Cyber Liability: Then and Now
The term “cyber-liability” is certainly one that is at the forefront of everyone’s minds as it continues to dominate the headlines. Both the new-age age criminal and the reliance on electronic data has forced companies to alter their risk management plans to include protection against data breaches. In the past, cyber liability policies were only requested and purchased by companies providing professional IT services and those who handled a wide variety of computer systems and software. As cyber security awareness has increased, coverage has become broader and coverage has become a necessity for businesses in every industry.
Prior to any laws that would hold companies accountable for private records being leaked, the only requirement for carrying privacy liability might be contractual stipulations. The first law that was enacted that raised awareness of this was the Health Insurance Portability and Accountability Act (HIPAA), which most of us have heard of. In 2003, a privacy rule went into effect for the private sector, protecting personal healthcare information under HIPPA regulations. The introduction of these privacy requirements introduced a new concept of responsibility for those who store personal records. Since the enactment of the HIPAA privacy rule, there have been 48 out of 50 states that have state laws or codes that require companies to notify a consumer if their personal identifiable information (PII) was breaches. With a new century, comes a new exposure.
Prior to modern day philosophies and availability of industry-tested cyber liability products, companies would purchase policies that would provide coverage for alleged wrongful acts arising from their professional [technology] services. The definition of wrongful act may or may not include breach of security or invasion of privacy, which are areas that are protected by acts, such as HIPPA. Post-HIPPA privacy laws have made it necessary for non-technology companies to reevaluate their current insurance program and consider adding cyber liability coverage. A modern cyber liability policy will include both Third Party liability coverages, along with First Party coverage. Third party liability coverage provides coverage for damages to consumers. This coverage provides protection against wrongful acts, loss of employee/customer information, failure to prevent the entrance or spread of a hacker/virus, and personal injury from your website content. As mentioned earlier, most states are requiring companies to notify consumers when their information goes missing or is hacked and every state has a different notification requirement. This is an unwelcomed expense and headache that many business owners would prefer not to shoulder. A well-equipped cyber liability policy will help offset these expenses by providing first party coverage to pay for consumer notification expense, computer/legal forensic expenses, business interruption, and regulatory defense and penalties incurred. (It is important to note that no two cyber liability policies are alike and terminology can often be confusing as there is not a standard policy form that has been accepted by the courts.)
The cyber liability marketplace has come a very long way since its introduction in the early 2000s, but it hasn’t been tested nearly as much as the other insurance products. As breaches become a greater risk to all businesses, insurance companies can expect to see more claims and the need for capacity to support these claims. It is vital to make sure that you work with an advisor who is very knowledgeable about the cyber liability arena and knows the marketplace well. While many insurance carriers have found solutions to protect your business if and when a breach occurs, it is still difficult to stay ahead of the technology market. As networks and enterprises move to the “cloud,” hackers will follow. It is very important to consult with an IT professional to discuss proactive ways to prevent breaches/hacks and to formulate a continuity plan should you fall victim to one. With a strong IT infrastructure, solid continuity plan, and a strong cyber liability program, you should be able to weather the storm if you face a network security breach.
About the Author
Alan Sisk is a Sr. Risk Advisor with Geny Insurance Group. Alan partners with commercial clients to proactively identify ways to create and increase the value of their businesses through insurance and risk management techniques. He brings a creative approach to his clients and the field of insurance by challenging old conventions and applying new philosophies. Alan is very knowledgeable of the cyber exposures that businesses face today and well-informed of the latest trends in the marketplace. Should you have any questions, please contact Alan at 615.515.3218 or email@example.com.
About Geny Insurance Group
Celebrating its 30th year anniversary, Geny Insurance Group (Nashville, TN) has been a full-service independent insurance agency devoted to serving the needs of individuals and businesses. As one of the most respected independent insurance agencies in Middle Tennessee, they strive to provide a customized risk management solution that protects their client’s most critical assets and supports their future goals. Geny Insurance Group is the Nashville office and headquarter location for SouthPoint Risk Advisors, which operates out of 6 offices throughout TN & KY and offers Personal & Commercial Insurance, Risk Management, and Employee Benefits.
