Follow ISA Cybersecurity on LinkedIn for the latest cybersecurity news
Weekly CyberTip: Preparing to purchase cyber insurance
Cyber insurance has fully entered a “hard market”, meaning that premiums and exclusions are rising, while underwriting rules are becoming more severe. You may not be able to find an insurer to offer coverage, and if you already have a policy, you may not be able to secure a renewal.
You can improve your odds of being able to obtain cyber insurance by maintaining a strong cyber program. Insurers have a growing checklist of “must-haves” in a customer’s environment before they will even consider offering insurance. Some of the basics include MFA, endpoint protection, a SIEM, documented security policies and procedures, and a well-tested incident response plan. Companies like ISA Cybersecurity also offer cyber insurability assessments that check for red flags in your systems that will raise concerns with insurance carriers. Look into what questions you will be asked well in advance of trying to purchase cyber insurance to give yourself adequate time to shore up your defensive posture.
New poll: 93% of Canadians concerned that their privacy rights are not being respected
On June 14, the Office of the Privacy Commissioner of Canada (OPC) released the results of a poll indicating a rise in the number of Canadians concerned about the way organizations handle their personal information.
According to the press release, 93% of Canadians expressed some level of concern about the protection of their privacy, compared to 87% in 2020. 40% of those polled “reported that they are more concerned about privacy and the protection of their personal information since the start of the pandemic.” 60% of Canadians feel that the federal government respects their privacy, in contrast to only 40% who say the same for business – both poorer results than in 2020 as well.
The poll also showed that 38% have those surveyed stopped doing business with a company or organization that experienced a privacy breach. “This is an important message for organizations in both the private and public sectors. Resources spent on protecting and promoting privacy – on creating a culture of privacy – are smart investments in the security and trust that Canadians have in organizations,” according to Privacy Commissioner Philippe Dufresne.
Government security agencies publish LockBit ransomware handbook
On June 15, seven countries (the “Five Eyes” of Canada, the U.K., Australia, New Zealand, and the United States, along with cybersecurity agencies in France and Germany), jointly published a security advisory on the CISA website providing in-depth information about the LockBit ransomware gang.
The document provides a history of the evolution of the LockBit ransomware-as-a-service platform, and statistics that illustrate the impact of LockBit criminal activities on the global stage. For example, nearly a quarter of all ransomware attacks in Canada in 2022 were attributed to LockBit.
The advisory also provides a listing of the tools, tactics, and techniques commonly used in LockBit attacks, mapped to the MITRE ATT&CK for Enterprise framework, version 13.1.
Importantly, the resource also contains an outline of appropriate mitigation strategies to reduce the risks associated with a LockBit-oriented attack. Tactics presented include steps to limit initial access; prevent execution, escalation of privilege, lateral movement, and defence evasion; and strengthening resilience through defence in depth. Tips to reduce the chance of data exfiltration and limit the impact of an attack are also documented. The advisory concludes with an extensive list of resources made available by the seven partner nations.
The Canadian government made a separate announcement on June 15, linking to the central resources on the CISA website.
Cl0P ransomware gang posts names of alleged MOVEit cyber incident victims
According to a report in Bleeping Computer, the Cl0p ransomware gang has started listing the alleged victims of the recent MOVEit cyber attacks on their dark web “leak site”. On June 14, 13 company names appeared on the portal, including the U.S. Department of Energy, the University of Georgia, Johns Hopkins University, and Shell Gas. Cl0p claims to have compromised “hundreds” of systems, though no other victims have been listed as yet. Cl0p has given a deadline of June 21 to all affected companies to either pay a ransom, or have the data allegedly exfiltrated to be released on the dark web.
ISA Cybersecurity to present at CANHEIT 2023
ISA Cybersecurity is proud to support and present at the 2023 Canadian Higher Education Information Technology (CANHEIT) Conference in Toronto, running June 19-21.
Overseen by the Canadian University Council of CIOs (CUCCIO), CANHEIT brings together IT professionals from across the Canadian post-secondary sector (universities, colleges and polytechnical institutions) to share ideas, showcase best practices and learn from each other. ISA Cybersecurity will be participating in a panel discussion entitled “Cyber Challenges & Path to a Secure Future” focused on the education sector.
June 2023 edition of Best’s Review features cyber insurance
On June 16, insurance company rating agency AM Best released a new feature on cyber insurance coverage in their monthly Best’s Review magazine. According to the press release, key areas of discussion include:
- How insurers are responding to evolving ransomware and the rise of cyberattacks;
- The cyber insurance industry rising to the challenge of international ransomware incidents;
- Systemic risk related to the lack of diversification in the cyber line; and
- How legislation banning ransomware payments could adversely affect insurers.
In the introductory essay, Michelle Chia, head of professional liability and cyber for Zurich North America, said her insurance company emphasizes proactive cyber risk management in addition to risk transfer in the form of cyber insurance. “It doesn’t really matter if you’re specifically targeted or if you’re collateral damage in an attack on another organization. If you’re doing everything you need to do to be cyber resilient, the impact is either avoided or lessened.”
Robert Parisi, head of cyber solutions, for Munich Re in North America, observed that being prepared for potential cyber incidents can help businesses that are seeking coverage. “Insurers are looking for applicants that can demonstrate resilience, not just security. It’s no longer enough to simply have a high wall or a deep moat.”
In a separate report released the same day, AM Best also reported an increase of business e-mail compromise claims in 2022, contributing to nearly 27,000 reported cyber insurance claims in the United States last year.
