“Best Practices: How to Protect Your Business Against Bad Actors & Cyber Threat”

Tech-related business insurance is evolving fast and Anthony Dolce, our guest on this episode of Chattinn Cyber, is a thought leader at the forefront. As head of Professional Liability & Cyber Underwriting at The Hartford, he brings 25 years of industry expertise to the myriad issues shaping policy development and recommended coverages for businesses – whether tech giants or third-party users of technology. Anthony explains the differences between Cyber and Tech Errors & Omissions (E&O) policies – as well as who needs which and in what combination. He also highlights for Host March Schein, National Co-Chair of the Cyber Center for Excellence, the confluence of factors that make tech companies such attractive targets for threat actors. You’ll learn about the most common – and damaging – cyber liabilities out there; things like network attacks, ransom ware assaults, data breaches, business interruption, data restoration costs and third-party vulnerabilities. And don’t miss our guest’s comprehensive list of best practices to control risk for companies of all kinds, whatever their core business. “Nothing’s a silver bullet, but you can help mitigate potential exposure,” says Anthony, whose Connecticut-based career began in claims before migrating to underwriting. Find out what differentiates The Hartford’s Tech E&O and Cyber insurance solutions and how their team of experts guarantee insureds the best possible outcomes when privacy breaches, data hacks or other negative events occur. (Hint: specialized expertise and preparedness are key!)

Key Takeaways:

  • Why taking a leap and moving to the business side at The Hartford was one of those pivotal choices that changed the course of Anthony’s career – and all too the good!
  • From claims to underwriting: How Anthony made the jump and why it has shifted his focus.
  • About the collaborative, social elements that define much of the underwriter’s process and goals.
  • What’s a Cyber Policy? If you’re doing business of any kind on the internet, then you probably need some form of coverage.
  • What’s a Tech E&O Policy? If you providing a tech service of some kind, then you probably need some form of coverage.
  • At the intersection: A look at insurance policies that simultaneously cover exposures in the realms of both Cyber and Tech C&E exposure.
  • About the evolution of Tech E&O + Cyber and coverages required in an internet economy full of data transmittal, management and risk exposures.
  • Why large technology companies are such high-value targets for threat actors eager to double-dip by accessing downstream secondary client information.
  • How The Hartford differentiates itself as an established carrier with a wide array of solutions for any business eventuality:
    • Stand-alone Tech E&O coverage.
    • Tech E&O coverage + cyber coverage.
    • A wide variety of mix-and-match options.
    • Specialized tech expertise to ensure optimal insurance outcomes.
  • About potential cyber liabilities unique to technology firms:
    • Network cyber-attacks.
    • Ransom ware attacks.
    • Data breaches (and related extortion).
    • Business interruption.
    • Data restoration costs.
    • Professional/product exposure due to third-party contractual, regulatory or subrogation issues.
  • Supply chain and systemic risk: A closer look at the variety of vulnerabilities passed down to companies impacted by global industry events.
  • Recommended best practices to note:
    • Perform regular software composition analyses.
    • Deploy tools to track vulnerabilities.
    • Undertake regular code reviews, including both static and dynamic scans.
    • Implement regular in-house or third-party security and resiliency testing.
    • Develop a solid IRP (Incident Response Plan).
    • Ensure that your cyber insurance carrier is an integral part of your IRP.
    • Stage incident response table-top exercises to align all stakeholders.
    • Establish a roll-back plan to close vulnerabilities and limit negative events.
    • Monitor your product and its resiliency.
  • Remember: There are no silver bullets; only solid preparation maximizes risk mitigation and rapid recovery.
  • Key Quotes:
  • “You only get so many pivots in your career, as I tell junior folks, and so I jumped at the challenge to be on the business side (at The Hartford) and I’m happy I did.” – Anthony (01:50)
  • “With underwriting, everyone is generally trying to get to a point where there’s agreement, a deal, a win. And that’s one of the things I really like about it.” – Anthony (02:54)
  • “When breach and notification laws came into existence when California passed its first law around 2000, you started to have the need for a number of different coverages both for first-party and third-party.” – Anthony (05:49)
  • “Tech companies accounted for nearly a quarter of ransom ware attacks within the last few years … and part of that is that they’re just a very attractive target by virtue of their interaction with clients and what they do.” – Anthony (08:32)
  • “You really do need specialized tech expertise (to) get the best result for your insureds and guide them through what can sometimes be a complicated scenario with both first-party and third-party coverages, depending on what’s happened.” – Anthony (10:34)
  • “One of the biggest areas of concern when I speak to general folks in the cyber marketplace is supply chain and systemic risk.” – Marc (12:42)
  • “Make sure you’re making your cyber carrier an integral part of (your) IRP. Utilize their resources and their claims folks, because they’re in-house experts at what they do.” – Anthony (15:46)
  • “For an incident response plan to be good, you need to test it and make sure that the decision-makers are in the loop.” – Anthony (16:03)
  • “Nothing’s a silver bullet but you can help mitigate potential exposure.” -Anthony (16:50)

