email

IT Security in the News

IT SecurityWe are following three IT Security news stories that have gained mainstream attention. Today on the blog we are going to re-cap all three stories, and talk about what they mean for the IT world

Garmin pays up

Garmin is still recovering from the ransomware attack we talked about on last week’s blog, you can read it here. The company reportedly received a decryption key, meaning some sort of ransom was paid. The original ransom demanded by the hackers was 10 million dollars, but Garmin has not acknowledged the ransom publicly. A week and a half since the attack, device users are still having issues related to the services taken offline.

This attack is an example of why it’s important to have a quality backup solution, and an incident response plan. When Garmin was attacked, they had to take all services offline, which included phone, email, and chat support. Not only did they have to disrupt the service they provide, but they also had no way to communicate with customers other than statements on Twitter.

Follow-up on massive Twitter hack

Twitter released more information about the hack that compromised many high profile accounts. They are citing a mobile spearphishing attack on employees as the cause. Twitter says employees were compromised, allowing hackers to access internal company tools. Twitter made a point to say, the employees who were compromised were not in a position to access the tools needed for the attack. Criminals used the information they had on some employees to attack more technical employees and gain access to the tools needed. In part of their statement Twitter said, “This was a striking reminder of how important each person on our team is in protecting our service.”

We couldn’t have said it better. As Jack always says, your employees can be your biggest asset, or your biggest liability. This is also a reminder that it’s not just the employees who are working in the IT department who are important. Any infiltration of the company systems can lead to an attack on the database or system tools.

Microsoft to buy TikTok

TikTok has been under increased scrutiny since Amazon “mistakenly” told all of its employees to delete the app. You can read our blog post , ‘Is TikTok Safe?’ Here. The US government has continued to talk about banning the app in the US since this new publicity. Over the weekend it was reported Microsoft is looking into buying TikTok for the US, Canada, Australia, and New Zealand markets. Microsoft has vowed to make data security their number one priority. They have until September 15th to complete the deal. Investment organizations are predicting the deal could be in the 50 billion dollar range.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Recent Posts

Ransomware Attack on Garmin

Garmin services still down after ransomware attack last week.

The Kansas based GPS maker experienced a ransomware attack, resulting in outages for users. When the attack was discovered Thursday morning, it appears Garmin took all services offline to contain the spread of the attack. The event also affected call centers, email, and online chat, so currently the company has no way to support their customers. Garmin says customer data was not compromised. Many outdoor adventure types rely on Garmin systems. Garmin makes specific equipment for divers, mountaineers, pilots, and marine vessels.

Garmin’s largest product category are fitness watches and computers. They make advanced cycling computers, as well as running, swimming, and golf specific sport watches. Users are currently not able to upload their activity data to the Garmin server, which then connects to other fitness tracking apps. Garmin also makes aeronautical software for iPad and Android tablets. Pilots are reporting they are not able to download flight plans, or the aviation database from Garmin servers. An up-to-date aviation database is required for flight by the FAA, so pilots who only use Garmin software to fly are currently grounded. Garmin also makes emergency devices for adventurers far from cell towers. Users can send for help, and also communicate through satellite services. Garmin says these emergency devices are still operational.

The ransomware WastedLocker is believed to be behind the attack. This form of ransomware is attributed to a hacking group based in Russia, appropriately named, Evil Corp. The ransomware encrypts servers and adds “wasted” to the end of the file name to leave their mark. Evil Corp has increased ransomware attacks since May, targeting large US companies with the new WastedLocker ransomware. Other outlets are reporting the criminals are asking a 10 million dollar ransom. Only Monday, did Garmin admit the outage was due to ransomware, but have not publicly responded to the ransom. Systems began to come back online throughout the day Monday, but Garmin says it will take some time to get all features back to normal.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Information Security, Recent Posts

Cyber Insurance Checklist

Cyber Insurance is a quickly changing market. Because this a dynamic market, not all agents stay current in the product offerings. It is important to work with an agent who has training in cyber insurance! Below is a checklist of some key factors to consider when purchasing a Cyber Insurance Policy.

Examples

To help understand possible coverage issues, consider these examples:

Wire Fraud: Will you have coverage if an email is intercepted and you wire funds to a criminal, vs. your vendor? This does not represent theft, the fact that you authorized the wire to a criminal is an authorized act. In the last blog I mentioned definitions, it is important to understand terms such as theft, phishing, etc.

