How to Meet Cybersecurity Insurance Requirements

/in , ,

As cyber threats grow increasingly sophisticated, qualifying for cybersecurity insurance has become more demanding. Insurers now require companies to implement stringent security measures to reduce the likelihood of breaches and ensure they’re adequately protected. However, deciphering these requirements can be challenging, especially if you’re unsure where to begin.

A smart first step is to seek an unbiased third-party cybersecurity assessment. This type of evaluation offers an expert overview of your current defenses, helping you pinpoint areas that need strengthening and ensuring you’re on track to meet insurer expectations.

1. Why is Multi-Factor Authentication (MFA) Required for Cybersecurity Insurance?

As cyber threats evolve, passwords alone are no longer enough. Insurers now mandate Multi-Factor Authentication (MFA) as a key requirement to protect sensitive systems. This extra layer of security helps verify user identities, reducing the risk of unauthorized access. Implementing MFA across all critical systems—especially for privileged accounts—is crucial for meeting insurance requirements and strengthening your overall security.

2. What is Endpoint Detection and Response (EDR) and Why Do Insurance Companies Require It?

Cybersecurity insurers expect organizations to have advanced defenses in place, especially at the endpoint level. Endpoint Detection and Response (EDR) tools like CrowdStrike and SentinelOne monitor devices in real-time, detecting and responding to potential threats before they cause damage. EDR is now a common insurance requirement because it minimizes the chances of a successful cyberattack, particularly in remote or distributed work environments.

3. How Often Do You Need Security Assessments and Penetration Testing?

To qualify for insurance, companies must conduct regular security assessments and penetration testing. These proactive measures identify vulnerabilities in your systems before cybercriminals can exploit them. Many insurers require assessments at least annually, with more frequent tests recommended for high-risk industries. By maintaining an up-to-date vulnerability management strategy, you’ll not only comply with insurance requirements but also fortify your defenses.

4. Why Cybersecurity Insurance Requires Employee Training Programs

Employee cybersecurity training is another non-negotiable requirement for insurers. Human error, such as falling for phishing scams or weak password practices, is a major vulnerability in any organization. Insurance companies look for robust training programs that educate employees on recognizing threats like phishing and social engineering. By empowering your team with the knowledge to spot and avoid common cyber risks, you can significantly reduce your threat exposure and satisfy insurance mandates.

5. Do You Need a Data Backup and Disaster Recovery Plan for Cyber Insurance?

Data backups and disaster recovery plans are vital for organizations facing ransomware or other catastrophic events. Insurers require these solutions to ensure businesses can recover quickly from a data breach or ransomware attack, minimizing downtime and data loss. Providers like Rubrik offer cloud-based backup solutions that meet stringent insurance standards, giving organizations peace of mind knowing they’re prepared for worst-case scenarios.

6. What is a SIEM and Why is It Required

A Security Information and Event Management (SIEM) system helps organizations detect and respond to security incidents in real time. Insurers often require SIEM solutions like Wazuh, as they provide continuous monitoring and alert businesses to any suspicious activities within their networks. SIEM not only helps you meet insurance requirements but also strengthens your ability to respond quickly to emerging threats.

7. Firewalls Still Required

Firewalls remain a critical component of any organization’s cybersecurity infrastructure, and insurers continue to list them as a requirement. However, it’s no longer enough to have a basic firewall; insurers want to see advanced firewalls that protect both the perimeter and internal segments of your network. Ensuring your firewall is configured correctly and updated regularly can satisfy this core insurance requirement.

8. Why Identity and Access Management (IAM) is Important

Managing who can access your sensitive data is crucial for reducing insider threats. Identity and Access Management (IAM) solutions like Okta help organizations control user access to critical systems and data, ensuring that only authorized personnel can reach sensitive information. Insurers require strong IAM practices as part of their cybersecurity insurance qualifications to minimize unauthorized access and potential data breaches.

9. How Often Should You Patch Systems

Cyber insurers expect companies to stay vigilant about patching known vulnerabilities. Patch management involves regularly updating all systems, software, and applications to ensure they are protected from newly discovered threats. Failing to patch systems promptly can leave your organization exposed and may even void your cybersecurity insurance policy in the event of a breach.

10. What Should Be Included in a Cybersecurity Incident Response Plan for Insurance?

An incident response plan is a requirement for nearly all cybersecurity insurance policies. This plan outlines how your organization will respond to and recover from a security breach. To meet insurance standards, your incident response plan must be detailed, regularly updated, and tested frequently. It should include steps for identifying, containing, and mitigating cyberattacks, as well as guidelines for notifying affected parties and reporting to relevant authorities.

11. Do Cyber Insurance Policies Require Data Encryption?

Yes, most cyber insurance policies now require encryption for sensitive data, both in transit and at rest. Encrypting data ensures that even if attackers gain access, they won’t be able to read or misuse the information. This essential layer of protection is a must for insurers, as it significantly reduces the impact of a data breach.