Have you ever heard that loud rumbling noise coming from your server room? Is it your IT infrastructure hard at work helping you to increase profits or is the sound of the “zombie” server? A zombie, or comatose, server is a physical server that is running but has no external communications or visibility and contributes no computer resources; essentially it consumes electricity but serves no useful purpose. For something you have most likely never heard of; it is a big problem. An estimated one in three servers in North America falls into the “undead” category. Given those odds, chances are most businesses are running servers that are no longer doing anything relevant and could be decommissioned. IT is not only at the center of your organization’s operations it is also a key line item in your budget. You certainly do not want to cut corners when budgeting for your IT needs; but are you wasting your money on equipment that is giving you no value whatsoever? Enter the nefarious “zombie” server. According to the Wall Street Journal, estimates show upwards of 10,000,000 unused servers remain plugged in and drawing power. The 4 Gigawatts of power consumed by these undead machines is equivalent to the “power from eight large power plants; power used by 3,200,000 households, roughly the number in New York City”.
But these zombies are not just a drain on your electric bill. There are a myriad of other costs you must consider. These include but are not limited to: cooling/heating, data center space if applicable, Network Ports, SAN Connections, Back Ups, Monitoring, Operating System licensing, Database Licensing, Maintenance agreements, Administration and support. In fact, according to the Federal Data Center Consolidation Initiative, the average cost to support a mid-tier server is $2,000 per year.
All business owners know that their IT needs change over time, as does their IT infrastructure. With changes in IT, sometimes no one is really clear what the server does. If an employee does know what a particular piece of equipment does and believe it can be decommissioned they often do not do so out of fear. Fear of creating downtime, or interrupting something that may be relevant. In reality, many servers can be re-purposed, licenses put back into the pool, and physical parts and storage space can be reclaimed. The more servers you have, the more consolidation you’ve done, the more the risk that this is an issue in your organization! Think about the efforts you go through to save a few hundred dollars here and there. You cannot afford to continue to overlook this potential drain on your resources. While you realize now that identification and eradication of zombies is important, even in a small business it could easily add up to many thousands of dollars. But you do not have the time nor the expertise to go through and audit your servers, in search of zombies. You need to get Net Works on your side. As experts in the area of IT Cost Optimization we can not only identify where zombie servers are wasting your IT budget dollars; we can help you to strategically procure or negotiate your complex
Most small business owners believe cyberattacks are the concern of large corporations, however nothing could be further from the truth. According to Verizon Data Breach Investigations Report 71% of cyberattacks occur at businesses with less than 100 employees. However smaller organizations are often not as concerned as they need to be, added Kevin Haley, a Symantec director in charge of relaying security information to Symantec customers. “They are also typically under the illusion that cyber-attackers are only interested in large companies, which we have found is not the case,” Haley said.
Even though it turns out SMB’s have a larger target on their backs than they realize, two thirds of SMBs surveyed by Symantec say they’re not concerned about cyber threats; and more than 80 percent have no formal cyber security plan. Although more than 95 percent of businesses are considered small or medium-sized, almost all security solutions are designed for enterprise businesses with large IT departments and big budgets. Many of these security products are just too complex and costly for a resource-strapped SMB. To protect themselves, many SMBs use a patchwork of multiple products that defeat separate elements of the threat. But these are often improperly managed because these small businesses don’t have the time or expertise to create a proper web of protection. The result is a disjointed and ineffective security network that puts IT managers and security budgets under even tighter scrutiny.
“Smaller companies are easier to hack,” said Clay Calvert, director of security at MetroStar Systems, a Virginia-based firm. “They don’t have the resources to set up protective barriers.” Big companies, which have the financial resources to upgrade their security, have become less vulnerable. But this needs to change! The average cyberattack costs a business $188,000! You can no longer wait for hackers to target you. The rise of organized cyber hackers is definitely a scary trend but it doesn’t have to be the end of the world. There are some things that a SMB owner can do to help:
- The first step you need to take is to think like the hackers. Ask yourself: Who are my adversaries? Are they after my intellectual property and trade secrets? Do they want my customers’ credit-card information? Or do they view my business as the weak link in some larger application? This exercise can help you see where your vulnerabilities lie and also help you understand which measures you can take to protect your software.
