Navigating Ransomware and Cybersecurity: Insights from Cryptocurrency Expert John Morrissey

Summary

In this episode of Chattinn Cyber, Mark Schein chats with John Morrissey, Cryptocurrency Operating Compliance Director for Arete, focusing on various aspects of the cryptocurrency industry and the challenges associated with ransomware attacks. John explains how he ended up in his current role, combining his cybersecurity background with his passion for trading and investing. He discusses the volatility of the cryptocurrency market and the impact it has on ransom demands. He also highlights the increasing scrutiny and compliance requirements imposed by organizations like OFAC when it comes to making ransom payments. John emphasizes the importance of taking cybersecurity seriously and investing in the right tools and processes to protect organizations from cyber threats.

John shares his journey of how he becomes the Cryptocurrency Operating Compliance Director for Arete. He mentions that he met Joe Mann, the founder of Arete, while working in the Virginia DC area. John became Arete’s first client when he ran a DFIR (Digital Forensics and Incident Response) services organization. With his background in cybersecurity and his passion for trading and investing, John found a perfect fit in his current role, where he manages crypto relationships and helps clients navigate the complexities of the market.

The conversation then shifts to the concept of crypto puzzles and the volatility of the cryptocurrency market. John explains that crypto is the most volatile asset in the world, and its value can fluctuate significantly in response to market conditions. He gives an example of how Bitcoin’s value dropped from $69,000 to $16,000 during a market crash. John highlights the challenges of working with a new industry that lacks regulation and dealing with assets that are highly volatile. He emphasizes the need to understand how all these factors fit together.

The discussion then turns to ransomware attacks and the changing demands of adversaries. John mentions that during previous market crashes, ransom demands were often made in Bitcoin. However, after the crash, there has been a shift towards demanding cash instead of Bitcoin. He notes that the ransoms are increasing year over year, with some groups demanding even higher amounts. John also mentions the increasing scrutiny and compliance requirements imposed by organizations like OFAC (Office of Foreign Assets Control) when it comes to making ransom payments. He explains the steps Arete takes to ensure compliance, including analyzing threat actor wallets, conducting blockchain analysis, and verifying the absence of sanctions.

Mark asks John how Arete can help in situations involving ransomware attacks. John explains that Arete is a full-service organization specializing in digital forensics and incident response (DFIR). They offer assistance from the moment a hack is discovered, providing a 24/7 phone number and email for immediate response. Arete’s team helps clients through the entire process, from triage to recovery, and even offers guidance on planning and prevention. If necessary, Arete can also assist with the process of making ransom payments.

In conclusion, the conversation between Mark Schein and John covers various aspects of the cryptocurrency industry and the challenges associated with ransomware attacks. John shares his background and how he ended up in his current role. He discusses the volatility of the cryptocurrency market and the impact it has on ransom demands. He also highlights the increasing scrutiny and compliance requirements imposed by organizations like OFAC. John emphasizes the importance of taking cybersecurity seriously and investing in the right tools and processes to protect organizations from cyber threats. Arete’s role in assisting clients with ransomware attacks is also discussed, highlighting their full-service approach and expertise in digital forensics and incident response.

Key Takeaways

  • Cryptocurrency prices and demand for ransom payments in crypto vs fiat currency fluctuate a lot based on market conditions. When crypto prices crashed, ransom demands shifted to be mostly in cash rather than bitcoin.
  • Ransom amounts continue to rise steadily, with increases of 20-30% year-over-year being common.
  • OFAC regulations and government scrutiny are making ransom payments more difficult with requirements to verify the ransomware group is not sanctioned.
  • Arete offers comprehensive incident response services including forensics, monitoring, planning, and facilitating ransom payments if needed. They have a 24/7 hotline to call for immediate assistance.
  • It’s important for organizations to take cybersecurity seriously and invest in good tools and processes to avoid becoming victims of ransomware. Arete recommends deploying technology like SentinelOne for prevention and detection.

Key Quotes

  • 1:25 – “So it’s great taking some cybersecurity background and melding it with my market background. I became the crypto operations and compliance director at Arete.”
  • 4:03 – “But after it crashed, we actually saw very few pure bitcoin ransoms, and most of them in cash. So whether it’s the psychology of it or just they wanted some consistency outside of the volatility, but today, 95 or more percent of the ransoms are all in pure cash versus bitcoin.”
  • 5:32 – “So we actually take it upon ourselves to look at really every cyber indicator compromise. You always take a threat actor wallet and throw it on the effect sanction list … But we do a lot of analysis on the blockchain of prior transactions that the threat actor might have done.”
  • 6:47 – “We have an Arete 911 phone number. You can just do a Google search of ‘Arete 911’ and find us. So we have a phone number that’s 24/7, we have an email that’s 24/7. Once we receive your email or call, we will be on the phone with you within half an hour to help script that.”
  • 8:33 – “But there’s a lot of great. Yeah, a lot. But there’s a lot of great process and a lot of great technology out there to help you. But I think just take cyber seriously and, or if not, you know, you’ll find yourself in trouble one day.”

