Threat Intelligence Blog

Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.

Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 22 March 2024

Black Arrow Cyber Threat Intelligence Briefing 22 March 2024:

-UK’s Cyber Resilience Stagnates as More Fall Victim to Attacks, 75% of UK Businesses & 79% of UK Charities Experienced a Cyber Incident in 2023

-1% of Users are Responsible for 88% of Data Loss Events

-Microsoft Report Says 87% of UK organisations are vulnerable to cyber attacks in the age of AI

-Cyber Naivety Leaves 4 out of 5 Businesses Wide Open and Only 1 in 5 Has a Plan

-Risk and Regulation: Preparing for the Era of Cyber Security Compliance

-Ransomware Attacks Jump 73% Within a Year

-The New CISO - Rethinking the Role

-90% of Attacks Involve Data or Credential Theft, SMBs Primary Target

-Chief Risk Officers Say Cyber Security is Most Pressing Risk

-Humans Still Cyber Security’s Weakest Link, Cyber Security Training Equips Your Workforce to Spot Threats

-Most IT Pros Think Cyber Attacks are Getting Worse, and Many Firms Don’t Know How to Deal with Them

-Supply Chain Cyber Attacks Create Weak Spots, You Need to Prepare

-Ransomware Attack on Change Healthcare Pegged as “Most Significant” in Sector History

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

UK’s Cyber Resilience Stagnates as More Fall Victim to Attacks, 75% of UK Businesses & 79% of UK Charities Experienced a Cyber Incident in 2023

The UK Government’s Joint Committee on the National Security Strategy (JCNSS) has published its response to a ransomware enquiry with stark conclusions, stating that there is a lot to be done to truly tackle the threat posed by ransomware. The chair of the JCNSS said that the UK is and will remain exposed and unprepared if it continues to take a “head in the sand” attitude to ransomware. The minister for artificial intelligence (AI) called upon organisations to “step up their cyber security plans to guard against threats, protect their customers and workforce, and our wider economy.” This comes as the Government’s Cyber Security Longitudinal Survey (CSLS) found that three-quarters of UK businesses and 79% of UK charities experienced a cyber security incident in the last 12 months.

Despite progress, there's a pressing need for organisations to shift from viewing cyber security as solely an IT concern to recognising its integral role across all business functions, particularly in the face of escalating cyber threats. With only half of UK board members having had security training, only a quarter of businesses assessing suppliers for possible security risks, and a fifth of UK boards failing to discuss cyber security even once, the time to improve UK businesses is now.

Sources: [Emerging Risks Media Ltd] [CITY A.M.] [Verdict] [Computer Weekly]

1% of Users are Responsible for 88% of Data Loss Events

New research has shown that that 85% of organisations experienced a data loss in the past year, with 9 out of 10 of those facing a negative outcome such as business disruption, revenue loss and reputational damage. The research found that 1% of users were responsible for 88% of events. It is important to understand this is not always intentionally malicious; it can be accidental or negligent. The research found for example, that 87% of anomalous file exfiltration among cloud tenants over a nine-month period was caused by departing employees, underscoring the need for preventative strategies such as implementing a security review process for this user category.

With as little as 1% of users causing most alerts, organisations need to monitor their most sensitive data and who can access it. This should also include data loss prevention features, to further reduce the risk.

Source: [Help Net Security]

Microsoft Report Says 87% of UK Organisations are Vulnerable to Cyber Attacks in the Age of AI

New research conducted by Microsoft has found that 87% of UK Businesses are unprepared for the age of AI due to their vulnerability to cyber attacks, leaving a mere 13% considered resilient. Further, Microsoft stated that 39% of organisations were at high risk. For organisations, AI can be a tough obstacle to overcome in their journey to cyber resiliency, and it’s important to seek guidance if the available skills are not in-house.

Sources: [Microsoft] [TechRadar ] [The Times] [Infosecurity Magazine]

Cyber Naivety Leaves 4 out of 5 Businesses Wide Open, Only 1 in 5 Has a Plan

Research conducted by Cowbell Insurance has found that the UK is exhibiting a rather cavalier approach to security with 77% of UK SMEs not having any in-house security, 32% of CEOs being confident a cyber attack would not impact their ability to do business and 87% not considering reputational damage as a significant risk. This contrasts with the UK Government’s latest cyber security breaches survey, which found 59% of medium businesses experienced breaches or attacks in the last 12 months. Cowbell have stated that that UK SMEs are leaving themselves wide open to the threats and only 1 in 5 organisations had a dedicated plan to deal with a cyber attack.

A cyber security incident response plan (IRP) allows an organisation to have a documented and formalised process for dealing with a cyber incident. The IRP should be exercised annually, and cover roles and responsibilities, communications and escalations to detect, analyse, contain, eradicate and recover from an incident.

Sources: [Business Mondays] [Insurance Times] [Reinsurance News] [Gloucestershire Live]

Risk and Regulation: Preparing for the Era of Cyber Security Compliance

The next twelve months will see new regulations in many countries, and that means more things to comply with. The EU has two new regulations relating to cyber security: the NIS2 directive and the Digital Operational Resilience Act (DORA). However, despite their EU origin, the inclusion of supply chain companies within the regulations means their impact and reach will extend outside of the European Union itself. Both regulations are risk-management based in their approach.

In order to prepare, decision makers need to first understand what they are complying with and in some cases, this may require sourcing external help to fully ensure the organisation is compliant. Once this is understood, they can start implementing their compliance strategy. Research has shown that some 43% of enterprises surveyed had failed a compliance audit, making them ten times more likely to suffer a data breach.

Sources: [Security Week] [Verdict]

Ransomware Attacks Jump 73% Within a Year

A recent report has shown that ransomware surged by 46% in February 2024, compared to January of the same year and 73% higher than February of the previous year. The LockBit ransomware group claimed responsibility for 110 attacks in February alone. The results show that ransomware is not only still an issue, but one that is consistently rising and if your organisation isn’t already implementing procedures to their risk, it is imperative to start now. Lockbit was taken down in a coordinated law enforcement operation earlier this year; only time will tell how effective that operation was or whether, as with the Hydra from Greek mythology, cutting off one head just causes more to grow in its place.