12. How to Manage Third-Party Risk for Cybersecurity Insurance Compliance

Your organization is only as secure as your weakest third-party vendor. Cyber insurance policies now require businesses to implement third-party risk management programs that assess and mitigate risks posed by vendors, partners, or service providers. This step ensures that external parties don’t introduce vulnerabilities into your network. Many insurers will demand proof that you have evaluated your third-party vendors’ security measures as part of their coverage requirements.

How to Ensure Your Business Meets Cybersecurity Insurance Requirements

Navigating the increasingly complex world of cybersecurity insurance can feel overwhelming, but by addressing these key requirements, your business can not only secure coverage but also significantly enhance its cybersecurity defenses.

If your organization is struggling to check all the boxes for insurance qualification, our cybersecurity experts are here to guide you through the process. From implementing MFA and EDR to developing incident response plans and training employees, we have the expertise to help you meet—and exceed—insurance requirements.

Ready to improve your security and qualify for cyber insurance? Book a quick call with us today to learn how we can help your organization achieve compliance and protect your business from cyber threats.

Triple Threat Assessment Case Study: Sherman County, Kansas

/in , ,

Defense-in-Depth Mindset Leads Sherman County to Threat Assessment

Sherman County, Kansas, faced a critical need to modernize and secure its IT infrastructure across multiple facilities, including the courthouse, sheriff’s office, health department, and 911 dispatch services. To tackle this, the county’s Director of IT, Eric Albright, led an initiative to implement a unified, defense-in-depth cybersecurity strategy that would provide comprehensive protection for their network.

Eric had been keeping a close eye on the U.S. Cybersecurity and Infrastructure Security Agency (CISA) guidelines, particularly the Cross-Sector Cybersecurity Performance Goals (CPGs), which emphasize the necessity of third-party evaluations to strengthen security posture. Despite having internal systems like IDS and IPS in place, Eric understood that even the most robust systems need external validation.

Eric’s Perspective

“One of my top concerns was that we didn’t have full visibility into our network traffic,” Eric explained. “Even though we had great systems in place, you just don’t know what you don’t know. Trinsio’s analysis gave us the information we needed to address gaps we didn’t even know we had.”

Eric sought out third-party assistance to help identify vulnerabilities that may have gone unnoticed and to ensure the county’s network was fully secure. His search led him to Trinsio, a trusted provider of no-cost threat assessments for local governments, healthcare institutions, and schools.

Enhancing Security with an External Perspective

Trinsio’s approach appealed to Eric because it didn’t require access to sensitive internal data or administrative privileges. Following a brief consultation, Eric provided Trinsio’s team with non-sensitive public firewall log files. From there, the cybersecurity team at Trinsio conducted a deep analysis of incoming AND outgoing traffic using more than 50 cyber intelligence feeds from around the globe.

The results were staggering: millions of traffic requests from known malicious IP addresses had bypassed Sherman County’s next-generation firewalls. Despite the county’s adherence to industry best practices, these threats continued to evade detection.

The Solution

Trinsio recommended cost-effective solutions that integrated seamlessly with Sherman County’s existing infrastructure, allowing Eric to deploy additional layers of security without disrupting day-to-day operations or requiring new hardware. These new measures enabled the county to block malicious traffic before it reached the firewall and prevent harmful outgoing traffic.

“It’s really comforting to have things in place now that block malicious traffic before it even reaches our firewalls,” said Eric. “We’ve enhanced our security with simple, budget-friendly measures that offer an additional layer of protection.”

Results

  • Millions of malicious traffic requests identified and blocked
  • Enhanced visibility into network traffic
  • Seamless integration with existing systems without additional hardware
  • Implementation of advanced cybersecurity measures beyond the firewall
  • Cost-effective solutions tailored to the county’s budget

Challenges

  • Legacy hardware and disparate systems across county facilities
  • Lack of visibility into network traffic
  • Ensuring compliance with CISA’s Cross-Sector Cybersecurity Performance Goals (CPGs)

A Proactive Cyber Security Strategy For HIPAA Security Rule Administrative Safeguards

/in , ,

Is Your Organization Protected from the Next Large-Scale Coordinated Cyberattack?

Beginning in 2020, the Federal Bureau of Investigation (FBI) reported a dramatic and sustained increase in the number of complaints to its Internet Crime Complaint Center (IC3) indicating cybersecurity attacks almost doubled between 2019 and 2020 with a total increase of 300% spanning the previous decade.

During that same time of alarming growth in cybersecurity attacks, in 2020 alone more than $4.2 billion was reported to the FBI in total lost revenue resulting from cybersecurity attacks inside the United States of America. The latest data from 2022 now reports $10.3 billion lost.

Beginning in June of 2023, the number of ransomware attacks more than doubled compared to June of 2022.