ABOUT OUR GUEST:

John Morrissey is a seasoned Technology Sales and Services leader with a strong focus on Customer Success. With extensive experience in assisting National Defense, Civilian Agencies, and Commercial Enterprises, John specializes in successfully implementing cutting-edge technologies such as Analytics, Big Data, Machine Learning, Cyber Security, Fraud, Risk, eDiscovery, and Investigative technology. Throughout his career, John has demonstrated a remarkable ability to build and grow organizations, delivering high-end consulting and enterprise solutions. He is a results-oriented leader with a proven track record of overcoming complex business challenges and making critical decisions with experience, good judgment, a strong work ethic, and unwavering integrity. With a keen vision, determination, and exceptional skills, John is adept at driving increased revenue and profitability for organizations. 

FOLLOW OUR GUEST:

LINKEDIN

ABOUT OUR HOST:

National co-chair of the Cyber Center for Excellence, Marc Schein, CIC,CLCS is also a Risk Management Consultant at Marsh McLennan. He assists clients by customizing comprehensive commercial insurance programs that minimize the burden of financial loss through cost effective transfer of risk. By conducting a Total Cost of Risk (TCoR) assessment, he can determine any gaps in coverage. As part of an effective risk management insurance team, Marc collaborates with senior risk consultants, certified insurance counselors, and expert underwriters to examine the adequacy of existing client programs and develop customized solutions to transfer risk, improve coverage and minimize premiums.

FOLLOW OUR HOST:

WEBSITE | LINKEDIN

Optimizing IT Asset Management for Cybersecurity: Collaboration and Compliance with Jeremy Boerger

Summary

In this episode Marc Schein is chattin’ with Jeremy Boerger, an IT Asset Management (ITAM) expert. Jeremy recounts his entry into ITAM during the Y2K era, where he was tasked with managing compliance systems for a manufacturing firm. This experience sparked his interest in ITAM, which revolves around optimizing an organization’s hardware and software investments for maximum value. He emphasizes ITAM’s focus on cost-consciousness and usability, highlighting its role in efficient product and service utilization.

The discussion dives deeper into the essence of ITAM, explaining its significance in the cybersecurity realm. Jeremy stresses the importance of collaboration between ITAM and cybersecurity teams, citing industry standards like those recommended by NIST and the Department of Defense. He suggests that ITAM’s asset management functions, such as inventory tracking and usage monitoring, are integral to bolstering organizational security measures.

Jeremy acknowledges the historical challenges in establishing ITAM best practices but mentions ISO/IEC 19770 as a leading framework. He also links ITAM’s principles to new cybersecurity regulations, particularly those proposed by the SEC. These regulations emphasize managing end-of-life assets, data disposal, and leveraging returns from decommissioned hardware and software, areas where ITAM plays a crucial role.

As the conversation wraps up, Marc and Jeremy discuss avenues for further engagement and collaboration. Jeremy directs interested parties to his website and LinkedIn profile, where he shares insights on ITAM and cybersecurity integration. The dialogue underscores the evolving landscape of ITAM, its symbiotic relationship with cybersecurity practices, and the potential for synergistic collaboration to enhance organizational resilience and security posture.

Key Takeaways

  • IT Asset Management (ITAM) helps organizations manage their hardware and software assets to get the most value and utility out of them. It helps control costs and track assets.
  • ITAM and cybersecurity should work together. Knowing what devices and software are in the environment helps cybersecurity track potential threats.
  • Best practices for ITAM can be found in ISO standards, ITIL, and NIST frameworks. Organizations like the ISO are bringing ITAM and cybersecurity together.
  • The SEC is encouraging more asset management to track hardware, software, and data, especially at end of life. This helps control cyber risks.
  • ITAM can notify cybersecurity when hardware and software changes, so they can update their threat models. Collaboration between the teams is important.

Key Quotes

  • 00:51 – “If you remember back in Y2K, back at the turn of the century […] I had been brought into a small manufacturing firm to help with their Y2K results, a lot of it being swapping out old systems for compliance systems and the like.”
  • 03:35 – “What I have seen from the other side of the fence is that cybersecurity professionals tend to look at their work in […] silo [as a] very separate activity when there’s all of this wonderful data and technique and knowledge that probably doesn’t get tapped into as well as it should have.”
  • 06:09 – “Where is the hardware and software and most importantly, the data that is sitting inside that hardware and software? What do you do with it at the end of its lifecycle? And that’s been typically something that cybersecurity folks don’t really pay much attention to.”
  • 06:37 – “Well, asset management is very concerned about that endgame because there’s money to be had. There are services to be had. If you’re not going to reuse that device or reissue those licenses, then what kind of return cash can you bring into the organization to then fund another investiture?”
  • “But I also encourage folks to reach out on LinkedIn as well. We’ve got a very active newsletter community speak on a great length about some of the new initiatives, licensing schemes, threat, and even techniques on how to mitigate some of these asset concerns that then do bleed into cybersecurity and service management.” (08:24)

About Our Guest

Jeremy Boerger helps companies build and rehabilitate their IT asset management (ITAM) practices, both hardware and software asset management (SAM), recovering almost 10% of the IT department’s budget. In 2017, he founded Boerger Consulting, LLC, to better help business leaders and decision-makers fully realize the promises a properly-functioning ITAM and SAM programs can deliver. He tours the country, speaking at numerous conventions and symposiums. He is also the author of Rethinking Information Technology Asset Management,” available through Amazon, Apple Books, B&N, or wherever you prefer to purchase your eBooks and paperbacks.