 

ABOUT OUR GUEST:

An insurance professional with 25 years of experience in law and a wide variety of insurance-related positions in North America, Anthony has handled thousands of cyber and privacy matters and frequently speaks and writes on legal/insurance related issues. He has also managed teams handling a variety of lines of business including Cyber, Healthcare, Technology, Media, Employment Practices Liability, Errors & Omissions and Directors & Officers liability. Anthony is a graduate of UCONN Law School and a member of the Connecticut bar.

 

“Is Your Cyber Underwriting Solid? Why You Need the Three-Legged Stool.”

Our guest on this episode of Chatting Cyber is at the forefront of Insurtech innovation, deploying new approaches to cyber underwriting (with a ripple effect on traditional insurance). Peter Hedberg, VP for Cyber Underwriting at Corvus Insurance, shares with Host Marc Schein the many ways tech-enabled strategies are transforming the landscape. Says our guest: Heightened engagement among both cyber insurance brokers and policy-holders is yielding a “virtuous cycle” of better bottom-line results! Find out how brokers can help foster alignment and build trust between insurance policy purchasers (often CFOs) and their IT executives (often CIOs, CTOs). You’ll also learn how Corvus offers financial incentives to those who proactively undertake risk self-assessments to reduce liability – a major plus for all concerned. Peter also underscores why it’s so important to put in place a solid three-legged stool: Application, Exposure, Technology. When these elements are in sync, he explains, vulnerability is minimized to everyone’s benefit. Find out where cyber insurers are with developments related to third-party and systemic risk (works in progress!) and how a Minneapolis-born guy who originally got licensed as a traditional insurance broker became one of the most well-respected cyber specialists out there. “The feedback we’re getting from policy-holders is that we are creating an eco-system and environment that is improving their stance,” says Peter. “And I’m just really happy that as an Insurtech I can point to those numbers and that value.”

Key Takeaways:

 