This spike in cybersecurity breaches was attributed to one of the largest coordinated cyberattacks in recent history. Russia-linked ransomware syndicate, CLOP, exploited a vulnerability in MOVEit, a widely used file transfer software, to distribute ransomware leading to widespread system disruptions and data loss spanning hundreds of organizations.

As of August 2023, more than 500 organizations and 36 million individuals have been impacted including healthcare facilities, Federal Government agencies, state and local governments, small and large businesses, and school districts of all sizes.

Health IT Security recently reported that MOVEit-related breaches compromised the electronic protected health information (ePHI) of millions of Americans.

To help combat the recent explosion in cybersecurity attacks, in July of 2022 the National Institute of Standards and Technology (NIST) released a Special Publication (NIST SP 800-66r2 ipd) titled, “Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule: A Cybersecurity Resource Guide.”

The publication serves as the latest set of guidelines to aid organizations in complying with the HIPAA Security Rule (a published set of requirements and standards for protecting ePHI from the U.S. Department of Health and Human Services).

The HIPAA Security Rule requires covered entities to maintain reasonable and appropriate administrative, technical, and physical safeguards for protecting ePHI. Specifically, covered entities must:

  1. Ensure the confidentiality, integrity, and availability of all ePHI they create, receive, maintain or transmit
  2. Identify and protect against reasonably anticipated threats to the security or integrity of the information
  3. Protect against reasonably anticipated, impermissible uses or disclosures
  4. Ensure compliance by their workforce

This cybersecurity report from Trinsio documents an emerging trend in cyberattack prevention that combines new proactive technologies to complement your existing reactive measures offered by next-generation firewall vendors.

A Proactive-Plus-Reactive Strategy Supports HIPAA Security Rule Compliance Within NIST’s Cybersecurity Framework

Let’s examine popular solutions that combine both reactive and proactive strategies leading to better overall network cybersecurity protection.

 

Reactive Solutions Inside Your Network

 

Endpoint Detection and Response (EDR)

EDR involves an endpoint security solution that continuously monitors your end-user devices. EDR can detect and often respond to threats including ransomware and malware. Analyst firm, Gartner, defines EDR as a solution that, “records and stores endpoint-system-level behaviors, uses various data analytics techniques to detect suspicious system behavior, provides contextual information, blocks malicious activity, and provides remediation suggestions to restore affected systems.”

 

Extended Detection and Response (XDR)

XDR is an evolution of EDR. XDR extends beyond endpoint detection offering advanced detection, analytics, and responses across your endpoints, networks, servers, cloud workloads, and other systems. XDR provides a more unified view that includes threat detection, alerts, detailed analysis, and quickly deployed responses to threats.

 

Security Information and Event Management (SIEM)

SIEM is an approach to security management combining security information management (SIM) and security event management (SEM) functions into one security management system. SIEM systems are designed to collect data from multiple sources, identify abnormalities, then take appropriate action. When an alert is triggered, the SIEM system typically logs information on the alert and instructs other security controls to stop the triggered activity’s progress.

 

Managed Detection and Response (MDR)

MDR services combine technology and human expertise to perform threat detection, monitoring, and response. A benefit of MDR is it helps quickly identify a threat then reduce the impact of that threat using less human interaction and therefore has a greater impact within organizations with smaller IT departments.

 

Proactive Solutions Outside Your Network

Proactive solutions sit in front of your firewall to provide an additional layer of security on top of existing firewalls, MDR, EDR, XDR, and SIEM solutions. Proactive solutions are becoming popular because they add a significant amount of additional security without requiring you to modify or rip-and-replace anything you already have purchased and deployed to protect your network.

 

Threat-Blocking-as-a-Service (TBaaS)

Most proactive solutions are Active Defense with real-time Threat Intelligence platforms that fall into the Threat-Blocking-as-a-Service category. A TBaaS deployment is quick and painless as you simply place a small preconfigured appliance in front of your firewall then subscribe to the TBaaS service which automatically does the vast majority of the work for you (all within your predetermined budget and protection level).

A TBaaS solution is similar to a blacklisting solution. However, TBaaS services are typically managed by the vendor to automatically and continually update your solution with multiple source lists (up to 50) noting millions of malicious IP addresses curated by the broader cyberintelligence community.

The main advantage of a TBaaS solution is it will comprehensively block a much greater volume of threats from bad actors since it doesn’t rely on a single-sourced blacklist from a firewall vendor.

Your TBaaS deployment can be configured to block outbound traffic in addition to inbound traffic if desired giving you another line of defense if any malicious code manages to slip into your network. For example, if an already existing piece of malware attempts to pull its payload from an external server on the internet, that outgoing request can automatically be blocked by the TBaaS service. A

t Trinsio, we often find upwards of 80% of the total inbound traffic hitting an organization’s firewall is malicious in nature. A recent Trinsio network threat assessment for a rural county government exposed more than 10 million external and internal threats from 108 different countries around the planet – all during a 24-hour period. A TBaaS solution not only provides an additional layer of security, but also improves your firewall’s efficiency by dramatically reducing the amount of traffic your firewall needs to inspect.

