Key Security Trends in the Verizon Data Breach Investigations Report

A Q&A with David Hylender

2017 marked the tenth year for the Verizon Data Breach Investigation Report, an invaluable resource for understanding the current landscape in cyber security. This year 65 organizations from around the world reported 1,935 confirmed breaches and 42,068 data loss incidents. I asked David Hylender, senior risk analyst at Verizon Business, about the findings and key takeaways from this most recent edition.

Continue Reading

Claims Valuation in Cyber Business Interruption

A Q&A with Simon Oddy of RGL Forensics

Business interruption (BI) can be a costly side effect of a cyber-attack, and insurance companies are responding in kind with BI policies. I spoke with Simon Oddy, partner of RGL Forensics, about how insurers assess BI and what organizations can do to avoid it.

Continue Reading

BAD IDEA ALERT: Crisis Communications? Nah, we’ll just figure it out on the fly

Q&A with Zach Olsen of Infinite Global

Let’s face it: PR, and it’s fancier sibling, crisis communications, is the red-headed stepchild of the data breach family. Everyone accepts that you need a seasoned breach coach to help navigate the maze of state-specific disclosure laws and avoid third-party litigation, and we can all agree that a sophisticated forensics shop is key to stopping the bleeding and assessing the damage. But then what? It seems like more often than not, a breach victim’s response to an attack is limited to a very delayed and often-canned press release that leaves customers and employees with more questions than answers. I talked to Zach Olsen, President of Infinite Global and head of the firm’s Crisis Response & Reputation Management Group about where he sees an opportunity for reducing the costs and reputational harm of a breach.

Continue Reading

Hybrid Active Directories: Another Frontier for Data Breaches

A Q&A with Quest

More organizations are adopting Microsoft’s cloud-based Azure Active Directory (AD) but maintaining on premises AD deployments to support legacy systems or applications without internet access. We call this a hybrid Active Directory deployment.  Hybrid ADs may pose a security risk if not managed properly. Unexpected changes to the AD environment, such as changes in user privilege, multiple logins in rapid succession, and logins from unusual locations often provide the first indication of an external or internally initiated breach. We spoke to Keri Farrell, Brad Kirby and Matthew Vinton from Quest about this particular concern for organizations and how they can shore up security measures to avoid data loss.

Continue Reading

Popcorn Time: A New Scheme in Ransomware

A Q&A with Asaf Cidon of Barracuda

The recent reports about Popcorn Time—a ransomware attack that involves a Ponzi scheme encouraging targets to in turn spread the malware to contacts—show that criminals are becoming ever more creative in their approaches to cybersecurity exploits. I spoke with Asaf Cidon, VP of Content Security at Barracuda about Popcorn Time and what companies need to know about the current threats from hackers.

Continue Reading

Ransomware: What Can Go Wrong, Might

Q&A with Chris Novak of Verizon

Even as public awareness around ransomware grows, many companies find they are still unprepared for this malicious exploit when it hits. Often, organizations find that despite their best intentions to cooperate with the perpetrators, they still may not get their data back. I talked to Chris Novak, global director of the RISK Team at Verizon Enterprise Solutions, about some of the pitfalls associated with this increasingly common crime.

Continue Reading

WannaCry and Why the Surprise Ransomware Attack Shouldn’t Have Surprised Anyone

A Q&A with Matt Ahrens, The Crypsis Group

Last week, the devastating WannaCry attack— considered unprecedented in its scale and speed—hit more than 230,000 computers in 150 countries, including the National Health Service, FedEx, Deutsche Ban and LATAM Airlines, among others. I asked Matt Ahrens of The Crypsis Group about the attack, what made it so dangerous and what it means for organizations trying to improve their cyber security posture.

Continue Reading

eRiskHub® Security Advisory – May 14th, 2017: WannaCry/WannaCrypt Exploit Protection Tips

NetDiligence® Security Advisory – May 14th, 2017
WannaCry/WannaCrypt Exploit Protection Tips

This NetDiligence Security Advisory is published for the benefit of our cyber insurance carrier/broker clients and their insureds. We urge clients to take special note of the details included in this Advisory and take preventative/remedial action on a timely basis. Clients are welcomed to distribute this Advisory to their colleagues and others as they see fit, provided it is distributed without modification of its contents.

Continue Reading

No more posts.