Source: [TechTarget]

The New CISO - Rethinking the Role

The role of Chief Information Security Officers (CISOs) faces a pivotal transformation. Traditionally tasked with safeguarding company assets against cyber threats, CISOs now find themselves straddling the realms of security and business operations. This shift reflects a growing expectation for CISOs to align security measures with broader business objectives while navigating an increasingly complex risk landscape. With the average cost of a data breach soaring, reaching $4.45 million in 2023 according to IBM, the stakes are higher than ever. As businesses grapple with the integration of cyber security into operational strategies, CISOs are compelled to cultivate new skills, communicate effectively with boards, embrace risk-based approaches, fortify technical fundamentals, leverage automation, and meticulously document incident response plans. The evolving threat landscape demands a new breed of CISO, one who is adept at balancing resilience with operational imperatives, collaborating closely with leadership, and steering organisations through turbulent cyber waters.

Source: [Dark Reading]

90% of Attacks Involve Data or Credential Theft, SMBs Primary Target

The 2024 Sophos Threat Report sheds light on the changing tactics of ransomware operators, particularly in their targeting of small and medium-sized businesses (SMBs). Notably, the report reveals a significant surge in ransomware attacks employing remote encryption, rising by 62% between 2022 and 2023. Sophos' Managed Detection and Response (MDR) team encountered multiple cyber attacks leveraging exploits in remote monitoring and management (RMM) software, a vital component used by many MSPs and external IT providers, and thus affecting many businesses. With almost half of malware detections for SMBs attributed to data-stealing malware, the report underscores the growing value of stolen data as currency in cyber criminal circles, with initial access brokers (IABs) facilitating network breaches. Data protection emerges as a critical challenge, with over 90% of attacks involving credential theft, and business email compromise (BEC) attacks becoming increasingly sophisticated. While ransomware remains a persistent threat, the report also highlights the proliferation of malware-as-a-service (MaaS) activities, emphasising the importance for SMBs to bolster their cyber security defences against these evolving threats.

Source: [MSSP Alert]

Chief Risk Officers Say Cyber Security is Most Pressing Risk

In an inaugural global insurance risk management survey conducted by EY/Institute of International Finance (IIF), cyber security was ranked as the highest immediate concern for chief risk officers. It placed above insurance, business model change and credit risk. When it came to emerging risks over the next three years, it remained at the top spot, followed by geopolitical risk, environmental risk and machine learning and artificial intelligence.

Source: [Insurance Journal]

Humans Still Cyber Security’s Weakest Link, Cyber Security Training Equips Your Workforce to Spot Threats

The latest findings from Mimecast's annual report emphasise that human error continues to be the leading cause of cyber breaches, responsible for 74% of incidents. As emerging threats like AI and deepfake technology pose increasingly sophisticated challenges, it's crucial for businesses to prioritise employee training and bolster their defence strategies.

Providing cyber security training is essential to creating a security conscious culture that educates on risk and in turn increases a company’s cyber culture. Committing to cyber security training needs to be beyond ticking a checkbox, as it allows the workforce the ability to understand, scrutinise and know how to report threats in the corporate environment. Training allows workers to be able to understand the types of threats they may face, along with red flags to look out for. Knowing how the employee should report a threat can determine whether your organisation can deal with a ransomware attack. While generic or off the shelf computer based training can be seen as an easy fix, training needs to be tailored to the organisation, its operating environment and the organisation’s culture and ways of doing business.

To mitigate this risk, organisations should consider implementing tailored cyber security education, tabletop exercises, phishing simulations, and one-on-one consulting for board members. As the responsibility of board members for cyber security strategy increases, it’s crucial to ensure their own security against evolving threats.

Sources: [Emerging Risks] [The HR Director] [WSJ] [The HR Director]

Most IT Pros Think Cyber Attacks are Getting Worse, and Many Firms Don’t Know How to Deal with Them

A recent report from Thales reveals a stark reality, with 93% of IT and security professionals noting a worsening trend in cyber attacks. Ransomware incidents have surged by over a quarter year-on-year, yet less than half of companies have adequate plans to address such threats, leading to 8% resorting to paying attackers' demands. Compliance failures are also on the rise, with 43% of enterprises falling short in audits, correlating with a higher incidence of cyber attacks among non-compliant organisations.

A separate report shows that despite record spending on cyber security, reaching $188 billion globally in 2023, reported data breaches in the US surged to an all-time high of 3,205, up 78% from the previous year. This paradox underscores the evolving tactics of cyber criminals. Ransomware attacks have transitioned from merely locking data to stealing and threatening to disclose it, termed Ransomware 2.0. Cloud misconfigurations, involving 82% of breaches, and exploitation of vendor systems further exacerbate the issue. Heightened awareness and improved practices are imperative to counteract the escalating threat landscape.

Source: [TechRadar] [WSJ]

Supply Chain Cyber Attacks Create Weak Spots: You Need to Prepare

A recent poll by Deloitte found that nearly half of senior executives anticipate a rise in supply chain attacks in the coming year, with 33% already experiencing at least one supply-chain cyber incident within the past year. This especially rings true for healthcare, with the sector accounting for 33% of third-party data breaches in 2023. Many organisations are unsure where to even begin.

Organisations need to manage their third party risks through risk assessments, to understand the third parties that they currently or plan to use, and the data that the third party would hold or access. This enables the third parties to be prioritised with clear communications to notify the organisation in the event of a data breach.

Sources: [Security Brief ] [Beta News]

Ransomware Attack on Change Healthcare Pegged as “Most Significant” in Sector History

In a landmark incident, the American Hospital Association has dubbed the recent ransomware attack on Change Healthcare, a division of UnitedHealth Group’s Optum, as the most significant cyber threat ever faced by the US healthcare system. The attack, which occurred on February 21st, has severely impacted operations, affecting various healthcare entities reliant on Change Healthcare's services. UnitedHealth Group, in response, has been working to restore critical systems, aiming to reinstate electronic payment and medical claims services later this month. However, challenges persist, with cyber security experts warning that recovery efforts could extend for at least 30 days. The attack's aftermath sheds light on the healthcare sector's susceptibility to cyber threats and underscores the need for robust security measures and swift governmental responses. Reports reveal that the ransomware group responsible has received a substantial payout, raising concerns about the broader implications for healthcare providers. Cyber insurance policies are expected to help mitigate financial losses, especially for smaller entities facing cash flow disruptions.

