Plain English cybersecurity advice in 3 articles, 2 statistics and 1 action.
This week: Why cyber insurance is getting more expensive and onerous, why 90% of attacks may be thwarted by one security measure (and you know which one I’m talking about), and why I have a question for you about cryptocurrencies and blockchain.
This week’s action: Just ask.
>>>>> THREE ARTICLES <<<<<
1: It’s good to talk
“What shocked me the most,” said the CEO of a major firm, “was that no one thought it sensible to just personally ask me or the Financial Director about those demands for immediate payment!” And the question he wanted to be asked? ‘Did either of you authorise this really big payment to a supplier?’
An interesting story about how one firm was defrauded of a significant sum of money because cyber attackers gained access to the company’s email system and because staff were nervous about phoning senior executives to confirm their urgent requests.
2: Cyber insurance is getting more expensive and the minimim standard demanded by policies is getting more onerous
“US cyber-insurers are increasing premiums and lowering coverage limits despite mandating stricter security controls as a pre-requisite for coverage. [..] Multi-factor authentication (MFA) is now described as a “must-have” to even qualify for coverage. [..] Insurance companies are incorporating the same scanning technology used by hackers into their own underwriting process. This allows them to assess an organization’s perimeter security and also develop a metric-based estimate for a potential cyber-attack.”
It sounds like the insurers are finally getting their heads around the risks that they are being asked to underwrite.
3: What I’m reading when I’m not reading about cyber security
Even the hot topic of “cyber security” is a warm glow compared to the heat around bitcoin, crypto currencies, and blockchain.
Some believe this is all a ponzi scheme. Others believe this is the start of a new world order. I’m somewhere in the middle: Lots of hype (especially about crypto and NFTs) but lots of valuable capabilities underlying it all. There’s something here. I’m just not clear on what it is yet.
If you are like me and don’t know the difference between an NFT and the NFL, I may start to write about what I’ve been learning. Let me know if it is of interest.
In the meantime, if you are in the ‘Ponzi Scheme’ camp, I recommend “Chain Reactions: How Blockchain Will Transform the Developing World”. We may have the privilege of living in jurisdictions with trustworthy institutions, but what if you lived in a country where you needed a “Not for Sale’ sign on your property?
Read more: Chain Reaction available on Amazon.co.uk (PS I had no luck finding it on Irish booksellers’ sites).
>>>>> TWO STATISTICS <<<<<
“Attacks using password-stealing malware have surged by 45% over the past six months, highlighting the continued need for additional log-in security measures, according to Kaspersky.“
“The use of multi-factor authentication (MFA) could prevent as much as 80–90% of cyber-attacks, according to figures cited by the US national security cyber chief.”
>>>>> ONE ACTION <<<<<
1: Just Ask
Make sure that your staff know they must ask suppliers and senior executives (either face-to-face or by phone) to confirm any requests for urgent payments or changes to payment details.
Make sure your suppliers and executives also know they must follow your defined processes when requesting payments. No exceptions allowed.
It may feel embarrassing to have to have a conversation with an exec, but it’s far less embarrassing than explaining how you were fooled by the fake email.