  • Check your complementary skill sets. You may be positioned for a niche specialty!
  • How does Insurtech differ from traditional insurance? The focus is on driving down losses through technology-enabled underwriting.
  • The Three-Legged Stool of Underwriting: Application, Exposure and Technology.
  • Putting the right underwriting elements together creates a profitable “virtuous cycle.”
  • Insurtech adds value by generating tech-enabled approaches that drive down losses.
  • Corvus Differentiator: It incents policy-holders to engage with proactive risk assessment.
  • How can brokers help?
    • By proselytizing the idea of cyber policy-holder engagement.
    • By fostering alignment between the insured’s buyer (typically a CFO) and their IT leadership (typically a CIO or CTO).
  • Third-party wrongful collection of information has surged but ramifications are still actuarially unclear and still being litigated.
  • Assessing systemic risk requires nuance and working through unknown liabilities.
  • On the horizon for 2024? More frontlines information about how well policy-holder controls are working to control risk.
  • Key Quotes:
  • “When cyber (insurance) slowly became more of a mainstream product offering they just pointed to me and said: You’re the cyber guy!” – Peter (02:10)
  • “The value proposition with Insurtech is just so fundamentally different from insurance.” – Peter (04:20)
  • “Insurtech is leveraging technology to create a better policy-holder experience, better value and more profit left over at the end of the year.” – Peter (05:24)
  • “Insurtechs have proven that they can grow really fast, but that doesn’t mean they can make money.” – Peter (05:49)
  • “Engagement brings dividends to you as a policy-holder. It makes you a safer policy-holder.” – Peter (09:15)
  • “We in the cyber market really demanded much better controls on our policy-holders over the last couple of years and a lot of that has been delivered to us.” – Peter (14:25)
  • “The feedback we’re getting from policy-holders is that we are creating an eco-system and environment that is improving their stance. And I’m just really happy that as an Insurtech I can point to those numbers and that value.” – Peter (15:58)

 

ABOUT OUR GUEST:

With more than 15 years of insurance industry experience, Peter Hedberg is Vice President for Cyber Underwriting at Corvus Insurance. He has a specialty in Cyber and Tech E&O lines. A Minnesota native, Peter started his career working his way from IT intern to the position of cyber broker at Hays Companies over the course of ten years. He has spent the past six years based in New York City, first growing Hiscox USA’s business in the Northeast region as Assistant Vice President and, more recently, managing the tech and cyber side of NAS Insurance Services (now Tokio Marine) HCC as Vice President.

 

FOLLOW OUR GUEST:

WEBSITE | LINKEDIN

 

ABOUT OUR HOST:

National co-chair of the Cyber Center for Excellence, Marc Schein, CIC,CLCS is also a Risk Management Consultant at Marsh McLennan. He assists clients by customizing comprehensive commercial insurance programs that minimize the burden of financial loss through cost effective transfer of risk. By conducting a Total Cost of Risk (TCoR) assessment, he can determine any gaps in coverage. As part of an effective risk management insurance team, Marc collaborates with senior risk consultants, certified insurance counselors, and expert underwriters to examine the adequacy of existing client programs and develop customized solutions to transfer risk, improve coverage and minimize premiums.

 

FOLLOW OUR HOST:

WEBSITE | LINKEDIN

 

Cybersecurity In M&A Transactions And The Three-Layer Chocolate Cake Approach With Justin Daniels

In this episode of CHATTINN CYBER, Marc Schein interviews Justin Daniels, an equity partner at Baker Donelson, an AM law 60 firm. Justin worked as a corporate M&A attorney and started doing technology work, before eventually narrowing down to cybersecurity. In today’s episode, he talks about cybersecurity in M&A transactions, explaining in depth his three-layer cake approach to cybersecurity in M&A and the importance of cybersecurity and privacy in all aspects of technology, from individual to business transactions.

Justin begins by discussing the importance of cybersecurity and privacy for individuals and businesses, particularly in the context of smart contracts and digital wallets used in the crypto space. He emphasizes the need for individuals to shift their mindset and make intelligent choices about sharing their data. He also suggests that individuals take advantage of privacy and security settings on their phones and consider multi-factor authentication.

He then shifts to cybersecurity in M&A transactions. Justin explains his “three-layer cake” approach to cybersecurity in M&A, which includes asking the right questions, having proper representations and warranties in the purchase agreement, and not integrating the target’s network too quickly after the acquisition. He also discusses liability caps and super caps in technology contract negotiations.

Overall, this conversation stresses the importance and relevance of cybersecurity in all technology business transactions today.

 

Highlights:

 

“You have to have a certain period where cybersecurity lasts after the closing. In fact, I make it a fundamental rep where it could last through the statute of limitations, it can get negotiated.”