Source: [Reinsurance News]

Governance, Risk and Compliance

Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Phishing & Email Based Attacks

Other Social Engineering

Artificial Intelligence

Malware

Mobile

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Insurance

Supply Chain and Third Parties

Cloud/SaaS

Identity and Access Management

Encryption

Linux and Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Training, Education and Awareness

Regulations, Fines and Legislation

Models, Frameworks and Standards

Data Protection

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Misinformation, Disinformation and Propaganda

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Nation State Actors

China

Russia

Iran

North Korea

Vulnerability Management

Vulnerabilities

Other News

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 14 April 2023

Black Arrow Cyber Threat Briefing 14 April 2023:

-Almost Half of Former Employees Say Their Passwords Still Work

-Efficient Risk Based Patch Management Means Eliminating Just 2% of Exposures Could Protect 90% of Critical Assets

-Printers Pose Persistent Yet Overlooked Threat

-Employees Are as Likely as Cyber Criminals to Cause Cyber Incidents

-Over 90% of Organisations Find Threat Hunting a Challenge

-75% of Organisations Have Suffered a Cyber Security Breach

-Leak Shows Evolving Russian Cyber War Capabilities

-Outsourced Payroll and HR Services Firm Forced to Shut Down After Cyber Attack

-When a Cyber Criminal Steals Personal Data from Your Organisation What Do You Do and Who Do You Need to Inform?

-Insider Threat and Ransomware: A Growing Issue

-How LockBit Changed Cyber Security Forever

-Hybrid Work Environments Are Stressing CISOs

-Protect Your Data with a USB Condom

-Strategising Cyber Security: Why a Risk-based Approach is Key

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

  • Almost Half of Former Employees Say Their Passwords Still Work

An alarming number of organisations are not properly offboarding employees when they leave, especially in regard to passwords. In a new survey of 1,000 workers who had access to company passwords at their previous jobs, 47% admitted to using them after leaving the company.

According to the survey one in three respondents said they had been using the passwords for upwards of two years, which is a distressingly long time for organisations not to be aware of who is accessing those accounts and services.

When asked what they use the passwords for, 64% said to access their former email accounts and 44% to access company data. A concerning 10% of respondents said they were trying to disrupt company activities.

https://www.darkreading.com/edge-threat-monitor/almost-half-of-former-employees-say-their-passwords-still-work

  • Efficient Risk Based Patch Management Means Eliminating Just 2% of Exposures Could Protect 90% of Critical Assets

A recent cyber security report analysed over 60 million security exposures, or weaknesses that could give an attacker access to systems. The report found that only 2% enabled attackers access to critical assets, while 75% of exposures along attack paths lead to “dead ends”. Further, the report shows that average organisations have 11,000 exploitable security exposures monthly, with techniques targeting credentials and permissions affecting 82% of organisations and exploits accounting for over 70% of all identified security exposures.

The report found that most security alerts were benign and did not lead to critical assets. By applying efficient risk based patch management and reducing unnecessary access to critical assets, organisations can mitigate a significant amount of risk. This isn’t a simple task however, for an organisation to be able to employ efficient risk based patch management it must have a sufficient level of cyber maturity and internal vulnerability scanning accompanied by a dynamic threat intelligence component.

https://www.infosecurity-magazine.com/news/eliminating-2-exposures-protect-90/

  • Printers Pose Persistent Yet Overlooked Threat

A rash of printer-related vulnerabilities in 2023 have punctuated security expert warnings that printers continue to be a significant vulnerability within companies — especially as remote workers require printing resources or access to corporate printers. So far in 2023, Lexmark advised that a publicly available remote exploit had already targeted a code execution flaw in its printers, HP warned of a vulnerable firmware version on some of its enterprise printers, and Microsoft fixed three remote code execution vulnerabilities in its printer drivers.

Printers remain a likely soft spot in most companies’ attack surface area, particularly because they are not always part of a company’s asset management process and are often left out of security assessments and risk registers. Many organisations don’t know where their printers are, their security status, configuration, monitoring or logging activity. Research has shown that 67% of companies are worried about the risk home printers may pose and only 26% of information technology and cyber security professionals are confident in their organisation’s printing infrastructure security.

https://www.darkreading.com/vulnerabilities-threats/printers-pose-persistent-yet-overlooked-threat

  • Employees Are as Likely as Cyber Criminals to Cause Cyber Incidents

Employees and cyber criminals cause similar numbers of data leakages. Kaspersky’s 2022 IT Security Economics survey found cyber-attacks caused 23% of data leakages, while employees caused a similar proportion, at 22%. The rise in employees causing leakages may be linked with more remote working since the pandemic, with new staff laptops, tablets, and virtual private networks (VPNs) featuring among the extra endpoints and systems needing security. Although innocent mistakes or ignoring cyber-security policy were behind most leakages, security managers reported 36% of employee-triggered leakages were deliberate acts of sabotage or espionage. The high number of cyber-incidents stemming from employee action shows all organisations need thorough cyber-security awareness training to teach all staff how to avoid common security mistakes.

https://www.independent.co.uk/news/business/business-reporter/employees-cyber-criminals-cyber-incidents-b2314225.html

  • Over 90% of Organisations Find Threat Hunting a Challenge

Executing essential cyber security operations tasks during the threat hunting process is an increasingly challenging proposition to the vast majority of organisations, with 93% of those polled for a Sophos report saying they find basic security operations a chore.

In the report, “The state of cybersecurity 2023: The business impact of adversaries on defenders”, Sophos said these findings were likely the result of the ongoing cyber security skills shortage, which is creating a domino effect in security operations: a lack of skilled personnel makes investigating alerts take longer, which reduces the security team’s capacity and increases the organisation’s exposure to higher levels of risk.