Work from Home: Many companies have rushed into work from home modes. A few concerns are, do you have coverage for employees using personal devices to connect to the company network? The conditions section of a policy typically requires all systems to run currently supported operating systems, be properly patched, and current malware solutions installed. If your employees are working from home, and have been for a few months now, are you sure the systems still meet the required conditions of the insurance policy you signed?

Your Company

Does your policy cover damage done by employee owned equipment connected to your network or systems used in your work from home program?

What are the requirements to be eligible for coverage? What organizational measures must you have in place to qualify for the policy? Examples: Security Awareness Training, Incident Response Plan, or an Information Security Policy.

What requirements must be followed for a claim to be covered? Examples: Time frame to report an incident, customers must be notified of an incident, or insurer must be involved in ransomware negotiations.

What parts of the business does the cyber insurance policy cover? Do subsidiaries or branches need to be named specifically in the policy?

What are the parameters around workstations? Does the policy refuse to cover workstations that are not patched and updated?

Cyber Insurance Policy

Is the cyber insurance policy separate from other insurance you already have? Cyber insurance dependent on a current policy could limit coverage.

Is there a waiting period for policy to take effect after contract is signed?

What types of data breaches are covered under the policy? Are there parameters around how the data was stolen for the policy to cover loss?

If a ransom is paid, will the policy reimburse the payment? Are there limits or parameters on ransom payment?

What is covered in a Phishing attack? Some policies have specific language around social engineering attacks, what is covered, and financial limits to these types of attacks.

Does the policy cover

  • Security breaches within your organization?
  • Other companies you work with who process your data? Could be suppliers or vendors.
  • Data loss due to employee misconduct?
  • Acts of terrorism, acts of nation states, or purely international incidents?
  • Data loss due to malware?
  • Defacement of public facing website?
  • Damages to a third party if your systems are taken over and used to hack other companies or individuals?
  • Loss of earnings due to data, systems, or website being inaccessible?
  • Any incident that exposes information, be that confidential or protected?
  • Only data that is encrypted, or all data?
  • Fines, sanctions, and penalties incurred by a regulatory agency?
  • Expenses associated with legal or forensic work done after an incident?
  • Cost of litigation, legal defense, and/ or cost associated with regulatory inquiries?
  • Costs associated with affected customers? These could be customer notification, payment to affected individuals, and/ or coverage for settlements, damages, and judgements.

Insurance Company

Is the insurance provider accessible via phone 24/7/365?

Are there parameters in place that would increase insurance premium?

Quanexus IT Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Information Security, Recent Posts, Small Business

Cyber Insurance

While cyber insurance policies have been around since 1997, only recently have they become popular. Many companies have started offering cyber policies. Because of the explosive growth of this industry and the diversity in policy coverages, it can be difficult to understand what you are buying. While there are professional agents that have taken the time to understand cyber policies, there many more out there offering policies without understanding what the polices cover. I will be doing a webinar on this topic later this month, but here is a brief summary of some key areas.

Policies typically contain 4 to 5 sections. They are the declarations, insurance agreement, conditions, exclusions and definitions. Knowing what is covered is just as important as knowing what is not covered. I can share many sad stories of companies that had cyber insurance, thought they were covered, but were unable to collect.

To help understand coverage, or lack of coverage, here is a brief summary of one of those sad stories that happened here in the Miami Valley.

The owner of a small business had his email password compromised. The criminals continued to monitor his email account for a while. The criminals were able intercept an invoice that included wire instructions. The criminals modified the invoice and changed the account number for the wire transfer. The business typically pays their vendors via wire and everything looked like business as usual. The business paid (wired funds to the criminals account) the invoice as instructed.

The company didn’t learn of the issue until their vendor asked for payment because they had not received it. By this time, it was too late, the money was gone.

The company notified the police, and their insurance company. They were not covered for this incident because it was not considered a theft. The owner of the company authorized the payment to the criminal. The language of the policy was specific on what would be covered and not covered. Because this was an authorized payment, they were denied coverage.

I can’t stress this enough, when shopping for cyber insurance, ask lots of questions and make sure you understand your coverage. It is always best to work with a professional!

Quanexus IT Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Jack Gerbs in Cybersecurity, Information Security, Recent Posts