July Risk Roundup: The conundrum of underwriting and protecting your organization’s data
Data is a fundamental component of cybersecurity. The cyber market is tightening as carriers struggle to price their capacity, and organizations question precisely how much risk they have. To mitigate risk, testing and verifying the usability of your backup data is crucial while spotting phishing attempts, an ever-present security threat, may get a little easier, thanks to Google.
1. Don’t wanna pay ransom gangs? Test your backups
Backing up data without testing to make sure you can recover it in a reasonable timeframe, known as recovery time objective or RTO, is virtually a guarantee that you won’t be able to recover before your business goes bust. The period between falling victim to a cyber attack and restoration via backups is known as maximum tolerable downtime or MTD. A simple equation is RTO < MTD, otherwise you’re just wasting money on backups – Aaron Kraus, Security Engagement Manager
2. Google’s new Gmail security feature could save you from phishing attacks
Verified brand indicators in Gmail solves a ton of phishing issues. Even security pros can be tripped up by a convincing-looking phishing attempt if we’re too busy to do a deep dive on a particular message. – Aaron Kraus, Security Engagement Manager
3. How the cyber threat landscape is evolving
With the immediate monetization of the crime through the use of ransomware, threat actors don’t need to focus on the sale of high-value personal information anymore. Instead, they can attack any entity with vulnerabilities and receive an immediate reward for their crime, all through ransom. It is no longer just healthcare at risk, every company, in every industry, is susceptible. – Catherine Lyle, Head of Claims
4. Cyber-risk data gap threatens insurance offerings
The error in the insurance industry is relying on information that “companies provide to insurance underwriters [which] is often given only verbally during an underwriting meeting.” Our differentiated underwriting capabilities and unique risk management offerings have established us as an industry leader in the cyber insurance market. Coalition focuses on a company’s use of riskier remote connection technologies and unpatched vulnerabilities that we know attackers are targeting. – Catherine Lyle, Head of Claims
If you enjoyed this post be sure to check our blog weekly; the Risk Roundup runs Friday mornings in addition to more enlightening content we post related to the ever-evolving landscape of digital risk. Follow us on Twitter (@SolveCyberRisk) and LinkedIn (Coalition Inc). If you have any suggestions for content that we should be adding to our reading list, let us know!
Related blog posts
Palo Alto Networks: Patch Available for PAN-OS Zero-day
A patch is now available for a command injection zero-day vulnerability impacting Palo Alto Networks PAN-OS. Learn what actions you need to take.
LockBit Ransomware Used in Exploitation of ConnectWise ScreenConnect
Coalition Incident Response has discovered a link between the LockBit ransomware gang and the ConnectWise ScreenConnect vulnerabilities.
MFA Bypass Attacks: Weak MFA Implementation Welcomes Intrusion
Threat actors are increasingly targeting multi-factor authentication (MFA). Learn the most effective types of MFA and how to avoid MFA bypass attacks.