Organisations that suffer the most are those with revenues of less than $10m (£8m), which are more likely to lack the necessary skillsets, followed by organisations with revenues of more than $5bn, where organisational and system complexity likely play a more prominent role.

https://www.computerweekly.com/news/365534612/Over-90-of-organisations-find-threat-hunting-a-challenge

  • 75% of Organisations Have Suffered a Cyber Security Breach

Most organisations need stronger security controls to stop cyber security breaches and cyber attacks, according to “The Data Dilemma: Cloud Adoption and Risk Report” from security service edge (SSE) company Skyhigh Security. Key takeaways from the report include:

  • 97% of organisations indicated they are experiencing private cloud problems.

  • 75% have experienced a cyber security breach, threat and/or theft of data.

  • 75% said shadow IT “impairs their ability to keep data secure.”

  • 60% allow employees to download sensitive data to their personal devices.

  • 52% noted their employees are using SaaS services that are commissioned by departments outside of IT and without direct involvement of their IT department.

  • 37% said they do not trust the public cloud to secure their sensitive data.

https://www.msspalert.com/cybersecurity-research/skyhigh-security-report-75-of-organizations-have-suffered-a-cybersecurity-breach/

  • Leak Shows Evolving Russian Cyber War Capabilities

The leak of thousands of pages of secret documentation related to the development of Moscow’s cyber and information operations capabilities paint a picture of a government obsessed with social control and committed to scaling their capacity for non-kinetic interference.

The leaked documents detail methods and training simulations intended to prepare an operator workforce for offensive operations against critical infrastructure targets. Tools revealed by these recent leaks suggest a desire and an ability to extensively map foreign vulnerabilities and make the job of Russia’s cyber conflict operators as accessible and scalable as possible.

This leak reinforces the significant concern regarding the threat posed by Russian cyber forces to firms across the globe.

https://www.csoonline.com/article/3692821/ntc-vulkan-leak-shows-evolving-russian-cyberwar-capabilities.html#tk.rss_news

  • Outsourced Payroll and HR Services Firm Forced to Shut Down After Cyber Attack

Belgian headquartered HR and payroll giant SD Worx has suffered a cyber attack causing them to shut down all IT systems for their UK and Ireland services. While the login portals for other European countries are working correctly, the company's UK customer portal was not accessible. As a full-service human resources and payroll company, SD Worx manages a large amount of sensitive data for their client's employees.

According to the company's general conditions agreement, this data may include tax information, government ID numbers, addresses, full names, birth dates, phone numbers, bank account numbers, employee evaluations, and more.

https://www.bleepingcomputer.com/news/security/sd-worx-shuts-down-uk-payroll-hr-services-after-cyberattack/

  • When a Cyber Criminal Steals Personal Data from Your Organisation What Do You Do and Who Do You Need to Inform?

If that happens it might be time for your management to clear their desks. The prospect of financial penalties and reputational damage is very real. You need to know your obligations — for instance, reporting the breach to applicable authorities and regulators within strict timeframes — understand the breach, and prioritise. Then you communicate and remedy. If you haven’t planned well, it’s going to be tough.

You need to understand the data breach. Who is affected — is it staff or customer data? What exactly have the cyber criminals accessed? Consider the type of information: salary details and passport copies, or customer payment information.

If personal data has been lost or compromised, you will likely have an obligation under data protection regulations to report the breach to your applicable data protection authority within 72 hours, and if you are a regulated business there will likely be similar requirements to report to your regulator within a similar timeframe. Knowing your obligations — ideally before any hack takes place — will guide how well you respond.

https://www.thetimes.co.uk/article/who-should-i-inform-after-a-data-hack-dcrzvgp2x

  • Insider Threat and Ransomware: A Growing Issue

Ransomware is a growing epidemic. 2022 saw a slew of high-profile attacks leading to massive paydays for cyber criminals. Cyber criminals work just as hard to conceal their identities and location as they do to exploit weaknesses and capture valuable data to hold hostage. Organisations not only stand to lose money in this scenario, but the damage to their reputation and trustworthiness in the market can be challenging to recover from. Customers place high trust in the safety of their personal information, and it’s the company they hold accountable – not the thieves – if it slips into the wrong hands.

Even if you have good technical controls, the low-hanging fruit is capitalising on the human element and gaining entrance through a person within your organisation. Insider threats come in all shapes and sizes and roles, including employees, executives, former employees, board members, contractors, and service providers. Insider threats, by their very nature, pose a unique challenge for organisations.

https://informationsecuritybuzz.com/insider-threat-and-ransomware-a-growing-issue/

  • How LockBit Changed Cyber Security Forever

LockBit are one of the most prolific ransomware gangs globally, accounting for almost half of ransomware attacks in 2022. They not only maintain a high profile, but they’ve also turned ransom monetisation upside down. Thanks to their innovative approach, the group has claimed 44% of total ransomware attacks launched in 2022. LockBit made history by launching the industry’s first bug bounty program initiated by a ransomware group. The operation invites security experts to uncover vulnerabilities and report them for rewards ranging from $1,000 to a staggering $1 million. This has since been expanded and now offers bounties for creative ways to enhance ransomware operations.

https://securityintelligence.com/articles/how-lockbit-changed-cybersecurity/

  • Hybrid Work Environments Are Stressing CISOs

The impact of the hybrid workforce on security posture, as well as the risks introduced by this way of working, are posing concerns for CISOs and driving them to develop new strategies for hybrid work security, according to a new report.

Among the report’s most critical findings is the revelation that browsing-based threats ranked as CISOs’ number one concern, regardless of whether their organisation was operating primarily in an in-office, hybrid, or remote setting.

And as for the risks posed by hybrid and remote workers specifically, insecure browsing also topped the list of CISOs’ concerns.

https://www.helpnetsecurity.com/2023/04/12/hybrid-work-environments-stressing-cisos/

  • Protect Your Data with a USB Condom

USB isn't just a charging protocol, it also allows data to flow back and forth, and while most of the time this data flow is safe, it is possible to create a malicious charging port that can do bad things, such as plant malware on your device or steal your data. Equally, an employee plugging their personal phone into a corporate USB port may present a danger to the corporate network through the phone. A USB condom is a small dongle that adds a layer of protection between your device and the charging point you're attaching it to by blocking the data being transferred through the port. If you must use a charger, cable, or charging port that isn't under your control, it makes sense to use a USB condom.

https://www.zdnet.com/article/protect-your-data-with-a-usb-condom/

  • Strategising Cyber Security: Why a Risk-based Approach is Key

By 2027, cyber crime could cost the global economy nearly $24 trillion. Businesses often find themselves at the sharp end of this challenge, and, as such, cyber security is a critical aspect of the modern business landscape. Cyber threats are multiplying and pose serious financial, legal and reputational challenges to organisations.

