A quick Saturday digest of cybersecurity news articles from other sources.
Companies Are Ditching Cybersecurity Insurance as Premiums Rise, Coverage Shrinks
As the CEO of a public InfoSec company, I have a variety of news sources. One of these is called “The Information” which covers in-depth tech stories usually earlier than anywhere else. Reporter Aaron Holmes just published an article that is an eye opener for sure. You saw the title and are reading this, so I think you agree. Here is a short extract and I recommend you read the whole article, link is below. It’s great budget ammo for security awareness training.
They started out with: “Can you imagine going without flood insurance if you lived alongside a river? That’s what is happening in corporate America nowadays, as skyrocketing cyber insurance premiums prompt more companies to go without traditional cyber insurance even as ransomware and other digital hacks surge.
‘Hammered With Losses due to Ransomware’
“Last year cyber insurance premiums in the U.S. spiked 74%, according to data from S&P Global Market Intelligence, even as insurers narrow what they’ll cover. As a result, some customers are balking. Major software firms and retailers have either nixed or are considering ditching cyber insurance, according to security and insurance executives.
“Banking giant JPMorgan Chase, for instance, has reduced the amount of cybersecurity insurance it buys from major underwriters, according to people with direct knowledge of the situation.
The ransomware epidemic has become so severe that…
“Cyber insurers have no choice but to raise prices and decrease coverage, said Michael Phillips, chief claims officer at Resilience, a cyber insurance broker for midsize businesses. “The ransomware epidemic has become so severe that the profitability of many of the insurers who write cyber insurance is being threatened,” Phillips said.
Link to blog with full article:
Twitter security under scrutiny after former exec turns whistleblower
A former Twitter executive has alleged some serious problems at the company that he says is a threat to Twitter users’ personal information, democracy, and national security.
LastPass source code breach – do we still recommend password managers?
As you no doubt already know, because the story has been all over the news and social media recently, the widely-known and widely-used password manager LastPass last week reported a security breach. The breach itself actually happened two weeks before that, the company said, and involved attackers getting into the system where LastPass keeps the […]
Sliver offensive security framework increasingly used by threat actors
The offensive security tool used by penetration testers is also being used by threat actors from the ransomware and cyberespionage spheres.
About the Author:I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com