Cleo File Transfer Alert | December 2024
Cleo customers could be at risk due to a critical security flaw. Here's what you need to know.
Talk our talk, then walk the walk. For even the savviest agents, business insurance can be complicated. Add in the fast-paced, frequently evolving risks of cyber, alongside new types of threat actors, and you’ve got a recipe full of tech-oriented terms that aren’t always forgiving to beginners, policyholders, or even seasoned pros.
We’re going to clear the air around all those abbreviated terms (looking at you, EDR, MFA, BEC, and DDoS) plus plenty more. Join us as we review cybersecurity, threat actors, and data breaches to understand what makes up policy terminology and beyond.
BI Coverage — like cyber risk prevention as a whole — is constantly changing. Understanding what it covers (and what it doesn’t) can save you or your client trouble. Watch for long waiting periods. These hold a company responsible for a specified period of system downtime before insurance starts paying out.
Your term of endearment for your child (canine or human) when you work from home.
The fire drills of the cybersecurity world — a necessary plan that every organization should have in the event of a catastrophic cyber attack. Following an Incident Response Plan (IRP) secures that an organization knows how to contain and recover from a threat. Some questions you’ll need to cover in your IRP: When will you contact your cyber insurer, who is in charge of what, and how will you work with vendors in the event of a breach?
Alternative career title for the mob if Waste Management is taken.
70-90% of all malicious breaches are due to social engineering tactics. Due to these losses, insurers frequently define social engineering coverage narrowly or implement sub-limits (leaving the majority of the responsibility on insured organizations to train employees against phishing attacks and phishing scams).
Happy hour in Silicon Valley.
If your cyber insurer is going to require any security measure be implemented (which they probably will!) you can bet it’ll start with MFA. As a relatively affordable option, it’s a security control with a massive bang for your buck. It helps protect against unauthorized access, data breaches, and password-based cyberattacks. Think of it like a form of data protection insurance!
A college student showing their older sister’s ID with her old credit card, too.
Cyber attacks continue to get more sophisticated, which means Antivirus (AV) technology doesn’t cut it anymore. While original AV is useful for personal computers, it is really only effective at catching generic malware. Most businesses face more advanced risks. EDR offers “Flight Recorder” technology that tracks activity on the system before and after an alert to clearly identify what malicious activity occurred on the system (and provides the tools to isolate impacted areas). This is useful for when forensic teams are piecing together a full picture of the attack.
How they shot down the Death Star.
Patching matters. What may seem like a tedious or inconsequential chore for the IT team can be your frontline defense against threat actors targeting vulnerable organizations. For example, consider the Microsoft Exchange vulnerability discovered last year, where threat actors targeted a zero-day exploit — with a whopping 170,000 unpatched systems in the wild — leaving organizations open to ransomware attacks. Keeping your software as up-to-date as possible can protect against threat actors seeking an easy entrance to your operating systems.
A quilt made of the coziest sweatshirts from every startup you’ve worked for.
In this context, this includes the extraction or gathering of data from a computer or network to determine whether there was an intrusion, how it occurred, when it occurred, who the intruder was, and what information they accessed.
If an organization experiences a ransomware attack, they should expect that one of the first vendors they’ll work with is a forensics team. As data consumption experts, they’ll gather all information that is available to them to paint a picture of the attack from start to finish.
[ 🎵 Who Are You by The Who plays 🎵 ].
Through targeting individuals — whether with stolen credentials or through impersonation — threat actors seek access to a business email account. This can act as a golden ticket to sway victims to believe they are working with someone they trust and typically ends with financial gain through the transfer of funds to an attacker-controlled bank account. Educating employees on telltale signs of BEC attacks (through phishing education) can be the best way to prevent cybercriminals from succeeding.
Getting your point across with two exclamation points instead of three.
Distributed denial-of-service attacks incorporate an army of systems that coordinate an overwhelming amount of network traffic (think advanced persistent threats) to one target.
DDoS attacks are a popular choice for threat actors and hacktivists alike. They’re relatively easy and cheap to accomplish, as they don’t require breaching a security perimeter. While attacks can be crippling on their own, they may be used in association with a ransomware attack to overwhelm victims. A well-timed attack can stall remediation efforts and create further confusion.
Being banned from every stop on the bar crawl.