Modern and effective cyber security management entails more than managing technology risk; it encompasses managing business risk. Organisations must recognise cyber security as a strategic imperative integrated into their overall risk management framework — and this starts at the board level.  In some cases, board members may find it beneficial to seek help in assessing appropriate levels of control.

https://www.weforum.org/agenda/2023/04/strategizing-cybersecurity-why-a-risk-based-approach-is-key/

Threats

Ransomware, Extortion and Destructive Attacks

Phishing & Email Based Attacks

BEC – Business Email Compromise

Other Social Engineering; Smishing, Vishing, etc

2FA/MFA

Malware

Mobile

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Fraud, Scams & Financial Crime

Supply Chain and Third Parties

Cloud/SaaS

Hybrid/Remote Working

Attack Surface Management

Shadow IT

Identity and Access Management

Encryption

API

Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Malvertising

Training, Education and Awareness

Regulations, Fines and Legislation

Governance, Risk and Compliance

Law Enforcement Action and Take Downs

Privacy, Surveillance and Mass Monitoring

Artificial Intelligence

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

Nation State Actors

Vulnerability Management

Vulnerabilities

Reports Published in the Last Week

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 18 November 2022

Black Arrow Cyber Threat Briefing 18 November 2022:

-Amid Legal Fallout, Cyber Insurers Redefine State-Sponsored Attacks as Act of War

-Supply Chains Need Shoring Up Against Cyber Attacks, C-Suite Executives Say

-Is Your Board Prepared for New Cyber Security Regulations?

-Unwanted Emails Steadily Creeping into Inboxes

-People Are Still Using the Dumbest Passwords Available

-Zero-Trust Initiatives Stall, as Cyber Attack Costs Rocket to $1M per Incident

-44% of Financial Institutions Believe Their Own IT Teams Are the Main Risk to Cloud Security

-MFA Fatigue Attacks Are Putting Your Organisation at Risk

-Cyber Security Training Boosts Risk Posture, Research Finds

-MI5 Chief: UK will have to tackle Russian Aggression ‘for Years to Come’

-Offboarding Processes Pose Security Risks as Job Turnover Increases: Report

-Do Companies Need Cyber Insurance?

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

  • Amid Legal Fallout, Cyber Insurers Redefine State-Sponsored Attacks as Act of War

As carriers rewrite their act-of-war exclusions following the NotPetya settlement between Mondelez and Zurich, organisations should read their cyber insurance policies carefully to see what is still covered.

The consequences from NotPetya, which the US government said was caused by a Russian cyber attack on Ukraine in 2017, continue to be felt as cyber insurers modify coverage exclusions, expanding the definition of an "act of war." Indeed, the 5-year-old cyber attack appears to be turning the cyber insurance market on its head.

Mondelez International, parent of such popular brands as Cadbury, Oreo, Ritz, and Triscuit, was hit hard by NotPetya, with factories and production disrupted. It took days for the company's staff to regain control of its computer systems. The company filed a claim with its property and casualty insurer, Zurich American, for $100 million in losses. After initially approving a fraction of the claim — $10 million — Zurich declined to pay, stating the attack was an act of war and thus excluded from the coverage. Mondelez filed a lawsuit.

Late last month Mondelez and Zurich American reportedly agreed to the original $100 million claim, but that wasn't until after Merck won its $1.4 billion lawsuit against Ace American Insurance Company in January 2022 for its NotPetya-related losses. Merck's claims also were against its property and casualty policy, not a cyber insurance policy.

Back in 2017, cyber insurance policies were still nascent, and so many large corporations filed claims for damages related to NotPetya — the scourge that caused an estimated $10 billion in damage worldwide — against corporate property and casualty policies.

What's Changed? The significance of these settlements illustrates an ongoing maturation of the cyber insurance market, says Forrester Research.

Until 2020 and the COVID-19 pandemic, cyber insurance policies were sold in a fashion akin to traditional home or auto policies, with little concern for a company's cyber security profile, the tools it had in place to defend its networks and data, or its general cyber hygiene.

Once a large number of ransomware attacks occurred that built off of the lax cyber security many organisations demonstrated, insurance carriers began tightening the requirements for obtaining such policies.

https://www.darkreading.com/edge-articles/amid-notpetya-fallout-cyber-insurers-define-state-sponsored-attacks-as-act-of-war

  • Is Your Board Prepared For New Cyber Security Regulations?

Boards are now paying attention to the need to participate in cyber security oversight. Not only are the consequences sparking concern, but the new regulations are upping the ante and changing the game.

Boards have a particularly important role to ensure appropriate management of cyber risk as part of their fiduciary and oversight role. As cyber threats increase and companies worldwide bolster their cyber security budgets, the regulatory community, including the U.S. Securities and Exchange Commission (SEC), is advancing new requirements that companies will need to know about as they reinforce their cyber strategy.

Most organisations focus on cyber protection rather than cyber resilience, and that could be a mistake. Resiliency is more than just protection; it’s a plan for recovery and business continuation. Being resilient means that you’ve done as much as you can to protect and detect a cyber incident, and you have also done as much as you can to make sure you can continue to operate when an incident occurs. A company who invests only in protection is not managing the risk associated with getting up and running again in the event of a cyber incident.

Research indicates that most board members believe it is not a matter of if, but when, their company will experience a cyber event. The ultimate goal of a cyber-resilient organisation would be zero disruption from a cyber breach. That makes the focus on resilience more important.

