Cyber Security

Cyber Wellbeing

~ Garrett B. Brown ~ Leave a comment

It’s been over 6 months since my last post, and frankly the time during Covid seems to pass at warp speed! I can’t believe I’m already thinking and planning for the summer! We are making progress in the fight against Covid, vaccines are rolling out, and schools are opening, which has got me thinking more about building my business again.

But overshadowed by my new optimism and all the headlines of the election, the storming of the Capitol and Covid, the last six months have been witness to the most active and destructive cyber security events in recent history. The depth and breadth of these attacks is staggering, with implications for our economy and government. We are in a new age of cyber risk for businesses, so we all need to get better prepared to manage and guide our organizations through these new challenges and new growth. Here is just a quick list of what you may have missed…

  • SolarWinds supply chain hack, which affected 18k businesses and multiple government agencies including Microsoft, Cisco, Amazon, the US Treasury Department, Department of Commerce and many others. This hack lead to the disclosure of untold sensitive and critical data to foreign adversaries and the loss of control of critical government and business networks.
  • Microsoft Exchange hack leading to over 60,000 organizations having their email systems compromised and likely accessed by unauthorized users.
  • Accelion supply chain hack, which lead to the compromise of thousands of high profile businesses and government agencies and the disclosure of personal, privileged and sensitive information around the globe.
  • FireEye systems and data breach leading to disclosure of critical client information, which includes many Fortune 500 and government agencies and included the code to sophisticated testing and cyber espionage tools used by their offensive testing team.
  • SITA systems and data breach exposing personal and sensitive information about airline riders from over a dozen airlines.
  • BlackBaud systems and data breach compromising their systems and exposing sensitive information about donors and Not for Profits including healthcare systems, charities, universities and hospitals
  • and so many more…

To help business owners and managers understand and address these new realities, I recently penned a blog post for Ihloom, Mantra Computing’s sister cyber security business, about a new set of business skills we call Cyber Wellbeing. Like many business owners and managers, I am comfortable reviewing my businesses financial wellbeing, knowing where our revenues are, expenses, inventory, sales pipelines, etc. But most business owners and managers have no idea what their current risks are of a debilitating cyber event. What are the costs of preventing a cyber event? What are the costs of being unprepared? Will my cyber insurance cover my losses and ensure continuity of business?

My colleagues and I will be blogging on the Ihloom site and sending out related communications to continue educating business owners and managers on the concepts of business Cyber Wellbeing. If this is something that’s of interest to you, please check out the post and subscribe to our mailing list.

Like many of you, I’m excited about a post Covid rebirth. However, successfully capitalizing on this new opportunity will require being prepared. As G.I. Joe used to remind me, “Knowing is half the battle!”

Cyber Insurance, it’s worth another look for most businesses

~ Garrett B. Brown ~ Leave a comment

In the course of life I find all sorts of reasons to worry.  It really doesn’t take much to get me going.  But technology is my business and it takes a lot to shake me, but recently I’ve been shaken.  The rise of high profile and continued data breaches, the widespread and evolving threat of ransomeware and other cyber threats, it seems nothing is really safe.  Our personal, financial and social lives are all so connected to the Internet and it seems like there is no where to hide.

Is the risk real, am I really a target?

The truth is these concerns are real, not some boogieman.  They are not abstract theoretical risks and I’ve been working with clients over the last few years dealing with their impacts and helping them try to avoid them.

Some of these experiences have included the following:

  • Ransomware attacks including Cryptolocker, Locky, Cryptowall, etc. Costs involve cleanup (removing the infection), restoring lost data (either from backups and/or paying ransom) and down time caused by systems being taken offline and made inaccessible.  These costs add up ranging from a few thousand dollars to tens of thousands of dollars.
  • Online store fronts being compromised by foreign attackers who compromise sites and code to steal CC and other info.  Even in situations where these compromises take place with 3rd party services, culpability and responsibility have been murky and has caused significant cost to clients. Costs range in Notifications requirements, cleanup and due diligence, legal fees, etc. and can range from a few thousand dollars to tens of thousands of dollars.
  • Disclosure of Personal Information (Legally protected by State and Federal laws) through accidental disclosure (Laptop lost, accidental email, etc.) and from flawed 3rd party software/services that become compromised or flaws allow unauthorized access. Costs for these types of situations can range from a few thousand dollars to tens of thousands of dollars due to disclosure/notification requirements, software/service changes, legal fees, state and federal enforcement actions and potential liability implications
  • Lost funds due to Compromised/Hacked network computers and equipment caused by accidental user actions or faulty unpatched software solutions. Many times these bank funds can’t be retrieved and are lost forever.  Other costs include disruption to business, interruption to line of business resources, and other mitigating efforts.

Businesses must take these risks seriously and protect themselves like they do for any other risks. Cyber Insurance is now a real and effective tool for protecting businesses against real and significant financial losses.

What are the options and costs?

Cyber Insurance policies used to be cost prohibitive, poorly defined and confusing to understand.  However, today there are lots of good options.  A good policy should cover the below items, which are not included in Professional Liability solutions:

  • Access to or Disclosure of Nonpublic Files
  • Breach Notification and Credit Monitoring
  • Lost Business Income
  • Reputational Damage
  • Loss or Damage of Computer Systems

Costs can range starting from a couple thousand dollars for a business with a million dollars in gross revenue.

What about all the technology I’ve put in place to protect my business?

In addition to good layered security solutions including Next Generation firewalls, network/computer monitoring, security software, user training and an up-to-date Written Information Security Plan, Cyber Insurance is a good tool that all businesses should be considering.

No matter how good your protections are, mitigating all the risks is impossible.  The risks are constantly changing and Cyber Insurance is there to help fill that gap.

Garrett