Was the digital transformation worth it, security-wise?

Not long ago, the corporate world was enthralled with the promise of digital transformation. But in the midst of the digital revolution, people were paying less attention to security than they probably should have. The business advantages of digital transformation may be obvious. So how do we account for the associated security risks and costs? […]

The post Was the digital transformation worth it, security-wise? appeared first on Security Intelligence.

Continue reading Was the digital transformation worth it, security-wise?

US Auto Insurance Price Comparison Site RateForce Leaks Massive PII Data

By Habiba Rashid
The leaked database contained a staggering 96,175 folders that housed 255,756 records, totaling a size of 93.93 GB.
This is a post from HackRead.com Read the original post: US Auto Insurance Price Comparison Site RateForce Leaks Massiv… Continue reading US Auto Insurance Price Comparison Site RateForce Leaks Massive PII Data

How Attorneys Are Harming Cybersecurity Incident Response

New paper: “Lessons Lost: Incident Response in the Age of Cyber Insurance and Breach Attorneys“:

Abstract: Incident Response (IR) allows victim firms to detect, contain, and recover from security incidents. It should also help the wider community avoid similar attacks in the future. In pursuit of these goals, technical practitioners are increasingly influenced by stakeholders like cyber insurers and lawyers. This paper explores these impacts via a multi-stage, mixed methods research design that involved 69 expert interviews, data on commercial relationships, and an online validation workshop. The first stage of our study established 11 stylized facts that describe how cyber insurance sends work to a small numbers of IR firms, drives down the fee paid, and appoints lawyers to direct technical investigators. The second stage showed that lawyers when directing incident response often: introduce legalistic contractual and communication steps that slow-down incident response; advise IR practitioners not to write down remediation steps or to produce formal reports; and restrict access to any documents produced…

Continue reading How Attorneys Are Harming Cybersecurity Incident Response

2022 Industry Threat Recap: Finance and Insurance

The finance and insurance sector proved a top target for cybersecurity threats in 2022. The IBM Security X-Force Threat Intelligence Index 2023 found this sector ranked as the second most attacked, with 18.9% of X-Force incident response cases. If, as Shakespeare tells us, past is prologue, this sector will likely remain a target in 2023. […]

The post 2022 Industry Threat Recap: Finance and Insurance appeared first on Security Intelligence.

Continue reading 2022 Industry Threat Recap: Finance and Insurance

HardBit ransomware tells corporate victims to share their cyber insurance details

A ransomware outfit is advising its victims to secretly tell them how much insurance they have, so their extortion demands will be met.

Read more in my article on the Tripwire State of Security blog. Continue reading HardBit ransomware tells corporate victims to share their cyber insurance details

Water companies are increasingly uninsurable due to ransomware, industry execs say

The scope of what insurers are covering is also narrowing as costs go up, said an association representative.

The post Water companies are increasingly uninsurable due to ransomware, industry execs say appeared first on CyberScoop.

Continue reading Water companies are increasingly uninsurable due to ransomware, industry execs say

Merck Wins Insurance Lawsuit re NotPetya Attack

The insurance company Ace American has to pay for the losses:

On 6th December 2021, the New Jersey Superior Court granted partial summary judgment (attached) in favour of Merck and International Indemnity, declaring that the War or Hostile Acts exclusion was inapplicable to the dispute.

Merck suffered US$1.4 billion in business interruption losses from the Notpetya cyber attack of 2017 which were claimed against “all risks” property re/insurance policies providing coverage for losses resulting from destruction or corruption of computer data and software…

Continue reading Merck Wins Insurance Lawsuit re NotPetya Attack

Ransomware demands are up more than 500%, the latest concern for insurers

Ransomware attacks aren’t just becoming more frequent, they’re getting more expensive. Scammers demanded an average payment of $5.3 million from hacking victims through the first six months of 2021, though extortion victims paid a median fee in the hundreds of thousands of dollars, according to a new report from the insurer Allianz. The $5.3 million average represents a 518% increase from the 2020 figure, driven in part by demands to pay up to $50 million after a data breach. The highest demand last year was for $30 million, according to the latest report, which did not identify affected organizations by name. Victims paid an average of $570,000 during the first six months, compared to $312,000 in 2020, Palo Alto Networks said. The figures, published Thursday by Allianz, represent the latest glimpse into how ransomware attacks are becoming exponentially more expensive as victim organizations look to insurance providers to cover the […]

The post Ransomware demands are up more than 500%, the latest concern for insurers appeared first on CyberScoop.

Continue reading Ransomware demands are up more than 500%, the latest concern for insurers