In March 2022, the SEC issued a proposed rule titled Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure.  In it, the SEC describes its intention to require public companies to disclose whether their boards have members with cyber security expertise: “Cyber security is already among the top priorities of many boards of directors and cyber security incidents and other risks are considered one of the largest threats to companies. Accordingly, investors may find disclosure of whether any board members have cyber security expertise to be important as they consider their investment in the registrant as well as their votes on the election of directors of the registrant.”

The SEC will soon require companies to disclose their cyber security governance capabilities, including the board’s oversight of cyber risk, a description of management’s role in assessing and managing cyber risks, the relevant expertise of such management, and management’s role in implementing the registrant’s cyber security policies, procedures, and strategies. Specifically, where pertinent to board oversight, registrants will be required to disclose:

  • whether the entire board, a specific board member, or a board committee is responsible for the oversight of cyber risks,

  • the processes by which the board is informed about cyber risks, and the frequency of its discussions on this topic,

  • whether and how the board or specified board committee considers cyber risks as part of its business strategy, risk management, and financial oversight.

https://hbr.org/2022/11/is-your-board-prepared-for-new-cybersecurity-regulations

  • Unwanted Emails Steadily Creeping into Inboxes

A research from cloud security provider Hornetsecurity has revealed that 40.5% of work emails are unwanted. The Cyber Security Report 2023, which analysed more than 25 billion work emails, also reveals significant changes to the nature of cyber attacks in 2022 – indicating the constant, growing threats to email security, and need for caution in digital workplace communications.

Phishing remains the most common style of email attack, representing 39.6% of detected threats. Threat actors used the following file types sent via email to deliver payloads: Archive files (Zip, 7z, etc.) sent via email make up 28% of threats, down slightly from last year’s 33.6%, with HTML files increasing from 15.3% to 21%, and DOC(X) from 4.8% to 12.7%.

This year’s cyber security report shows the steady creep of threats into inboxes around the world. The rise in unwanted emails, now found to be nearly 41%, is putting email users and businesses at significant risk.

HornetSecurity’s analysis identified both the enduring risk and changing landscape of ransomware attacks – highlighting the need for businesses and their employees to be more vigilant than ever.

New cyber security trends and techniques for organisations to watch out for were also tracked. Since Microsoft disabled macros settings in Office 365, there has been a significant increase in HTML smuggling attacks using embedded LNK or ZIP files to deliver malware. Microsoft 365 makes it easy to share documents, and end users often overlook the ramifications of how files are shared, as well as the security implications. Hornetsecurity found 25% of respondents were either unsure or assumed that Microsoft 365 was immune to ransomware threats.

For these attackers, every industry is a target. Companies must therefore ensure comprehensive security awareness training while implementing next-generation preventative measures to ward off threats.

https://www.helpnetsecurity.com/2022/11/14/email-security-threats/

  • People Are Still Using the Dumbest Passwords Available

If you were thinking that most people would have learned by now not to use “password” as the password for their sensitive systems, then you would be giving too much credit to the general scrolling public.

Cyber security researchers from Cybernews and password manager company NordPass both independently reported this week on data surrounding the most commonly-used passwords. Trying to discern the frequently used words, phrases, and numbers among the general public wouldn’t be simple if it weren’t for the troves of leaked passwords being sold on the dark web.

Cybernews said it based its data on a list of 56 million breached or leaked passwords in 2022 found via databases in darknet and clearnet hacker forums. Some of the most-used passwords were exactly what you expect, easy-to-remember junk passwords for company accounts, including “123456,” “root,” and “guest” all looking pretty in the top three.

NordPass, on the other hand, listed its top passwords by country and the supposed gender of the user. In their case, “password” sat in the number one spot for most-used password throughout the globe. Some countries had very specific passwords that were commonly used, such as “liverpool” being the number 4 most-used password in the UK despite it being 197 in the world. The number 2 most-used password for Brazil accounts is “Brasil” while in Germany, number 5 is “hallo.”

NordPass said the list of passwords was built by a team of independent researchers who compiled 3TB of data from listings on the dark web, including some data that was leaked in data breaches that occurred in 2022. The company noted that some data might be from late 2021, though the passwords were listed on the dark web in the new year.

https://gizmodo.com/passwords-hacker-best-passwords-cybersecurity-1849792818

  • Zero-Trust Initiatives Stall, as Cyber Attack Costs Rocket to $1M per Incident

Researchers find current data protection strategies are failing to get the job done, and IT leaders are concerned, while a lack of qualified IT security talent hampers cyber-defence initiatives.

Organisations are struggling with mounting data losses, increased downtime, and rising recovery costs due to cyber attacks — to the tune of $1.06 million in costs per incident. Meanwhile, IT security teams are stalled on getting defences up to speed.

That's according to the 2022 Dell Global Data Protection Index (GDPI) survey of 1,000 IT decision-makers across 15 countries and 14 industries, which found that organisations that experienced disruption have also suffered an average of 2TB data loss and 19 hours of downtime.

Most respondents (67%) said they lack confidence that their existing data protection measures are sufficient to cope with malware and ransomware threats. A full 63% said they are not very confident that all business-critical data can be reliably recovered in the event of a destructive cyber attack.

Their fears seem founded: Nearly half of respondents (48%) experienced a cyber attack in the past 12 months that prevented access to their data (a 23% increase from 2021) — and that's a trend that will likely continue.

The growth and increased distribution of data across edge, core data centre and multiple public cloud environments are making it exceedingly difficult for IT admins to protect their data.

On the protection front, most organisations are falling behind; for instance, 91% are aware of or planning to deploy a zero-trust architecture, but only 12% are fully deployed.

And it's not just advanced defence that's lacking: Keegan points out that 69% of respondents stated they simply cannot meet their backup windows to be prepared for a ransomware attack.

https://www.darkreading.com/endpoint/zero-trust-initiatives-stall-cyberattack-costs-1m-per-incident

  • 44% of Financial Institutions Believe Their Own IT Teams Are the Main Risk to Cloud Security

Netwrix, a cyber security vendor, today announced additional findings for the financial and banking sector from its global 2022 Cloud Security Report.

Compared to other industries surveyed, financial institutions are much more concerned about users who have legitimate access to their cloud infrastructure. Indeed, 44% of respondents in this sector say their own IT staff poses the biggest risk to data security in the cloud and 47% worry about contractors and partners, compared to 30% and 36% respectively in other verticals surveyed.

