead, CloudCover plans to debut the final product in its initial CyberSafety Insurance Coverage portfolio: Cybersecurity Network Data Insurance, which will be the first insurance policy to insure data in motion with both first- and third-party liability coverage. This insurance, which will launch in February 2022, makes it possible for organizations to insure and thereby value their intangible assets, i.e., data, just as they would other company assets – something that’s been long seen as impossible in the FASB/GAAP industry. In order to purchase CloudCover’s insurance offerings, a company will need to have the CC/B1 Platform installed on its network in addition to completing CloudCover’s CyberSafety Registry. About CloudCover CloudCover is an AI-driven, virtual machine-learning cybersecurity platform. CloudCover has reimagined cybersecurity as a risk-predictive CyberSafety Platform – delivering real-time extended network detection and response through a patented, math-based security orchestration automated response risk aware/control solution. The CloudCover SOAR capability accumulates data between an organization’s diverse security technologies and environments and streamlines them into holistic actions on potential risks. The CC/B1 Platform provides an ever-evolving, protective security layer to your existing cybersecurity tech stack – meaning network threats are detected in near zero-second speed with near zero-threat accuracy. With CloudCover, the elusive “single pane of orchestration” capability of an organization’s network security isn’t a myth – it’s reality.

Read More

DATA SECURITY

HUB Security Partners with Getronics for Global IoT Cyber Security Solutions

HUB Security | December 22, 2021

HUB Security, a secure computing solutions provider, announced it has signed a strategic partnership with global integration and Smart Space IoT leader, Getronics, to offer secure compute protection to hundreds of banks and organizations in the EU, LATAM, and APAC. HUB Security will be Getronics' cyber security partner and its cyber automation platform to enhance current offerings including Secure-by-Design iOT & Smart Spaces, Ransomware & IR, and SOC. Getronics' clients in 23 countries and in its Global Workspace Alliance will use HUB's confidential computing platform and additional innovative cybersecurity services to receive unparalleled protection. "With organizations facing increasing cyber challenges, we see great value in partnering with Getronics, a leader in digital transformation and integration,With a global reach and over 3700 experts, both companies can enhance cyber security protection for their clients and partners. " Eyal Moshe, CEO and co-founder of HUB Security "The global businesses we help support require the most advanced security platforms to maintain their operations," said Harsha Gowda Siddaveere, CTO Getronics. "HUB Security's offerings will allow our partners and customers a new level of cyber readiness facing new digital challenges in 2022." "Both parties in this partnership complement and enhance each other's global offering to be cyber resilient and prepared for the future," said Joseph Souren, VP Sales EMEA, Comsec, a HUB Security Group. About HUB Security HUB Security was established in 2017 by veterans of the 8200 and 81 elite intelligence units of the Israeli Defense Forces. The company specializes in unique Cyber Security solutions protecting sensitive commercial and government information. The company debuted an advanced encrypted computing solution aimed at preventing hostile intrusions at the hardware level while introducing a novel set of data theft prevention solutions. HUB operates in over 30 countries and provides innovative cybersecurity computing appliances as well as a wide range of cybersecurity professional services worldwide. About Getronics Getronics is a global ICT integrator with an extensive history that extends over 130 years. With over 3,700 colleagues across Europe, Asia Pacific, and Latin America, Getronics' vision is to reimagine the digital future, one customer at a time. We do this by leveraging an integrated and secure-by-design portfolio around Digital Workplace, Business Applications, Smart Spaces, Multi-Cloud, Field & Onsite Support, Service Desk, Network Infrastructure, and Security & Compliance to serve our more than 1,800 customers in both public and private sector.

Read More

DATA SECURITY

HackNotice Releases First-Ever Combined Security and Threat Awareness Service for Free

HackNotice | February 07, 2022

HackNotice, the world's leading threat awareness company, announced the first-ever security and threat awareness combined service, accessible to new and existing users. The added security awareness training course enables individuals to deepen their understanding of good cyber hygiene practices. The course offers 50 training videos, a security exam, and a certification. Cybersecurity training is mostly offered to company employees, often costing hundreds of thousands of dollars for intensive, week-long seminars and lectures. However, having good security awareness is vital for any individual. The newly released self-paced course ensures that anyone online can learn good cyber practices. "What makes the combined service great is that our threat modeling and security awareness course work together. When someone faces a large amount of personal information exposure, we recommend more phishing training. When someone has several passwords stolen, we have them focus on our password training. Now, users can receive the critical training that they need instantly, tailored to their specific risks," Steve Thomas, CEO, and Co-Founder of HackNotice For customers of HackNotice Teams, HackNotice's security and threat awareness service, the new course is an excellent addition for companies looking to strengthen their enterprises' security programs. Quick, in-the-moment, lessons are a perfect way to engage employees and business departments within the organization. Clients can also access dynamic reports to see user and departmental progress, and areas of improvement. About HackNotice Hacknotice is the only company-wide threat awareness platform, making employees more cautious online. Users monitor, review, and take swift actions against their real cyber-threats. The platform focuses on bridging the gap between security teams and other employees through real-time alerts, around-the-clock monitoring, recovery recommendations, and additional education. HackNotice's mission is to make all employees threat aware, creating a resilient culture of security.

Read More

Spotlight

The WannaCry ransomware, also known as Wanna Decryptor, WanaCrypt0r, WannaCrypt, Wana Decrypt0r and WCry, has infected more than 200,000 devices worldwide. The attacks affected banks, hospitals, ISPs, government agencies, transportation companies and manufacturing plants. While the campaign has earned the attackers more than $50,000 in just a few days, some experts are not convinced that profit-driven cybercriminals are behind the operation, and suggested that it could be the work of a nation-state actor, including one sponsored by North Korea.

Resources