Insured Losses from SolarWinds Hack Mount, But Could Be Worse
… investment in security, balanced with risk transfer to insurance. The cost of breaches keeps going up at a rate faster than revenue growth for many companies. So I’m hopeful they will look to cyber insurance to transfer more of the exposure they cannot effectively manage down.
Hackers Bypassed MFA to Access Cloud Service Accounts
The Cybersecurity and Infrastructure Security Agency (CISA) says it’s aware of several recent successful cyberattacks against various organizations’ cloud services.
Threat actors are using phishing and other vectors to exploit poor cyber hygiene practices within a victim’s cloud services configuration.
These types of attacks frequently occurred when victim organizations’ employees worked remotely, and use a mixture of corporate laptops and personal devices to access their respective cloud services. Despite the use of security tools, affected organizations typically had weak cyber hygiene practices. That allowed threat actors to conduct successful attacks.
Tim Wade is technical director of the CTO team at Vectra. He said managing IT hygiene and improving phishing awareness are important.
“But it’s critically important to acknowledge that perfection in both these cases is a fool’s errands,” he said. “And so CISA’s recommendation for a robust detection and response capability is spot on. Whether against known IT hygiene-related weaknesses, or unknown weaknesses, an organization’s ability to quickly zero in on an active risk and then take appropriate action to reduce the impact is the difference between a successful security operations team and an organization finding its name in a headline story on cyberattacks.”
A key takeaway of the last quarter must be “prevention will fail,” Wade said. And overreliance on prevention is a loser’s strategy. Organizations must successfully identify and disrupt attacks in real time; otherwise, the industry will continue to see successfully executed attacks.
Brendan O’Connor is CEO and co-founder at AppOmni.
“Phishing users for their passwords has been a problem for decades,” he said.
Two-step authentication is the best way to address this problem, O’Connor said. Attackers finding unintentionally exposed data is even more dangerous.
“You don’t need to steal a user’s password if a misconfiguration or exposed API grants the entire internet access to your sensitive data,” O’Connor said.
Cyber Insurance and Ransomware
Cyber insurance is a smart buy to provide coverage in the event of malware or data theft. But it doesn’t always cover ransomware.
That’s according to Jon Toor, Cloudian‘s CMO. Ransomware attacks accounted for 41% of cyber insurance claims filed during the first half of 2020. Insurers want to make sure their clients are doing everything possible to prevent attacks to avoid expensive payouts.
In addition, many will charge higher premiums or even refuse to cover organizations that don’t have a strong strategy in place for protecting against ransomware.
“Cyber insurance can offset – partially or completely – the cost of ransomware payments, recovery costs and lost revenue,” Toor said. “However, it depends on the details of the policy’s coverage. In fact, ransomware attacks aren’t always covered, as a local government in Georgia discovered when its insurance carrier refused to reimburse the county for a $400,000 ransom payment.”
Even organizations that have strong cyber insurance should take steps to protect against ransomware attacks, he said. This includes having an immutable copy of their backup data, he said.
“This data immutability protects the data from encryption by hackers, thus preserving a clean copy for fast data restore in the event of an attack,” Toor said. “This can eliminate the need to …