Trinsio Analysis: The Cost of A Proactive-Plus-Reactive Strategy

Trinsio finds that adding a proactive TBaaS component to your existing reactive next-generation firewall hardware and software subscriptions on average increases your network security spend by approximately 20 percent.

A Comprehensive Guide to Network Threat Assessments

/in , ,

Safeguarding sensitive information and ensuring uninterrupted business operations have become paramount concerns for organizations across all industries. 

As cyber threats continue to grow in sophistication and frequency, the need for proactive security measures — in addition to existing reactive security measures already in place — has never been more critical. 

One such measure that has gained prominence in recent years is a network threat assessment (NTA). Let’s dive into the intricacies of NTAs, exploring their importance, the process involved, and the benefits they offer to organizations seeking to fortify their cyber defenses.

 

What is a Network Threat Assessment?

At its core, a network threat assessment is a systematic evaluation of an organization’s network infrastructure to identify vulnerabilities, assess potential risks, and recommend mitigation strategies. It involves a thorough examination of hardware, software, configurations, policies, and procedures to uncover weaknesses that could be exploited by malicious actors.

NTAs are often conducted by experienced cybersecurity professionals or specialized firms with expertise in penetration testing and vulnerability assessment. These experts employ a variety of tools and techniques to simulate real-world attack scenarios, probing the network for entry points and assessing its resilience against various threats.

 

Non-Invasive Approach: No Risk to Your Network

One of the key advantages of modern network threat assessments is their non-invasive nature. Unlike traditional penetration testing, which often involves actively exploiting vulnerabilities, modern NTAs prioritize the safety and integrity of the client’s network.

Through the use of sophisticated scanning tools and careful testing methodologies, cybersecurity professionals can thoroughly assess a network’s security posture without causing any disruption or risk to its operations. This approach allows organizations to gain valuable insights into their vulnerabilities without compromising the confidentiality, integrity, or availability of their data and systems.

Without requiring access to — or visibility into your network or assets — Trinsio’s complimentary network threat assessment will identify and classify potential threats empowering you to take action.

 

What Organizations Can Expect from a Network Threat Assessment

The benefits of conducting a network threat assessment extend beyond simply identifying vulnerabilities. Organizations can expect to gain a deeper understanding of their overall security posture, enabling them to make informed decisions about resource allocation and risk mitigation strategies.

Some of the key benefits include:

  • Enhanced Security: By identifying and addressing vulnerabilities, organizations can significantly reduce their risk of cyber attacks and data breaches.
  • Improved Compliance: NTAs help organizations meet regulatory requirements and industry standards, demonstrating a commitment to security best practices.
  • Prioritized Security Investments: By understanding the most critical risks, organizations can prioritize security investments, ensuring that resources are used most effectively.
  • Increased Confidence: A comprehensive NTA provides stakeholders with confidence in the organization’s security posture, reassuring customers, partners, and investors.

 

The Importance of Network Threat Assessments

Sadly, today no organization is immune to cyber threats. From small businesses, to local governments, to multinational corporations, every entity that relies on digital technology is a potential target. 

Network threat assessments play a pivotal role in identifying and addressing vulnerabilities before they can be exploited by attackers.

By proactively identifying weaknesses in the network infrastructure, organizations can take steps to mitigate risks and prevent costly data breaches, service disruptions, and reputation damage. NTAs also enable organizations to prioritize security investments, focusing resources on areas that pose the greatest risk.

 

The Network Threat Assessment Process

While the specific steps involved in a network threat assessment may vary depending on the organization’s size, complexity, and industry, the general process typically follows a structured approach:

  1. Planning and Scoping: The first step involves defining the scope of the assessment, identifying critical assets, and establishing objectives. This helps ensure that the assessment is tailored to the organization’s specific needs and priorities.
  2. Information Gathering: This phase entails collecting relevant information about the organization’s network infrastructure, security policies, and firewall logs.
  3. Vulnerability Scanning: Automated tools are used to scan the network for known vulnerabilities in operating systems, applications, and network devices. This step helps identify low-hanging fruit that could be easily exploited by attackers.
  4. Penetration Testing: Experienced testers attempt to exploit identified vulnerabilities to assess the effectiveness of existing security controls and determine the potential impact of a successful attack.
  5. Risk Assessment: The findings from vulnerability scanning and penetration testing are analyzed to assess the likelihood and potential impact of each identified risk. This step helps prioritize remediation efforts.
  6. Reporting and Recommendations: A detailed report is prepared, outlining the identified vulnerabilities, associated risks, and recommended mitigation strategies. The report may also include a prioritized action plan to address the most critical issues.