FOLLOW OUR GUEST:

WEBSITE | LINKEDIN

ABOUT OUR HOST:

National co-chair of the Cyber Center for Excellence, Marc Schein, CIC,CLCS is also a Risk Management Consultant at Marsh McLennan. He assists clients by customizing comprehensive commercial insurance programs that minimize the burden of financial loss through cost effective transfer of risk. By conducting a Total Cost of Risk (TCoR) assessment, he can determine any gaps in coverage. As part of an effective risk management insurance team, Marc collaborates with senior risk consultants, certified insurance counselors, and expert underwriters to examine the adequacy of existing client programs and develop customized solutions to transfer risk, improve coverage and minimize premiums.

FOLLOW OUR HOST:

WEBSITE | LINKEDIN

Automation and AI in Cybersecurity: Enhancing Response Capabilities with Billy Gouveia

Summary

In this episode of #ChattinnCyber, Billy Gouveia, the CEO of Surefire, a prominent cybersecurity firm stops by to chat. Billy chats about quantifying the costs associated with data breaches. He shares what it was like growing up in Boston and becoming the CEO of a renowned cybersecurity company.

Billy acknowledges the significance of #cybersecurity in today’s world, stating that the work being done in the field will have a lasting impact on future generations. He highlights the exponential growth of the tech industry, which is enabled by cybersecurity, and emphasizes the importance of addressing issues such as IP theft and the normalization of cybercrime.

Billy explains that he recognized structural disincentives for current market participants to embrace technology in a different way. He wanted to reframe the role of incident response experts and leverage technology to provide better outcomes for clients. By automating workflows and utilizing technology effectively, Surefire aims to provide faster outcomes, reduce costs, and make clients’ lives better during cyber events. The conversation then delves into the role of automation and #artificialintelligence (AI) in incident response. Billy clarifies that while AI has a role to play in automation, the current focus is more on automation itself. He discusses the advancements in technology and tools for detection, containment, forensic investigations, and restoration.

Billy emphasizes the importance of talent in the field and how automation can streamline processes, allowing experts to focus on guiding clients through business decisions. Billy tells our listeners about cybersecurity controls that provide the best return on investment (ROI). He suggests starting with endpoint detection and response capability, along with multi-factor authentication (MFA) and backups. He explains that the prioritization of controls may vary depending on the nature of the business, such as protecting intellectual property or ensuring uptime.

The discussion then shifts to the challenges of MFA bypass techniques, where threat actors find ways to bypass or degrade MFA controls. Billy explains examples such as MFA fatigue and token theft, highlighting the need for multiple controls and a thoughtful approach to cybersecurity.

In conclusion, Billy reflects on the dynamic and challenging nature of the cybersecurity domain. He emphasizes the importance of seeking guidance from experts like Marsh McLennan Agency #MMA to navigate the complexities of cybersecurity.

Key Takeaways

  1. The Significance of Cybersecurity: Billy Gouveia emphasizes that cybersecurity is among the defining issues of our time, with the work being done in the field expected to impact future generations. The tech industry, enabled by cybersecurity, is a trillion-dollar industry, but it also faces challenges such as IP theft and the normalization of cybercrime.
  2. Reframing the Role of Incident Response: Surefire aims to reframe the role of incident response experts by leveraging technology and automation to provide better outcomes for clients. By automating workflows and utilizing tools effectively, they can provide faster responses, reduce costs, and improve clients’ experiences during cyber events.
  3. Automation vs. Artificial Intelligence: While artificial intelligence (AI) has a role to play in automation, the current focus in incident response is more on automation itself. Automation can streamline processes and allow experts to focus on guiding clients through business decisions. AI’s role in incident response is expected to grow over time.
  4. Prioritizing Cybersecurity Controls: When it comes to cybersecurity controls, Billy suggests starting with endpoint detection and response capability, multi-factor authentication (MFA), and backups. The prioritization of controls may vary depending on the nature of the business, such as protecting intellectual property or ensuring uptime.
  5. Evolving Cybersecurity Challenges: Threat actors are constantly finding ways to bypass or degrade cybersecurity controls. MFA bypass techniques, such as MFA fatigue and token theft, pose challenges. It is crucial to have multiple controls in place and to stay vigilant in adapting to evolving cybersecurity threats.

Key Quotes

  1. “In many ways, cyber is among the defining issues of our time… The stuff we work on now will affect our kids and our grandkids.”
  2. “…if we have automation putting the puzzle together, then what our team can do is focus more on helping the client orient to the picture the puzzle creates, and then guiding our clients through a set of business decisions.”
  3. “I’m hopeful AI can make the offense-defense matchup a lot more symmetric… Maybe AI can close that.”
  4. “Having a response take three days in duration versus three weeks makes their lives better, reduces business interruption.”
  5. “Four or five years of a hard insurance market has done more to improve security controls than 20 years of security professionals howling at black hat or RSA or any of the security conferences.”