- Make sure your code is clean. Many commercial applications use open-source code as components. The National Institute of Standards and Technology’s National Vulnerability Database discloses more than 4,000 vulnerabilities in these components. Security software companies, can help you identify and fix any problems with your applications’ source code.
- Outsource your security operation. While most small organizations can’t afford to build sophisticated IT security systems, has the scale and know-how to protect your operations and sensitive data.
At Net Works we have the knowledge base and the commitment to service to ensure that your IT security is up to date. We offer best in class cybersecurity protection. Unlike other managed service providers who rely on point of service solutions; we employ Unified Threat Management, an all in one security solution. UTM is a fully integrated, multifaceted approach to protect against network threats. Your IT infrastructure is too important to settle for a less than optimal cybersecurity plan. Contact us today to get started on your cyber security audit. Don’t take a chance and go it alone, get Net Works in your corner. Verizon Data Breach Investigations Report 2012. 2012 Accessed April 20, 2016
The holidays are traditionally a season to enjoy time with friends and family, to exchange gifts, and to cheerily overindulge in food and drink. Unfortunately, there are Grinches out there that will do everything they can to spoil your holidays with ransomware and other threats.
Ransomware has become one of the most widespread and damaging threats that Internet users face. Since the infamous CryptoLocker first appeared in 2013, we’ve seen a new era of file-encrypting ransomware variants delivered through spam messages and exploit kits, extorting money from home users and businesses alike.
The current wave of ransomware families can have their roots traced back to the early days of fake antivirus, through Locker variants and finally to the file-encrypting variants that are prevalent today. Each distinct category of malware has shared a common goal – to extort money from victims through social engineering and outright intimidation.
Once all the files are encrypted, the ransomware displays ransom notes which give instructions about how to make payment. The text content is hardcoded in the binary itself and adds generated Tor links and user-specific ID to it. The identifier generated by the command and control server is unique to the infected user, in order to identify the user machine.
The same ransom demand text is written into several files with “DECRYPT_INSTRUCTIONS” in their file names, and is displayed in three different applications – the web browser, a text file and a png in the image viewer, as shown in the figures below.
NetWorks uses Sophos solutions to protect against CryptoWall and other ransomware and malware attacks.
If you suspect you’ve been compromised by ransomware, you can remove the malware using Sophos’ Free Virus Removal Tool. Sadly, there’s not much you can do to get your files back except to pay the ransom – the encryption is too strong to crack.
Apart from having your antivirus up to date, there are additional system changes to help prevent or disarm ransomware infections that a user can apply.
1. Back up your files.
The best way to ensure you do not lose your files to ransomware is to back them up regularly. Storing your backup separately is also key – as discussed, some ransomware variants delete Windows shadow copies of files as a further tactic to prevent your recovery, so you need to store your backup offline.
2. Apply windows and other software updates regularly.
Keep your system and applications up to date. This gives you the best chance to avoid your system being exploited using drive-by download attacks and software (particularly Adobe Flash, Microsoft Silverlight, Web Browser, etc.) vulnerabilities which are known for installing ransomware.
3. Avoid clicking untrusted email links or opening unsolicited email attachments.
Most ransomware arrives via spam email either by clicking the links or as attachments. Having a good email anti-virus scanner would also proactively block compromised or malicious website links or binary attachments that lead to ransomware.
4. Disable ActiveX content in Microsoft Office applications such as Word, Excel, etc.
We’ve seen many malicious documents that contain macros which can further download ransomware silently in the background.
5. Install a firewall, block Tor and I2P, and restrict to specific ports.
Preventing the malware from reaching its call-home server via the network can disarm an active ransomware variant. As such, blocking connections to I2P or Tor servers via a firewall is an effective measure.
6. Disable remote desktop connections.
Disable remote desktop connections if they are not required in your environment, so that malicious authors cannot access your machine remotely.
7. Block binaries running from %APPDATA% and %TEMP% paths.
Most of the ransomware files are dropped and executed from these locations, so blocking execution would prevent the ransomware from running.
Our partner, SophosLabs, has published new research examining the recent evolution in file-encrypting ransomware, in their paper titled The Current State of Ransomware. They look at the most prevalent variants including CryptoWall, TorrentLocker, CTB-Locker and TeslaCrypt – as well more obscure variants that employ novel or interesting techniques.