 

Get Your Free Trinsio Triple Threat Assessment Today

If your organization has not yet conducted a network threat assessment, it is time to consider taking this critical step towards a more secure future. 

With the guidance of Trinsio’s experienced cybersecurity professionals and the use of non-invasive methodologies, you can gain valuable insights into your network’s security posture without compromising its integrity.

Contact us to get started today.

Case Study: Jefferson County, Idaho

/in , ,

Third-Party Validation Threat Assessment Leads To Enhanced Cybersecurity Protections

Less than 100 miles west of Yellowstone National Park, Jefferson County, Idaho, offers scenic views and unparalleled wildlife sightseeing at either the Camas National Wildlife Refuge or Mud Lake Wildlife Management Area. The county seat, Rigby, is famous as the home of Philo Farnsworth, inventor of the first television system including both a TV receiver and camera. The region was originally founded in the mid 1800s by Pioneers trekking the Old West.

Jefferson County IT Director, Garn Herrick, had recently completed a new next-generation firewall deployment combined with additional security features from his firewall vendor. 

 However, Garn knew even the best-practices reactive measures on offer from next-generation firewalls  no longer can be assumed to be considered comprehensive protection due to the size and scope of today’s cybersecurity attacks and the fact that organizations like Jefferson County now endure almost half of all attacks – far more than any other private or public sector organization.  

 Garn was aware of the International City/County Management Association (ICMA) published report for State and Local governments entitled “A Look at Local Government Cybersecurity in 2020”, that directed small governments to better protect sensitive personally identifiable information being stored on their networks. 

 He also knew about the alarming growth of cybersecurity attacks targeting small county and municipal government networks beginning in 2020 that drove the Cybersecurity Infrastructure Security Agency (CISA) to publish its Cybersecurity Performance Goals (CPGs) recommending a variety of third-party validations available to public and private sector organizations at no cost.

 The next task on Garn’s cybersecurity action plan was to align with recent guidance from CISA on third-party validations as a method of identifying any potential gaps in cybersecurity protections through penetration tests, risk assessments, and vulnerability scans.

Like many IT professionals, Garn understood that directives from both CISA and ICMA are critical to follow, but also that the size and budget constraints of organizations like Jefferson County greatly impact their ability to prevent attacks. 

As Garn began his search for third-party validations he encountered Trinsio, a technology solutions provider who offers low and no-cost options designed to empower IT departments with tools to protect their networks and data.

A threat assessment from Trinsio identified that a large percentage of the inbound and outbound traffic to and from Jefferson County’s firewall was actually malicious in nature. This data aligned with the majority of similar threat assessments performed by Trinsio for smaller county or municipal governments, further re-enforcing the threats reported on by CISA, ICMA, and other similar groups.  It was evident by this data that the consensus across the cybersecurity community is correct, that simply deploying a next-generation firewall is no longer enough protection. 

While still a critical part of network security, a firewall’s reactive approach to dealing with threats when paired with a proactive Active Defense with Real-time Threat Intelligence solution offers a new level of cybersecurity protection for any network.

“Even with the peace of mind that came from my next-gen firewall deployment, I knew that my county’s network may not be fully protected (especially from outbound traffic that typically isn’t dealt with at the firewall level). Trinsio’s free threat assessment really opened my eyes to the large number of both incoming and outgoing threats our network was getting exposed too. I told Trinsio about my budget limitations, but they were able to quickly design and deploy an affordable, proactive solution that sits in front of my firewall blocking millions of threats before they hit my network while also blocking potentially malicious outbound traffic at the same time.”

Garn Herrick 

IT Director – Jefferson County

Trinsio’s Solution

Trinsio’s threat-blocking technology, powered by Threater’s Active Defense with Real-time Threat Intelligence, proactively protects against threats from every path in your network.  Leveraging more than 50 world-class cyber intelligence feeds, Trinsio can inspect, block, and log every known threat trying to access your network. 

Since Threater sits in front of the firewall, Jefferson County did not need to rip-and-replace any existing network gear making the process quick, easy, and cost-effective. Millions of bad actors now are being actively blocked on a daily basis before traffic ever reaches Jefferson County’s firewall providing Garn and county officials with an enhanced level of confidence in their security stack.

Results

  •  Millions of  identified threats detected
  • Significant reduction in time spent monitoring network traffic
  • Implementation of blocklist containing millions of known bad actors
  • Cost-effective solution that fit the county’s budget
    constraints and needs
  • Active defense built on real-time threat intelligence

Challenges

  • Searching for guidance on  CISA-recommended third-party validation testing services
  • Recent deployment
    of  new next-gen firewall
  • Small, rural county with limited budget.
  • Ideal target for cyber-attackers

US Trucking and Logistics Companies Fall Prey to Ransomware Gangs

/in , ,

Cybersecurity is an ever increasing necessity as ransomware attacks occur more frequently. Three companies, all a part of the transportation and logistics industry, have experienced this in the past few months. 