About Our Guest

Billy Gouveia is the CEO and Founder of Surefire Cyber, one of the most well-known cybersecurity firms in the country. With over 20 years of experience in cyber, intelligence, and technology, Billy has become a respected figure in the field. His passion for addressing the challenges of cybersecurity and his belief in the importance of technology in incident response led him to establish Surefire Cyber. Billy’s expertise lies in reframing the role of incident response experts and leveraging technology to provide better outcomes for clients. He is dedicated to helping organizations navigate the ever-changing cyber landscape and is committed to making a positive impact in the field of cybersecurity.

Follow Our Guest

LinkedIn | Surefire Cyber

About Our Host:

National co-chair of the Cyber Center for Excellence, Marc Schein, CIC,CLCS is also a Risk Management Consultant at Marsh McLennan. He assists clients by customizing comprehensive commercial insurance programs that minimize the burden of financial loss through cost effective transfer of risk. By conducting a Total Cost of Risk (TCoR) assessment, he can determine any gaps in coverage. As part of an effective risk management insurance team, Marc collaborates with senior risk consultants, certified insurance counselors, and expert underwriters to examine the adequacy of existing client programs and develop customized solutions to transfer risk, improve coverage and minimize premiums.

Follow Our Host:

WEBSITE | LINKEDIN

 

Dark Web IQ: Disrupting Cybercrime with Kevin Sherry

image of Kevin Sherry and Marc Schein

Summary

In this episode Marc Schein is chattin’ with Kevin Sherry, the founder of DarkWeb IQ, a pioneering offensive cybercrime prevention firm. Kevin shares his unconventional journey from a hedge fund trader and entrepreneur to a leader in the cyber insurance industry, eventually leading to the inception of DarkWeb IQ. Kevin’s entrepreneurial spirit and proactive approach to spotting opportunities in the evolving insurance landscape laid the foundation for his innovative venture.
Kevin details the origins of DarkWeb IQ, emphasizing his belief in the necessity for a new approach to cybersecurity. In 2020, amid the chaos of the pandemic, the cyber insurance market faced unprecedented challenges due to a surge in ransomware attacks. As market panic ensued, Kevin, leading a team at Everest, realized the need for a radical solution to protect against mounting losses. His sleepless nights and relentless pursuit of answers culminated in the idea of infiltrating and disrupting the cybercriminal supply chain, a concept that formed the core of DarkWeb IQ’s mission.

DarkWeb IQ’s approach diverges from traditional defensive security measures. Instead of merely implementing preventive controls, the firm actively engages with the criminal underground to disrupt cybercrime operations. Kevin recounts how the cybercriminal ecosystem, similar to a supply chain, can be infiltrated and dismantled by targeting its vulnerable links. Despite initial assumptions that such methods were already in use, Kevin was surprised to find significant gaps in the existing threat intelligence efforts, paving the way for DarkWeb IQ’s unique offensive strategy.

Kevin’s firm has intercepted over 800 attacks in two years, employing various methods from direct interventions to collaborations with vendors and government agencies. These interventions range from alerting companies about immediate threats to helping software vendors secure their tools against misuse. Kevin explains how his team’s efforts not only protect individual clients but also contribute to broader societal benefits, such as safeguarding critical infrastructure like hospitals and water treatment facilities.

Reflecting on lessons learned, Kevin highlights the importance of focusing on the basics of cybersecurity. Many attacks exploit simple vulnerabilities, often overlooked despite significant investments in security tools. He advocates for a pragmatic approach where companies prioritize understanding and addressing the most common attack vectors rather than being overwhelmed by compliance checklists. Kevin also stresses the value of proactive vulnerability scanning for insurers, while cautioning against the pitfalls of alert fatigue caused by overemphasis on less critical vulnerabilities.

As the conversation concludes, Kevin expresses his pride in the public-private partnership model that DarkWeb IQ embodies, working closely with law enforcement and the insurance industry to create impactful solutions. He reflects on his journey and the collaborative spirit of their mission, looking forward to continued innovation and progress in the fight against cybercrime.

Key Takeaways

  1. Kevin Sherry started DarkWeb IQ due to his frustration with the rise in ransomware attacks and wanted to find an innovative way to combat cybercrime.
  2. DarkWeb IQ works to infiltrate the cybercriminal ecosystem and supply chain to gain visibility into potential attacks. They intercept attacks and work with law enforcement to build cases against criminals.
  3. DarkWeb IQ has directly intercepted over 800 attacks in their 2 years of existence by infiltrating criminal operations.
  4. Most cyber attacks utilize basic methods, even though security has become very complicated. Focusing on how real-world attacks occur can improve security programs.
  5. Proactive vulnerability scanning by insurers provides value, but alert fatigue is a problem. Focusing alerts on key vulnerabilities that are likely to be exploited is important.

Key Quotes

  1. “By late Q3 of 2020, there was panic in the marketplace and it was noticeable. People were scared.”
  2. “I was angry at the idea that these a**hole ransomware criminals in eastern Europe and Russia were going to potentially undo five years worth of blood, sweat, and tears I put into building this business.”
  3. “What we were proposing was essentially we felt that we had a good legal argument that could allow us to go in on a consistent and scalable way to engage with all sorts of criminals that are in that ecosystem in a way that just wasn’t being done.”
  4. “We’ve had over 800 of those so far in our two year existence.” (Referring to direct attack interceptions)
  5. “Most vulnerabilities don’t matter. 98% of vulnerabilities are literally never going to have a weaponized exploit. They don’t matter. You shouldn’t be patching them. You’re wasting and depleting resources.”