Financial organisations experience accidental data leakage more often than companies in other verticals: 32% of them reported this type of security incident within the last 12 months, compared to the average of 25%. This is a good reason for them to be concerned about users who might unintentionally expose sensitive information. To address this threat, organisations need to implement a zero-standing privilege approach in which elevated access rights are granted only when they are needed and only for as long as needed. Cloud misconfigurations are another common reason for accidental data leakage. Therefore, security teams must continually monitor the integrity of their cloud configurations, ideally with a dedicated solution that automates the process.

All sectors say phishing is the most common type of attack they experience. However, 91% of financial institutions say they can spot phishing within minutes or hours, compared to 82% of respondents in other verticals.

Even though mature financial organisations detect phishing quickly, it is still crucial for them to keep educating their personnel on this threat because attacks are becoming more sophisticated. To increase the likelihood of a user clicking a malicious link, attackers are crafting custom spear phishing messages that are directed at the person responsible for a certain task in the organisation and that appear to come from an authority figure. Regular staff training, along with continuous activity monitoring, will help reduce the risk of infiltration.

https://www.darkreading.com/cloud/44-of-financial-institutions-believe-their-own-it-teams-are-the-main-risk-to-cloud-security

  • MFA Fatigue Attacks Are Putting Your Organisation at Risk

The rapid advancement of technology in all industries has led to the threat of ever-increasing cyber attacks that target businesses, governments, and individuals alike. A common threat targeting businesses is MFA Fatigue attacks—a technique where a cyber criminal attempts to gain access to a corporate network by bombarding a user with MFA prompts until they finally accept one.

MFA refers to multi-factor authentication, a layered end-user verification strategy to secure data and applications. For a user to log in, an MFA system needs them to submit various combinations of two or more credentials.

Using MFA Fatigue attacks, cyber criminals bombard their victims with repeated 2FA (two-factor authentication) push notifications to trick them into authenticating their login attempts, to increase their chances of gaining access to sensitive information. This attempt can be successful, especially when the target victim is distracted or overwhelmed by the notifications or misinterprets them as legitimate authentication requests.

One major MFA Fatigue attack, also known as MFA bombing, targeted the ride-sharing giant Uber in September 2022. Uber attributed the attack to Lapsus$, a hacking group that started by compromising an external contractor’s credentials.

Cyber criminals increasingly use social engineering attacks to access their targets’ sensitive credentials. Social engineering is a manipulative technique used by hackers to exploit human error to gain private information.

MFA Fatigue is a technique that has gained popularity among hackers in recent years as part of their social engineering attacks. This is a simple yet effective technique with destructive consequences as the hackers are banking on their targets’ lack of training and understanding of attack vectors. Since many MFA users are unfamiliar with this style of attack, they would not understand that they are approving a fraudulent notification.

https://www.bleepingcomputer.com/news/security/mfa-fatigue-attacks-are-putting-your-organization-at-risk/

  • Cyber Security Training Boosts Risk Posture, Research Finds

Business executives worldwide see the economic advantages of continuing professional cyber security education and the steep downside from a workforce of under-trained individuals, Cybrary, a training platform provider, said in a new report.

The survey of 275 executives, directors and security professionals in North America and the UK who either procure or influence professional cyber security training, was conducted by consultancy Omdia. The results showed that the benefits of professional training boost an employee’s impact on the organisation, the overall risk posture of the organisation, and in the costs associated with finding and retaining highly skilled employees, the analyst said.

The study’s key findings include:

  • 73% of respondents said their team’s cyber security performance was more efficient because of ongoing professional cyber security training.

  • 62% of respondents said that training improved their organisation’s cyber security effectiveness (which encompasses decreases in the number of breach attempts and overall security events).

  • 79% of respondents ranked professional cyber security training at the top or near the top of importance for the organisation’s ability to prevent and rapidly remediate breaches and ensuing consequences such as reputational damage.

  • 70% of companies reported a relationship between an incident and training, and two-thirds of respondents reported increased investments in ongoing cyber security training after a security incident.

  • Large enterprises are the least likely to delay upskilling until after an incident, indicating that companies with larger cyber security teams firmly understand the importance of ongoing professional training.

  • 67% of surveyed SMBs invested in cyber security training after a security incident, which served as a call to action.

  • 53% invested in professional cyber security training due to a cyber security insurance audit.

  • 48% of organisations said that cyber security training drives retention and decreases the likelihood that a cyber security professional will leave the organisation that trains them.

  • 41% said that ongoing cyber security training has no significant impact on if a cyber security professional leaves.

Cybrary said the research shows the rewards that organisations enjoy by investing in training and upskilling their security professionals. The data “codifies the fiscal and reputational paybacks in proactively improving cyber security defences versus responding to attacks. It also codifies an often-underrecognised benefit of cyber security upskilling: helping the organisation retain invaluable security talent despite market and organisational uncertainty”.

https://www.msspalert.com/cybersecurity-research/cybersecurity-training-boosts-risk-posture-research-finds/

  • MI5 Chief: UK Will Have to Tackle Russian Aggression ‘for Years to Come’

Britain will have to tackle Russian aggression for years to come, said the MI5’s chief on Wednesday, adding that his agency had blocked more than 100 attempts by the Kremlin to insert suspected spies into the UK since the Salisbury poisonings.

Ken McCallum, giving an annual threat update, said state-based threats were increasing and said the UK also faced a heightened direct threat from Iran, which had threatened “to kidnap or even kill” 10 people based in Britain in the past year.

The spy chief said Russia had suffered a “strategic blow” after 400 spies were expelled from around Europe following the start of the war in Ukraine, but he said the Kremlin was actively trying to rebuild its espionage network.

Britain had expelled 23 Russian spies posing as diplomats after the poisoning of Sergei and Yulia Skripal in Salisbury in 2018, yet since then “over 100 Russian diplomatic visa applications” had been rejected on national security grounds.

McCallum accused Russia of making “silly claims” about British activities without evidence, such as that UK was involved in attacking the Nord Stream gas pipelines. But the head of MI5 said “the serious point” was that “the UK must be ready for Russian aggression for years to come”.