 

Transportation and Logistics ransomware attacks

On December 15, 2020, Forward Air, a trucking and logistics company located in Tennessee, was attacked by ransomware group Hades, which resulted in a loss of revenue. This targeted attack left the company vulnerable to further data loss and affected both their operational and information technology systems. A note found on their computer screens threatened the total loss of their data unless they complied with the instructions to follow a link to a dark website. No ransom amount was included with the initial message, only a note that the link would provide further instructions.  A week later their website was back up and they looked to be on their way to a recovery.

During that same month, another company, OmniTRAX, was attacked and had at least 70 GB stolen and leaked through a well known leak site. OmniTRAX was the first US Freight rail operator company to be targeted by this kind of cyber attack. OmniTRAX, located in Colorado,also refused to comment on the scale of the attack, however they will be inputting more cyber security measures to prevent future attacks. 

DSC Logistics, located in Illinois, was also attacked  late January of this year. As with the previous companies, they did not comment on the effects of the attack. They did not pay the ransom demanded, apparent by the company being listed on a leak site. However, due to cyber security measures already in place, the attack did minimal damage to the company, with data unknown to have been stolen.With “security practices and response measures” already in place, DSC Logistics was the most prepared for and least affected by a cyber attack (Tabak, 2021). Even so, they are also increasing their cyber security to prevent further damages.

 

Federal Bureau of Investigation taking steps to take down ransomware gangs

As evident by the location of each of these companies, the entire nation is susceptible to cyber and ransomware attacks. It is a growing concern, and one that our nation is taking steps to eliminate. The Federal Bureau of Investigation recently disrupted activities of a well known ransomware gang Emotet. They are responsible for millions of computers affected and hundreds of millions of dollars in damages. The FBI are currently working with private and public entities to stop Emotet from further destruction. 

Along with ransomware gangs, individuals involved in these gangs are being investigated. Take Sebastien Vachon-Desjardins, a Canadian indicted in Florida. From his charges in the indictment, it is supposed that Desjardins has accumulated over $25 million from cyber crime.

The Department of Justice is also actively pursuing and investigating the ransomware gang NetWalker. NetWalker’s attacks have targeted several different entities, from hospitals to universities. The FBI has seized approximately $500,000 of their ransom payments. 

No one is completely safe from ransomware attacks, as evident by these three examples. It is in your best interest to have the security measures in place that will prevent damage to your company and yourself. Do your part by increasing your cybersecurity. If you are a victim of an attack, contact your local FBI authorities and file a report. Every recorded attack helps the effort to stop cyberattacks and ransomware gangs.

New CyberEdge Cyberthreat Defense Report Shows Scary Stats

/in , ,

CyberEdge Group, a well-known marketing and research firm with a focus in technology, recently came out with the newest CyberEdge Cyberthreat Defense Report (CDR). The report surveys large companies (500 or more employees) around the world and spans 19 different industries. It reports on the companies’ relative preparedness to the rest of the survey population and the cyberthreats they encountered throughout the year. The survey is fairly comprehensive and provides a good standard on how to measure how businesses across the world are combating cybersecurity threats. 

This year’s report confirmed the prevalence of ransomware and other cyberthreats, as well as introduced new IT trends. We’ve brought to you the top five insights from this year’s report:

1. In 2020, over one-third of the organizations surveyed by CyberEdge experienced more than 6 successful cyberattacks. 2020 saw the highest percent of organizations experiencing successful cyberattacks since 2015 (80.7%). 

While the trends on cyberattacks have been scary, never before have we seen these kinds of statistics. Let’s think about what this means; on average, over one-third of the organizations surveyed fell prey to a cyberattack every two months. With that magnitude of interruptions, cyberattacks are sure to be a serious hindrance to those businesses’ ability to create new value for themselves and their customers. 

Additionally, we have seen an increase of 10 percent in the number of organizations who experienced a successful attack since 2015. With over 80 percent of those surveyed reporting that they experienced at least one attack in 2020, the chances of any business experiencing a cyberattack at least once during 2021 are only ever increasing.

2. 62% of organizations were victims of ransomware (this has been steadily rising since 2017). An increased number are paying the ransom demand, too (58% of victims, compared to 45% in 2019).

Lane Livingston, CTO and Co-Founder of Trinsio said in a recent interview, “In today’s world there are a few things that will make or break your company, regardless of your size or industry. In addition to the list you are thinking about (key employee retention, brand and reputation, sales and marketing, customer retention), an often overlooked but potentially even more devastating source of disruption and destruction is cybersecurity.