ABOUT OUR GUEST:

Kevin Sherry is a highly accomplished professional with a strong focus on cybersecurity and public-private partnerships. Currently, he leads a prominent public-private partnership aimed at safeguarding U.S.-based companies against imminent ransomware attacks. With a proven track record of success, Kevin has built a market-leading and best-in-class cyber insurance business from the ground up at a top-tier carrier. Additionally, he played a pivotal role in establishing Prime International Trading’s first high-frequency trading team, which generated over $4 million in profit for the firm and laid the foundation for the firm’s success during times of disruption. Kevin’s passion for making a positive impact extends beyond the business world. He co-drafted a blueprint and secured funding for an initiative to break the cycle of poverty for coffee farmers in Flores, Indonesia, in collaboration with Noble Coffee, local political leaders, and NGOs. Today, parts of the plan are being executed, bringing tangible benefits to the community. Kevin holds a Master of Science in Finance from the Simon School of Business, where he was a member of the prestigious Beta Gamma Sigma honor society. With his expertise and dedication, Kevin Sherry continues to make significant contributions in the fields of cybersecurity, finance, and social impact.

FOLLOW OUR GUEST:

WEBSITE | LINKEDIN

ABOUT OUR HOST:

National co-chair of the Cyber Center for Excellence, Marc Schein, CIC,CLCS is also a Risk Management Consultant at Marsh McLennan. He assists clients by customizing comprehensive commercial insurance programs that minimize the burden of financial loss through cost effective transfer of risk. By conducting a Total Cost of Risk (TCoR) assessment, he can determine any gaps in coverage. As part of an effective risk management insurance team, Marc collaborates with senior risk consultants, certified insurance counselors, and expert underwriters to examine the adequacy of existing client programs and develop customized solutions to transfer risk, improve coverage and minimize premiums.

FOLLOW OUR HOST:

WEBSITE | LINKEDIN

“Best Practices: How to Protect Your Business Against Bad Actors & Cyber Threat”

Tech-related business insurance is evolving fast and Anthony Dolce, our guest on this episode of Chattinn Cyber, is a thought leader at the forefront. As head of Professional Liability & Cyber Underwriting at The Hartford, he brings 25 years of industry expertise to the myriad issues shaping policy development and recommended coverages for businesses – whether tech giants or third-party users of technology. Anthony explains the differences between Cyber and Tech Errors & Omissions (E&O) policies – as well as who needs which and in what combination. He also highlights for Host March Schein, National Co-Chair of the Cyber Center for Excellence, the confluence of factors that make tech companies such attractive targets for threat actors. You’ll learn about the most common – and damaging – cyber liabilities out there; things like network attacks, ransom ware assaults, data breaches, business interruption, data restoration costs and third-party vulnerabilities. And don’t miss our guest’s comprehensive list of best practices to control risk for companies of all kinds, whatever their core business. “Nothing’s a silver bullet, but you can help mitigate potential exposure,” says Anthony, whose Connecticut-based career began in claims before migrating to underwriting. Find out what differentiates The Hartford’s Tech E&O and Cyber insurance solutions and how their team of experts guarantee insureds the best possible outcomes when privacy breaches, data hacks or other negative events occur. (Hint: specialized expertise and preparedness are key!)

Key Takeaways:

  • Why taking a leap and moving to the business side at The Hartford was one of those pivotal choices that changed the course of Anthony’s career – and all too the good!
  • From claims to underwriting: How Anthony made the jump and why it has shifted his focus.
  • About the collaborative, social elements that define much of the underwriter’s process and goals.
  • What’s a Cyber Policy? If you’re doing business of any kind on the internet, then you probably need some form of coverage.
  • What’s a Tech E&O Policy? If you providing a tech service of some kind, then you probably need some form of coverage.
  • At the intersection: A look at insurance policies that simultaneously cover exposures in the realms of both Cyber and Tech C&E exposure.
  • About the evolution of Tech E&O + Cyber and coverages required in an internet economy full of data transmittal, management and risk exposures.
  • Why large technology companies are such high-value targets for threat actors eager to double-dip by accessing downstream secondary client information.
  • How The Hartford differentiates itself as an established carrier with a wide array of solutions for any business eventuality:
    • Stand-alone Tech E&O coverage.
    • Tech E&O coverage + cyber coverage.
    • A wide variety of mix-and-match options.
    • Specialized tech expertise to ensure optimal insurance outcomes.
  • About potential cyber liabilities unique to technology firms:
    • Network cyber-attacks.
    • Ransom ware attacks.
    • Data breaches (and related extortion).
    • Business interruption.
    • Data restoration costs.
    • Professional/product exposure due to third-party contractual, regulatory or subrogation issues.
  • Supply chain and systemic risk: A closer look at the variety of vulnerabilities passed down to companies impacted by global industry events.
  • Recommended best practices to note:
    • Perform regular software composition analyses.
    • Deploy tools to track vulnerabilities.
    • Undertake regular code reviews, including both static and dynamic scans.
    • Implement regular in-house or third-party security and resiliency testing.
    • Develop a solid IRP (Incident Response Plan).
    • Ensure that your cyber insurance carrier is an integral part of your IRP.
    • Stage incident response table-top exercises to align all stakeholders.
    • Establish a roll-back plan to close vulnerabilities and limit negative events.
    • Monitor your product and its resiliency.
  • Remember: There are no silver bullets; only solid preparation maximizes risk mitigation and rapid recovery.
  • Key Quotes:
  • “You only get so many pivots in your career, as I tell junior folks, and so I jumped at the challenge to be on the business side (at The Hartford) and I’m happy I did.” – Anthony (01:50)
  • “With underwriting, everyone is generally trying to get to a point where there’s agreement, a deal, a win. And that’s one of the things I really like about it.” – Anthony (02:54)
  • “When breach and notification laws came into existence when California passed its first law around 2000, you started to have the need for a number of different coverages both for first-party and third-party.” – Anthony (05:49)
  • “Tech companies accounted for nearly a quarter of ransom ware attacks within the last few years … and part of that is that they’re just a very attractive target by virtue of their interaction with clients and what they do.” – Anthony (08:32)
  • “You really do need specialized tech expertise (to) get the best result for your insureds and guide them through what can sometimes be a complicated scenario with both first-party and third-party coverages, depending on what’s happened.” – Anthony (10:34)
  • “One of the biggest areas of concern when I speak to general folks in the cyber marketplace is supply chain and systemic risk.” – Marc (12:42)
  • “Make sure you’re making your cyber carrier an integral part of (your) IRP. Utilize their resources and their claims folks, because they’re in-house experts at what they do.” – Anthony (15:46)
  • “For an incident response plan to be good, you need to test it and make sure that the decision-makers are in the loop.” – Anthony (16:03)
  • “Nothing’s a silver bullet but you can help mitigate potential exposure.” -Anthony (16:50)

 

ABOUT OUR GUEST:

An insurance professional with 25 years of experience in law and a wide variety of insurance-related positions in North America, Anthony has handled thousands of cyber and privacy matters and frequently speaks and writes on legal/insurance related issues. He has also managed teams handling a variety of lines of business including Cyber, Healthcare, Technology, Media, Employment Practices Liability, Errors & Omissions and Directors & Officers liability. Anthony is a graduate of UCONN Law School and a member of the Connecticut bar.

 

“Is Your Cyber Underwriting Solid? Why You Need the Three-Legged Stool.”

Our guest on this episode of Chatting Cyber is at the forefront of Insurtech innovation, deploying new approaches to cyber underwriting (with a ripple effect on traditional insurance). Peter Hedberg, VP for Cyber Underwriting at Corvus Insurance, shares with Host Marc Schein the many ways tech-enabled strategies are transforming the landscape. Says our guest: Heightened engagement among both cyber insurance brokers and policy-holders is yielding a “virtuous cycle” of better bottom-line results! Find out how brokers can help foster alignment and build trust between insurance policy purchasers (often CFOs) and their IT executives (often CIOs, CTOs). You’ll also learn how Corvus offers financial incentives to those who proactively undertake risk self-assessments to reduce liability – a major plus for all concerned. Peter also underscores why it’s so important to put in place a solid three-legged stool: Application, Exposure, Technology. When these elements are in sync, he explains, vulnerability is minimized to everyone’s benefit. Find out where cyber insurers are with developments related to third-party and systemic risk (works in progress!) and how a Minneapolis-born guy who originally got licensed as a traditional insurance broker became one of the most well-respected cyber specialists out there. “The feedback we’re getting from policy-holders is that we are creating an eco-system and environment that is improving their stance,” says Peter. “And I’m just really happy that as an Insurtech I can point to those numbers and that value.”

Key Takeaways:

 

  • Check your complementary skill sets. You may be positioned for a niche specialty!
  • How does Insurtech differ from traditional insurance? The focus is on driving down losses through technology-enabled underwriting.
  • The Three-Legged Stool of Underwriting: Application, Exposure and Technology.
  • Putting the right underwriting elements together creates a profitable “virtuous cycle.”
  • Insurtech adds value by generating tech-enabled approaches that drive down losses.
  • Corvus Differentiator: It incents policy-holders to engage with proactive risk assessment.
  • How can brokers help?
    • By proselytizing the idea of cyber policy-holder engagement.
    • By fostering alignment between the insured’s buyer (typically a CFO) and their IT leadership (typically a CIO or CTO).
  • Third-party wrongful collection of information has surged but ramifications are still actuarially unclear and still being litigated.
  • Assessing systemic risk requires nuance and working through unknown liabilities.
  • On the horizon for 2024? More frontlines information about how well policy-holder controls are working to control risk.
  • Key Quotes:
  • “When cyber (insurance) slowly became more of a mainstream product offering they just pointed to me and said: You’re the cyber guy!” – Peter (02:10)
  • “The value proposition with Insurtech is just so fundamentally different from insurance.” – Peter (04:20)
  • “Insurtech is leveraging technology to create a better policy-holder experience, better value and more profit left over at the end of the year.” – Peter (05:24)
  • “Insurtechs have proven that they can grow really fast, but that doesn’t mean they can make money.” – Peter (05:49)
  • “Engagement brings dividends to you as a policy-holder. It makes you a safer policy-holder.” – Peter (09:15)
  • “We in the cyber market really demanded much better controls on our policy-holders over the last couple of years and a lot of that has been delivered to us.” – Peter (14:25)
  • “The feedback we’re getting from policy-holders is that we are creating an eco-system and environment that is improving their stance. And I’m just really happy that as an Insurtech I can point to those numbers and that value.” – Peter (15:58)

