Looking For Something?

Quick Responses Lower Data Breach Costs

A new study from IBM Security and the Ponemon Institute has measured exactly how much businesses can save by quickly responding to cyber attacks and data breaches. The average cost of a data breach in the United States is $7.35 million, but businesses that were able to contain a data breach within 30 days were able to lower that figure by an average of $1 million.

Here are some additional findings from the study:

• Incident response teams, data encryption procedures and employee training programs were the most effective ways to lower the costs of a data breach.
• Businesses should evaluate the security of third-party providers to protect their customers’ data.

Filed under: Cyber Liability — Jillian Bender-Cormier @ 6:06 pm August 25, 2017

A Single Cyber Attack Could Cost Billions

A simulation conducted by Lloyd’s of London, an international insurance service provider, found that a major cyber attack could cause over $53 billion in damages worldwide. This figure dwarfs the estimated $8 billion in damages caused by the recent WannaCry cyber attack in May. Additionally, Lloyd’s of London estimates that over 80 percent of the costs caused by a major cyber attack may not be covered by insurance, as businesses often don’t carry enough cyber insurance to cover such an attack.

In the scenario simulated by Lloyd’s of London, hackers inserted malicious code into the products of a cloud service provider, which then unknowingly forwarded the code to the provider’s clients. When the cyber attack was triggered a year later, businesses, such as financial service companies and health care providers, experienced extended business interruptions.

Lloyd’s of London stated that the total economic impact of such an attack would depend on the organizations involved and the length of the cyber attack. And, although such an attack may seem unlikely, cyber attacks of all types have been escalating for years. In fact, the Department of Homeland Security and the FBI issued a joint warning in June to expect more cyber attacks aimed at financial organizations, critical infrastructure and energy suppliers.

Filed under: Cyber Liability — Jillian Bender-Cormier @ 5:53 pm August 9, 2017

New Executive Order Aims to Improve Cyber Security

President Donald Trump recently signed an executive order to improve the country’s cyber security and protect key infrastructure from cyber attacks. The order also emphasized the importance of strengthening the cyber security of federal agencies. According to a survey from Thales Group, a cyber security company, 34 percent of federal agencies experienced a data breach in the last year, and 95 percent of agencies consider themselves vulnerable to cyber attacks.

The executive order did not create any ongoing cyber security requirements, but instead laid out goals to assess the current state of cyber defenses and develop deterrence strategies. Here are some of the requirements of the executive order:

• Federal agencies must draft reports on their ability to defend themselves against cyber threats.
• The departments of Energy and Homeland Security must assess potential vulnerabilities to the country’s electrical grids. The executive order specifically mentions that prolonged power outages could pose a threat to national security or damage the economy.
• Various federal agencies must review the cyber defense plans of U.S. allies in order to cooperate during international cyber attacks.

Filed under: Cyber Liability,Recent Headlines — Jillian Bender-Cormier @ 4:37 pm June 1, 2017

Most Cyber Attacks in 2016 Caused by Ransomware and DDoS Attacks

According to a recent report from Radware, a leading cyber security provider, nearly half of all surveyed businesses experienced a ransomware attack in 2016. Ransomware is a type of attack where an organization is “locked out” of its computer network until a financial ransom is paid, usually with the anonymous and digital bitcoin currency.

The report also showed that cyber criminals frequently used the threat of a distributed denial of service (DDoS) attack to elicit a bitcoin ransom. These attacks slow down a target server until it is rendered useless, often leading to prolonged business interruptions.

What’s worse is that these types of attacks are relatively easy for criminals to perform, and are often automated by using malware or bots. Additionally, Radware found that 40 percent of respondents don’t have a cyber incident response plan in place to counteract ransomware and DDoS attacks.

The report also made a number of predictions for cyber attacks in 2017, which included the creation of new types of DDoS attacks, more targeted ransomware attacks and the increased prevalence of politically-motivated cyber attacks.

Filed under: Cyber Liability — Jillian Bender-Cormier @ 3:00 pm February 15, 2017

88 Percent of Employees Lack Knowledge to Prevent Cyber Incidents

toplaps-1243160According to a recent report, 88 percent of employees lack the understanding necessary to prevent common cyber incidents.

That report is based on the results of a survey given to more than 1,000 employees across the Unites States, and was designed to test the level of knowledge and awareness of cyber security among employees by asking them to name proper behaviors in given circumstances. The survey covered eight risk domains and assigned three risk profiles—Risk, Novice and Hero—to indicate an employee’s privacy and security awareness IQ.

Key findings from the report include the following:

• Only 12 percent of respondents earned a “Hero” profile, while 72 percent were given a “Novice” profile and 16 percent were given a “Risk” profile.
• Almost 40 percent of respondents disposed of a password hint using unsecure means.
• About 25 percent of respondents failed to recognize a sample phishing email, even though it came from a questionable sender and included an attachment. (more…)

Filed under: Cyber Liability — Jillian Bender-Cormier @ 11:07 pm November 16, 2016