“If your IP or critical data is exposed or encrypted and held for ransom (Ransomware), what’s the impact on your business? What if that data is irretrievably lost? Two critical facts: 1, According to DHS, every business will have a cybersecurity breach within the next two years. That is everyone. 2, 70%+ of all businesses who lost critical data in a data breach or data loss scenario will go out of business within 2 years.   Prepare and plan or crash and burn.”

3. More organizations than ever are saying they are very likely to experience a cyberattack in the next year (69%). 

While the number of organizations that recognize that they are susceptible to cyberattacks has increased, it is still in question whether organizations are doing enough to turn that around. The CyberEdge DFR reported that the organizations surveyed saw lack of budget as a barrier which inhibited their organizations from adequately defending against cyberthreats. 

4. 85% of respondents said they wanted security products with machine learning and AI. 

Many of the other barriers which prevented adequate defence against cyberthreats (such as too much data to analyze, insufficient automation of threat detection and response processes could be solved with Artificial Intelligence (AI). AI as a tool against ransomware has proved to be a great asset, and this new trend suggests that companies are beginning to see that. As the threats against us get smarter, so must we! 

5. One of the biggest barriers in 2020 in cybersecurity remains the lack of available skilled professionals.

The highest ranked barrier to establishing effective cybersecurity defenses for 2020 was the lack of skilled personnel, with the next highest barrier being the low security awareness among employees. Until organizations can effectively increase the security awareness for their employees, they will be hard pressed to have an effective cybersecurity posture. As the saying goes, the chain is only as strong as its weakest link.

Want to check out more interesting security trends in 2020? Read this article. Looking for ways to improve your organization’s cybersecurity posture? Click here.

Fact or False? Breaking Down Ransomware Myths

/in

On average, every 39 seconds, cyber criminals are attacking. (University of Maryland) Ransomware is a threat to every business, organization, and industry that contains data. The destruction that ransomware attacks cause can be devastating, leaving businesses, leaders, and executives in a world of hurt. With ransomware happening at an increasing rate, there is a lot of information about ransomware that can sometimes be overwhelming. We are going to sort through the constant stream of overwhelming information to determine which statements about ransomware are FACT and which statements are FALSE.

#1 – Cyber criminals target large corporations in ransomware attacks.

FALSE! While large enterprises and organizations are not immune to ransomware attacks, cyber criminals understand the opportunity that lies beyond the big names. The small business and mid-sized markets may even be at a higher risk. In 2018, 71% of ransomware attacks targeted small businesses (Beazley Breach Response Services)

#2 – If you pay the ransom, you will get your data back.

FALSE! Although all businesses and organizations are consistently encouraged to do everything they can to NOT pay the ransom, as this only encourages the hackers’ behavior, paying the ransom has not proven to be the most reliable solution either. According to TechNewsWorld “there’s a one in five chance you won’t get your data back.” This could happen for a variety of reasons, the decryption system may fail, cybercriminals may demand more money, and they could target you again.

#3 – It has been estimated that Baltimore City has paid more than $18 million dollars trying to recover from a ransomware attack.

FACT! After the city’s computer system was hit with a ransomware infection in May of last year, the government did as is typically encouraged in these situations, and did not pay the ransom. This attack affected airports, hospitals, ATM’s, and other organizations critical to the day-to-day function of the city. Since May 2019, the city continues to put forth effort to rebuild their systems. It has been estimated that over $18 million dollars have been spent recovering from this horrific attack. (Engadget)

#4 – Most ransomware creators demand payment in cryptocurrencies, chiefly bitcoin.

FACT! There are several reasons Bitcoin has been the common payment demanded, the first of which is because it is easily accessible. Bitcoin can be purchased via an exchange using a credit card, debit card, or bank transfer. This makes it more likely for victims to pay the ransom. Bitcoin also offers anonymity which allows the attacker to take their ransom payments and continue on with their identities hidden. (Emsisoft)

#5 – Ransomware attacks are always sophisticated and specifically targeted. 

FALSE! Although some ransomware attacks may be targeted toward a specific organization, this is not always the case. Because many ransomware attacks start by the click of a suspicious link in an email, criminals will run spam email campaigns with the hope that someone will click the link and unknowingly download their ransomware.

Ransomware is not going anywhere anytime soon. Educate yourself and your staff about the risks and where your business or organization may be vulnerable to an attack. Most importantly, be prepared. Create a data backup and recovery plan to ensure you will be protected.

Trinsio provides Rubrik’s award winning data backup and recovery technology to your small businesses and organizations, giving you an opportunity to utilize the same technology used by the U.S. Department of Defense, but for a cost that can be affordable for you.

Garmin Users Suffer Post Ransomware Attack

/in

Most of Garmin’s online services were offline for over 4 days following a ransomware attack which took place last Wednesday, July 23. The services affected by the attack included Garmin Connect, flyGarmin, its website, and Customer Service connections. Not only was Garmin not able to access its data during the service outage, but customers were unable to track their runs and workouts as well as upload them.