 

ABOUT OUR GUEST:

With more than 15 years of insurance industry experience, Peter Hedberg is Vice President for Cyber Underwriting at Corvus Insurance. He has a specialty in Cyber and Tech E&O lines. A Minnesota native, Peter started his career working his way from IT intern to the position of cyber broker at Hays Companies over the course of ten years. He has spent the past six years based in New York City, first growing Hiscox USA’s business in the Northeast region as Assistant Vice President and, more recently, managing the tech and cyber side of NAS Insurance Services (now Tokio Marine) HCC as Vice President.

 

FOLLOW OUR GUEST:

WEBSITE | LINKEDIN

 

ABOUT OUR HOST:

National co-chair of the Cyber Center for Excellence, Marc Schein, CIC,CLCS is also a Risk Management Consultant at Marsh McLennan. He assists clients by customizing comprehensive commercial insurance programs that minimize the burden of financial loss through cost effective transfer of risk. By conducting a Total Cost of Risk (TCoR) assessment, he can determine any gaps in coverage. As part of an effective risk management insurance team, Marc collaborates with senior risk consultants, certified insurance counselors, and expert underwriters to examine the adequacy of existing client programs and develop customized solutions to transfer risk, improve coverage and minimize premiums.

 

FOLLOW OUR HOST:

WEBSITE | LINKEDIN

 

Cybersecurity In M&A Transactions And The Three-Layer Chocolate Cake Approach With Justin Daniels

In this episode of CHATTINN CYBER, Marc Schein interviews Justin Daniels, an equity partner at Baker Donelson, an AM law 60 firm. Justin worked as a corporate M&A attorney and started doing technology work, before eventually narrowing down to cybersecurity. In today’s episode, he talks about cybersecurity in M&A transactions, explaining in depth his three-layer cake approach to cybersecurity in M&A and the importance of cybersecurity and privacy in all aspects of technology, from individual to business transactions.

Justin begins by discussing the importance of cybersecurity and privacy for individuals and businesses, particularly in the context of smart contracts and digital wallets used in the crypto space. He emphasizes the need for individuals to shift their mindset and make intelligent choices about sharing their data. He also suggests that individuals take advantage of privacy and security settings on their phones and consider multi-factor authentication.

He then shifts to cybersecurity in M&A transactions. Justin explains his “three-layer cake” approach to cybersecurity in M&A, which includes asking the right questions, having proper representations and warranties in the purchase agreement, and not integrating the target’s network too quickly after the acquisition. He also discusses liability caps and super caps in technology contract negotiations.

Overall, this conversation stresses the importance and relevance of cybersecurity in all technology business transactions today.

 

Highlights:

 

“You have to have a certain period where cybersecurity lasts after the closing. In fact, I make it a fundamental rep where it could last through the statute of limitations, it can get negotiated.”

 

“Once you own a network, you can send in your security people and try to find any intrusions. And if you can do that, while the network is isolated, that doesn’t give the threat actor the opportunity to move laterally onto your network and probably cause a lot more damage.”

 

Time-Stamps:

 

[01:06] Justin’s journey into cybersecurity

[03:17] The importance of smart contracts and digital wallets.

[05:12] How businesses and individuals can manage privacy and security concerns.

[07:33] The pros and cons of using private browsers

[09:35] How important is cybersecurity in M&A?

[11:27] The three-step approach to cyber security.

[13:43] Liability caps helpful in M&A negotiations

[15:17] About Justin’s book, Data Reimagined, and how to connect with him online

 

Connect with Justin:

 

LinkedIn: https://www.iansresearch.com/our-faculty/faculty/detail/justin-daniels

 

 

 

 

 

Cyber Insurance Risks And How To Mitigate Them With Trent Cooksley

In this episode of CHATTINN CYBER, Marc Schein interviews Trent Cooksley, the co-founder and CEO of Cowbell Cyber about his journey into cybersecurity and how he founded one of the most successful cyber insurance companies to date.

Starting his career as a bond trader on the Chicago Board of Trade, Trent quickly realized that he wasn’t cut out for that type of work and decided to learn the ropes of becoming an entrepreneur. After serving Markel Corporation in a variety of different roles for a decade and gaining experience in international insurance business, property lines, professional lines, and acquisitions, Trent decided to build his own company, something he had been putting off for some time. He watched what was happening in the insurtech space and found an opportunity in cyberspace, and ventured in.

Trent developed proprietary technology that allowed his newly formed company to evaluate the cybersecurity health and hygiene of every business in the United States, which gave it an opportunity to really understand risks when they come in at a much more granular and better level.

Aside from his journey, Trent also talks about the biggest challenge facing the cyber insurance industry: the rapid and continuous evolution of cyber risks, which requires companies to be proactive and reactive at a rapid pace. He shares that this uncertainty also presents opportunities for those who put themselves in a position to take advantage of them. Cowbell, his company, is working towards finding a long-term solution for their policyholders by continuing to be experts in the space and how they’re modeling the risk and understanding the risk.

