Information Technology Navigator

 

The risk of a ransomware attack continues to increase at a frightening triple-digit annual growth rate. How bad is it? Bad, really bad. Businesses based in the U.S. face an 80% chance of an attack, compared to 31% chance in EMEA and 9% in the Asia-Pack region. As the attackers’ sophistication increases and cybergangs are forming, it is important to understand what the attackers are going after and how to increase your ransomware resilience.

 

Ransomware Demand and Payment Trends

•  In 2022, companies with $10 million in revenue or less had an average payout of $690,996¹
• Large enterprises (revenue of $5 billion plus) took a bigger hit, with an average $2,464,339² ransom payout
• Recent ransom demands have been as high as $30 million with payouts that have exceeded $8 million
• Threat actors are increasingly focused on extortion techniques—often layering them on top of each other
• Harassment is another extortion tactic being used in more ransomware cases. Ransomware threat actor groups will target specific individuals in the organization, often in the C-suite, with threats and unwanted communications³
• Cybercriminals threatened to leak stolen data in about 70% of ransomware cases involving negotiation in late 2022⁴
• The United States is still the most severely impacted, accounting for 42% of the observed leaks in 2022⁵
• As of late 2022, threat actors engaged in data theft in about 70% of cases compared to 40% in mid-2021⁶ 

Don’t Count on the Government for Help

Read More

A CISO Primer on Navigating Cyber Insurance

After 10+ years of working with clients to negotiate and place cyber insurance, I’ve noticed that one of the most frequent challenges has always been getting the underwriters and my client’s information security stakeholder (like a CISO or CIO) to understand each other. It’s no surprise that insurance is *gasp* slow to evolve – but in their defense, underwriters have come a long way over the last three years. It’s also no secret that being a CISO is one of the most important leadership roles within a company these days. So why are there massive communications disconnects? Why are CISO’s often ill equipped (through no fault of their own) to navigate the cyber insurance ecosystem? How are brokers and their underwriting partners not ensuring that their clients understand the coverages within cyber policies and how the insurance contracts work? How can we bring all the stakeholders in the process together to make our clients more resilient and create a sustainable cyber insurance marketplace? This blog aspires to demystify cyber insurance for all the information security stakeholders in the room so that they are best equipped to dovetail their strategy with what the insurance marketplace is looking for.

Read More

The risk of a ransomware attack continues to increase at a frightening triple-digit annual growth rate. How bad is it? Bad, really bad. Businesses based in the U.S. face a 60% chance of an attack, compared to 31% chance in EMEA and 9% in the Asia-Pack region. As the attackers’ sophistication increases and cybergangs are forming, it is important to understand what the attackers are going after and how to increase your ransomware resilience.

Ransomware Demand and Payment Trends

Read More

On February 9, 2020, Infinidat rolled out some major enhancements to its InfiniGuard enterprise data protection platform. The announcement themes revolved around enhanced data protection, faster recovery and overall cyber resilience.

Here are some key takeaways and features worth noting:

Read More

Ransomware has rapidly become the single largest cyber threat we face today and if the first half of 2021 was any indication, things are only going to get worse. Colonial Pipeline, Kia Motors, JBS Foods, Kaseya and CNA Financial have been some of the more notable, high-profile attacks this year. In the case of the Colonial Pipeline, the attack impacted over a dozen U.S. states and cost the company $5 million. Colonial Pipeline was able to recover ~$2.3M of the ransom, but that is often not the case. CNA Financial was not as fortunate and needed to pay an estimated $40 million to retrieve the encryption keys for their data. And ransom from the Kaseya attack, which impacted an estimated 800 to 1,500 businesses, is said to be in the range of $70M which would make it the largest ransom ever paid (should Kaseya decide to pay).

Read More

Properly securing assets is a constant challenge for IT. Staying one step ahead of the bad actors is a never-ending job and with a well-known shortage of IT security professionals, it’s critical that those of us responsible for protecting systems, networks and data are smart about deploying tools that will help remediate or minimize cybersecurity risks. Microsoft built Azure Security Center to help. It aligns Azure resources with Microsoft best practices to mitigate risks associated with security vulnerabilities that could lead to a breach or other security incident.

Microsoft Security Quick Facts

Read More

Secure access to email and other business productivity tools continues to be a top priority for IT administrators. Microsoft services, such as Azure Active Directory and Office 365, use OpenID Connect for authentication and OAuth 2.0 for authorization. Here’s how that process works: When Outlook connects to Exchange Online, the API requests are authorized using OAuth 2.0 Access Tokens. They are valid for one hour. When the tokens expire, the Outlook client is redirected back to Azure AD to refresh them. This provides an opportunity to re-evaluate policies for user access. If a user has been disabled in the directory or because of a Conditional Access policy, the admin might choose not to refresh the token.

Read More

To say the cybersecurity community is a buzz over the recent news of the highly-sophisticated data breaches at many U.S. government agencies this month due to vulnerabilities in the SolarWinds Orion IT management platform is an understatement. Experts believe that Russian government hackers are behind this global espionage which may have started as early as last spring. The threat actors conducted a supply chain attack on SolarWinds Orion Platform with a backdoor through a FireEye software update. The SolarWinds versions impacted are 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1. Agencies affected include the Pentagon, the Department of Homeland Security and the Department of the Treasury.

Read More

Mimecast held their 2020 Cyber Resilience Summit remotely this year covering a wide range of topics. You can read our previous blog “Mimecast Cyber Resilience Summit 2020 – Key Takeaways” for those highlights. In addition, Mimecast provided some alarming data on the pandemic threat reality that we are facing.

 

Mimecast collected 100 days of detection data from January 2020 to April 2020. The results below reveal a 36.9% INCREASE in threat detections, where the key focus of threat actors has become high volume Spam and Impersonation. Here’s the breakdown: 

Read More

 

Mimecast held their 2020 Cyber Resilience Summit remotely this year, providing some interesting updates to their suite of cyber security tools.  As a leading Email Security Gateway, Mimecast has expanded their portfolio over the last few years into a more robust and comprehensive framework that they have dubbed “Email Security 3.0”.

 

The Email Security 3.0 Framework can be broken out into three zones of protection:

Zone 1:  Perimeter – This is your traditional email delivery path and is saturated with relentless attacks.  In order to protect against these threats, Mimecast leverages their advanced Targeted Threat Protection including impersonation protection, attachment sandbox, and URL Protection.

Read More