Additionally, flyGarmin customers were unable to schedule and submit flight plans and update software. Several pilots expressed frustration on social media and aviation forums at being unable to update their software, which they are legally required by the Federal Aviation Administration to do monthly in order to use the aircraft.

The type of ransomware used in this attack was WastedLocker, a newer ransomware strain associated with the Russian hacking group Evil Corp. Evil Corp. was recently sanctioned by the US Treasury, making it illegal for Garmin (a US company) to pay the ransom directly if Evil Corp. was responsible for the attack.

Garmin was tight-lipped about the service interruption and offered few updates during the outage. On Thursday, Garmin tweeted an update, “We are currently experiencing an outage that affects Garmin Connect and as a result, the Garmin Connect website and mobile app are down at this time. This outage also affects our call centers and we are currently unable to receive any calls, emails, or online chats. We are working to resolve this issue as quickly as possible and apologize for this inconvenience.” 

Garmin also provided a set of vague FAQs and a short explanation of the cyber attack. In the message, Garmin indicated that no customer data was accessed or stolen. They commented, “We have no indication that any customer data, including payment information from Garmin Pay, was accessed, lost, or stolen.”

By Monday, July 27, Garmin had begun to restore functionality to some of their services. At this time, all Garmin services have regained at least limited functionality, with some services fully functioning. 

This latest ransomware attack on Garmin illustrates the lack of effort that fitness tracking companies have made to protect users’ data. Fitness tracking companies like Garmin are responsible for protecting the hoards of detailed health data that users collect on apps and more. The health data collected by these companies can be used for more than tracking trends in customers’ health and activities. These services also record the trends in customers’ locations like their workplaces and homes, as well as show intimate details about users. 

In 2017, the tracking app Strava gave away the location of secret US military bases when they released a data visualization map of active Strava users. Analysts with the Institute for United Conflict Analysts told the Guardian that US military bases were “clearly identifiable and mappable” from recorded activities on the released map. 

Additionally, the fact that it took Garmin over 4 days to bring back any of its services suggests that they were not adequately prepared for an attack. As a consequence, it can be assumed that Garmin lost a significant amount of revenue during the time it took to restore its online services as well as inflicted steep expenses to repair the damage from the ransomware.

Garmin could have prevented much of the damage that was done due to the extended outage if it had been prepared more adequately before the attack. For more information on how to prepare for a ransomware attack, read this article. Find out how to respond to a ransomware attack here.

Garmin is due to report its earnings today.

How did other organizations respond to ransomware attacks? Find out here.

RANSOMWARE: Coming to a Town Near You!

/in
Galt California, a small town about 25 miles from Sacramento fell victim to a ransomware attack earlier this year. After a city employee clicked on a link that was disguised as a message from another Galt City Employee, malware spread through the city’s entire system. “It encrypted critical files that knocked several key phone lines out of service, including the non-emergency number for the Galt Police Department, the emergency outage line for Public Works and the main numbers for City Hall and the finance division.” (Small Town Nearly Done Recovering from Ransomware Attack)

Thomas Haglund, the Interim City Manager said “We never had any intention of paying the ransom. We consulted with the FBI and the Department of Homeland Security who told us that even if we pay a ransom, hackers could have blatantly planted malware in a system to steal data.” 

It has now been several months since the attack, and Galt is still trying to get back on their feet. Approximately 85% of Galt’s systems have been rebuilt and restored, while the remaining 15% are currently in the process of being built. Haglund also disclosed the total incurred cost to restore the city systems is about $758,000, a large number for a small city that already has a stressed budget.

Members of the community have expressed frustration because these were “funds that could go to the schools, police, [and] more appropriate places.”

Small towns are at risk

Unfortunately, smaller locations are at particular risk because these towns typically do not have the resources or technology to protect them against ransomware attacks. 

Small governments host services that are critical to everyday life–court records, utility bills, emergency services, etc. These cities may be more likely to pay the ransom in an effort to get their systems up and running as quickly as possible. Small governments also may not have IT resources or personnel that may not understand a sophisticated cyberattack.

Move forward with confidence

The increasing news of ransomware attacks devastating small towns and cities is both frightening and overwhelming. In this day and age, whether you are as large as Las Vegas or as small as Galt, California, you are at risk for a potential ransomware attack and you need to be prepared. 

Trinsio provides data management solutions, including data backup and recovery. With immutability for ransomware, you can be sure your data will be protected in the event of an attack. We know and understand that data management may be overwhelming, especially if you are a small city that may not completely understand it. Trinsio will guide you, step-by-step, to first understand your data, then create a plan to protect it specifically tailored to you. 

As a Rubrik strategic partner, your small town or city can utilize the exact same industry leading technology that Las Vegas uses, but for a price that is affordable for you.