Iran’s “aggressive intelligence services” were actively targeting Britain and had made “at least 10” attempts to “kidnap or even kill” British or UK-based individuals since January as the regime felt greater pressure than ever before.

https://www.theguardian.com/uk-news/2022/nov/16/mi5-chief-uk-will-have-to-tackle-russian-aggression-for-years-to-come

  • Offboarding Processes Pose Security Risks as Job Turnover Increases: Report

Research from YouGov finds that poor offboarding practices across industries including healthcare and tech are putting companies at risk, including for loss of end-user devices and unauthorised SaaS application use.

Organisations across multiple industries are struggling to mitigate potential risks, including loss of end-user and storage devices as well as unauthorised use of SaaS applications, during their offboarding process, according to new research conducted by YouGov in partnership with Enterprise Technology Management (ETM) firm Oomnitza.

Over the last 18 months, employee turnover has increased, with the US Department of Labor estimating that by the end of 2021, a total of 69 million people, more than 20% of Americans, had either lost or changed their job. Although these figures could initially be attributed to the so-called Great Resignation, this figure is likely to increase due to the numerous job cuts that are now being reported, including layoffs at major technology companies, as organisations look to reduce operational costs.

Although the circumstances of an employee’s departure can sometimes make the offboarding process more complex, ultimately offboarding should aim to prevent disruption and mitigate any potential risks.

However, in YouGov’s 2022 State of Corporate Offboarding Process Automation report, the research found that although implementing a secure offboarding processes is now seen as a business imperative for enterprises, 48% of the survey’s respondents expressed deficiencies in or lack of automated workflows across departments and IT tools to facilitate the secure offboarding of employees.

https://www.computerworld.com/article/3680368/offboarding-processes-pose-security-risks-as-job-turnover-increases-report.html#tk.rss_news

  • Supply Chains Need Shoring Up Against Cyber Attacks, C-Suite Executives Say

Nearly every organisation (98%) in a new survey of some 2,100 C-suite executives has been hit by a supply chain cyber attack in the last year, security provider BlueVoyant said in a newly released study.

The study gleaned data from interviews with chief technology officers (CTOs), chief security officers (CSOs), chief operating officers (COOs), chief information officers (CIOs), chief information security officers (CISOs), and chief procurement officers (CPOs) responsible for supply chain and cyber risk management in organisations of more than 1,000 employees across business services, financial services, healthcare and pharmaceutical, manufacturing, utilities and energy, and defence industries.

While the number of companies experiencing digital supply chain attacks has stayed relatively static year-over-year, the attention paid by organisations to that attack vector has increased, BlueVoyant said. Still, the New York-based cyber defender said, there’s a lot of room for organisations to better monitor suppliers and “work with them to remediate issues to reduce their supply chain risks.”

Here are some macro highlights from the survey:

  • 40% of respondents rely on the third-party vendor or supplier to ensure adequate security.

  • In 2021, 53% of companies said they audited or reported on supplier security more than twice per year. That number has improved to 67% in 2022. These numbers include enterprises monitoring in real time.

  • Budgets for supply chain defence are increasing, with 84% of respondents saying their budget has increased in the past 12 months.

  • The top pain points reported are internal understanding across the enterprise that suppliers are part of their cyber security posture, meeting regulatory requirements, and working with suppliers to improve their security.

https://www.msspalert.com/cybersecurity-research/supply-chains-need-shoring-up-against-cyberattacks-c-suite-executives-say/

  • Do Companies Need Cyber Insurance?

Companies are increasingly seeking to transfer risk with cyber insurance. This trend has been influenced by a greater severity in cyber attacks and the resulting skyrocketing costs of incident response, business disruption and recovery.

Companies struggle to afford the high prices of cyber insurance, however. One market index reported the price of cyber insurance increased 79% in the second quarter of 2022. Without it, however, companies risk shouldering the full cost of any resulting harm. Furthermore, insurance companies that lack traditional decades of actuarial data must consider whether to provide cyber insurance to clients unable or unwilling to show their cyber security maturity through independent risk analysis.

This combination of circumstances leaves businesses vulnerable, financially drained and facing potential reputational damage. But does it have to be this way? And is cyber insurance truly necessary? For the majority of organisations, the answer is that cyber insurance is a worthwhile investment as part of their overall risk treatment plans. There are a number of activities, however, that should be undertaken to optimise the benefits and reduce the costs of cyber-risk insurance.

A rise in high-profile attacks, in tandem with increased regulation and compliance surrounding cyber security and privacy, has shifted the conversation around digital safety. No longer is cyber security an optional aspect of the business model with a fixed, stagnant cost. Businesses today have become too digitally dependent to ignore cyber security, with classified, internal information stored online; communication largely conducted via email or another platform; and the workforce transitioned to hybrid and remote work environments. Effective cyber security and privacy, as well as mitigating financial and operational risks, can be strategic enablers to modern digital business.

Cyber insurance is not a solution -- it's a piece of the puzzle. Regardless of industry or company size, all businesses should conduct an independent cyber audit prior to committing to cyber insurance. In doing so, organisations can determine the need for cyber insurance and better understand their organisations' risk posture and weak points.

Even if insurance is needed, the audit further adds value as it lets insurance companies support the company specific to its digital landscape and help it become more digitally strong. Additionally, the existence of an independent audit and risk review may indeed enable the insurance company to offer higher levels of coverage without the need for excessive premiums.

https://www.techtarget.com/searchsecurity/post/Do-companies-need-cyber-insurance

Threats

Ransomware and Extortion

Phishing & Email Based Attacks

Malware

Mobile

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Fraud, Scams & Financial Crime

Impersonation Attacks

Dark Web

Supply Chain and Third Parties

Software Supply Chain

Denial of Service DoS/DDoS

Cloud/SaaS

Encryption

Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Privacy, Surveillance and Mass Monitoring

Governance, Risk and Compliance

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

Nation State Actors

Nation State Actors – Russia

Nation State Actors – China

Nation State Actors – North Korea

Nation State Actors – Iran

Nation State Actors – Misc

Vulnerability Management

Vulnerabilities

Tools and Controls

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More