Popcorn Time: A New Scheme in Ransomware

A Q&A with Asaf Cidon of Barracuda

The recent reports about Popcorn Time—a ransomware attack that involves a Ponzi scheme encouraging targets to in turn spread the malware to contacts—show that criminals are becoming ever more creative in their approaches to cybersecurity exploits. I spoke with Asaf Cidon, VP of Content Security at Barracuda about Popcorn Time and what companies need to know about the current threats from hackers.

Continue Reading

Ransomware: What Can Go Wrong, Might

Q&A with Chris Novak of Verizon

Even as public awareness around ransomware grows, many companies find they are still unprepared for this malicious exploit when it hits. Often, organizations find that despite their best intentions to cooperate with the perpetrators, they still may not get their data back. I talked to Chris Novak, global director of the RISK Team at Verizon Enterprise Solutions, about some of the pitfalls associated with this increasingly common crime.

Continue Reading

WannaCry and Why the Surprise Ransomware Attack Shouldn’t Have Surprised Anyone

A Q&A with Matt Ahrens, The Crypsis Group

Last week, the devastating WannaCry attack— considered unprecedented in its scale and speed—hit more than 230,000 computers in 150 countries, including the National Health Service, FedEx, Deutsche Ban and LATAM Airlines, among others. I asked Matt Ahrens of The Crypsis Group about the attack, what made it so dangerous and what it means for organizations trying to improve their cyber security posture.

Continue Reading

eRiskHub® Security Advisory – May 14th, 2017: WannaCry/WannaCrypt Exploit Protection Tips

NetDiligence® Security Advisory – May 14th, 2017
WannaCry/WannaCrypt Exploit Protection Tips

This NetDiligence Security Advisory is published for the benefit of our cyber insurance carrier/broker clients and their insureds. We urge clients to take special note of the details included in this Advisory and take preventative/remedial action on a timely basis. Clients are welcomed to distribute this Advisory to their colleagues and others as they see fit, provided it is distributed without modification of its contents.

Continue Reading

Forensics: Plan for Success

A Q&A with:

  • Navid Jam, director of security consulting services at Mandiant.
  • Daimon Geopfert, national leader of security and privacy consulting at RSM.
  • Darin Bielby, managing director of disputes and investigations at Navigant
  • Bill Hardin, vice president of forensics services at Charles River Associates
  • Jason Smolanoff, managing director, global practice leader of cyber security and investigations at Kroll
  • Austin Murphy, director of incident response for Crowdstrike

Forensics firms play a vital role in any data loss incident, helping the breached organization determine exactly what went wrong, assess the scope of the damage, and, in conjunction with a Breach Coach®’s efforts, take steps to remediate the problem. We spoke with leading forensics experts about dos and don’ts for an optimal forensics process.

Continue Reading

Business Interruption, Financial Risk and the Internet of Things

A Q&A with Ashwin Kashyap of Symantec

On the long—and growing—list of cyber security concerns that keep risk managers up at night are business interruption due to denial of service attacks and the profound vulnerabilities in the Internet of Things. I asked Ashwin Kashyap, director of product management for Symantec, about these risks, the company’s latest research and what can be done to adequately prepare for potentially costly security breaches and business interruption.

Continue Reading

Phishing Schemes: More Sophisticated and Dangerous Than Ever

A Q&A with Ondrej Krehel of LIFARS

Even as users become more educated about phishing attacks, attackers continue to up the ante, producing new and more credible-looking ways of tricking people into sharing personal information. I spoke with Ondrej Krehel, eRiskHub® security coach and CEO and founder at LIFARS about the latest round of phishing to hit Gmail users.

Continue Reading

Corporate Brand Risk and Security with Internet Ads

 Guest Author: Dane Greisiger

dane

A Q&A with Summer Han and Martin Zhang of Adbug

Most of the cyber risk companies deal with internet facing data is quantifiable. But digital advertising poses another significant problem for global organizations that have not done due diligence. To understand more about this specific kind of threat, I spoke with Summer Han, Vice President, and Martin Zhang, CEO of Adbug, a China-based search engine for digital advertising and ad verification service provider.

Continue Reading

Jetro v. MasterCard: New Concerns for Merchants and Insurers

A Q&A with Doug Meal
The brave new world of cyber liability got a lot more complicated last May. That’s when the Jetro Holdings LLC v MasterCard Inc. case held that if a card brand withholds merchant funds to satisfy the brand’s PCI fines and assessments following a data breach, the merchant has no legal recourse against the brand—even if the brand acted unlawfully in imposing the fines and assessments in the first place. I talked to attorney Doug Meal of Ropes & Gray, LLP, to explore this case and its implications for retailers and their insurers.

Continue Reading

No more posts.