Listen to this episode to learn more.

 

Highlights:

 

“One of the little things that we do that I think accentuates our culture, we have a really transparent organization. So we like to be transparent. We encourage resiliency, urgency and empowerment.”

 

“We’re continually evaluating the cybersecurity health and hygiene of every business in the United States, the entire market. And that gives us an opportunity to really understand risks when they come in, at a much more granular and better level.”

 

Time-Stamps:

 

[01:43] Trent’s business milestones

[03:42] Challenges with the rapid growth of Trent’s company.

[06:25] Deep market penetration in the cyber insurance marketplace.

[08:14] Taking a cross-disciplinary approach.

[10:18] Understanding risks at a more granular and better level.

[12:39] How it looks like being the CEO of Cowbell Cyber for a day and the process behind it.

 

Connect with Trent:

 

LinkedIn: https://cowbell.insure/team/

 

 

How to Prevent Ransomware Attacks in 2023 with Jason Rebholiz

2023 is a totally different year from 2022 when it comes to ransom attacks. Based on the activities on the dark web associated with ransom actors, the numbers are going up. Last year, Russia-Ukraine had the numbers go down, but this year, we have a 102 % increase.

In this episode of the Chattinn Cyber podcast, we have the pleasure of hosting Jason Rebholiz. He is the chief information security officer at Convus Insurance and owns a YouTube Channel called Teach Me Cyber. Jason’s passion for data security is peerless, and his knowledge of the industry is something we should all want to hear. His career started at Mandiant, where he tried different things and came to learn his passion was in data security.

Jason and Marc Schein have an in-depth conversation on Ransomware and data security. Jason brings us up to speed with the current ransomware trends in 2023, the groups that are giving data security experts sleepless nights, the effects of AI on data security, and how organizations can keep their data safe.

Would you like to learn more on how to prevent ransomware attacks? Listen to this episode.

Key Talking Points of the Episode:

[02:20] How Jason got into security

[07:31] Jason’s advice to people who want to join the cybersecurity industry

[10:22] Ransomware trends in 2023?

[13:34] Most common ransomware groups

[16:48] How safe is MFA?

[20:04] How can organizations beef up their data security?

[22:01] How is AI impacting data security?

Standout Quotes from the Episode:

“Understanding the type of MFA is going to become critically important in the future.”

“When companies can go in and create this baseline of the security controls, they are going to be more protected against ransomware and other attacks than somebody that does not have that.”

Connect With Jason Rebholiz:

LinkedIn: https://www.linkedin.com/in/jrebholz/

YouTube: https://www.youtube.com/@teachmecyber

 

 

Cybersecurity Risks And The Rising Demand For Chief Information Security Officers With James Kim

In this episode of CHATTINN CYBER, Marc Schein interviews James Kim, the Vice President and Director of Cybersecurity Strategies and Programs at City National Bank in Florida, about the roles and responsibilities of a cybersecurity professional, leveling up into a CISO (Chief Information Security Officer) role, and managing cybersecurity risks in an organization.

James begins by discussing his path to his current position, attributing his success to luck, ambition, and grit. He started as a help desk technician at a bank and worked his way up over the years, focusing on risk management and developing business acumen. He realized that there was a gap between the technical aspects of cybersecurity and business, which led him to focus on improving the relationship between the two areas. He believes that this focus on developing relationships and maintaining partnerships is critical to his role and cybersecurity more broadly.

James’s day-to-day responsibilities involve incident reviews, working with governance, risk and compliance teams, reviewing policies and controls, managing projects, and tracking various initiatives. He enjoys the variety of tasks and the opportunity to work across the entire spectrum of cybersecurity, including governance, risk and compliance, security architecture, identity and access management, and business continuity and vendor risk management.

James discusses the future of the CISO role and where he sees himself in five years. He believes that the CISO role will continue to expand in prominence, with more emphasis on managing cybersecurity risks for the organization.

He concludes the conversation by advising young professionals interested in cybersecurity to know the many different aspects of the field, including governance, risk and compliance programs, cybersecurity auditing, and security engineering and analysis. He also stresses the importance of work-life balance, given the challenging and stressful nature of the work.

 

Highlights:

 

“We all have similar responsibilities around maintaining a robust information security or cybersecurity program, ensuring that we have proper processes, procedures in place to report incidents; and at the end of the day, having the appropriate safeguards in place to protect client information or patient information.”

 

“If you’ve been kind of following along with current events, I feel that within the next five years, the CISO role will continue to expand and gain more prevalence with management and the board.”

 

Time-Stamps:

 

[00:50] How did James get into cybersecurity?

[02:38] James’s day-to-day responsibilities as a security operations manager.

[04:04] Working across the entire spectrum of cybersecurity.

[06:06] Where do you see the Ceo role in five years?

[08:07] How to promote awareness internally and externally within the organization.

[10:13] Advice for young professionals trying to enter cybersecurity.

[12:14] Challenges in the future of cybersecurity.

 

Connect with James:

 

LinkedIn: https://www.linkedin.com/in/james7kim/