 

“Once you own a network, you can send in your security people and try to find any intrusions. And if you can do that, while the network is isolated, that doesn’t give the threat actor the opportunity to move laterally onto your network and probably cause a lot more damage.”

 

Time-Stamps:

 

[01:06] Justin’s journey into cybersecurity

[03:17] The importance of smart contracts and digital wallets.

[05:12] How businesses and individuals can manage privacy and security concerns.

[07:33] The pros and cons of using private browsers

[09:35] How important is cybersecurity in M&A?

[11:27] The three-step approach to cyber security.

[13:43] Liability caps helpful in M&A negotiations

[15:17] About Justin’s book, Data Reimagined, and how to connect with him online

 

Connect with Justin:

 

LinkedIn: https://www.iansresearch.com/our-faculty/faculty/detail/justin-daniels

 

 

 

 

 

Cyber Insurance Risks And How To Mitigate Them With Trent Cooksley

In this episode of CHATTINN CYBER, Marc Schein interviews Trent Cooksley, the co-founder and CEO of Cowbell Cyber about his journey into cybersecurity and how he founded one of the most successful cyber insurance companies to date.

Starting his career as a bond trader on the Chicago Board of Trade, Trent quickly realized that he wasn’t cut out for that type of work and decided to learn the ropes of becoming an entrepreneur. After serving Markel Corporation in a variety of different roles for a decade and gaining experience in international insurance business, property lines, professional lines, and acquisitions, Trent decided to build his own company, something he had been putting off for some time. He watched what was happening in the insurtech space and found an opportunity in cyberspace, and ventured in.

Trent developed proprietary technology that allowed his newly formed company to evaluate the cybersecurity health and hygiene of every business in the United States, which gave it an opportunity to really understand risks when they come in at a much more granular and better level.

Aside from his journey, Trent also talks about the biggest challenge facing the cyber insurance industry: the rapid and continuous evolution of cyber risks, which requires companies to be proactive and reactive at a rapid pace. He shares that this uncertainty also presents opportunities for those who put themselves in a position to take advantage of them. Cowbell, his company, is working towards finding a long-term solution for their policyholders by continuing to be experts in the space and how they’re modeling the risk and understanding the risk.

Listen to this episode to learn more.

 

Highlights:

 

“One of the little things that we do that I think accentuates our culture, we have a really transparent organization. So we like to be transparent. We encourage resiliency, urgency and empowerment.”

 

“We’re continually evaluating the cybersecurity health and hygiene of every business in the United States, the entire market. And that gives us an opportunity to really understand risks when they come in, at a much more granular and better level.”

 

Time-Stamps:

 

[01:43] Trent’s business milestones

[03:42] Challenges with the rapid growth of Trent’s company.

[06:25] Deep market penetration in the cyber insurance marketplace.

[08:14] Taking a cross-disciplinary approach.

[10:18] Understanding risks at a more granular and better level.

[12:39] How it looks like being the CEO of Cowbell Cyber for a day and the process behind it.

 

Connect with Trent:

 

LinkedIn: https://cowbell.insure/team/

 

 

How to Prevent Ransomware Attacks in 2023 with Jason Rebholiz

2023 is a totally different year from 2022 when it comes to ransom attacks. Based on the activities on the dark web associated with ransom actors, the numbers are going up. Last year, Russia-Ukraine had the numbers go down, but this year, we have a 102 % increase.

In this episode of the Chattinn Cyber podcast, we have the pleasure of hosting Jason Rebholiz. He is the chief information security officer at Convus Insurance and owns a YouTube Channel called Teach Me Cyber. Jason’s passion for data security is peerless, and his knowledge of the industry is something we should all want to hear. His career started at Mandiant, where he tried different things and came to learn his passion was in data security.

Jason and Marc Schein have an in-depth conversation on Ransomware and data security. Jason brings us up to speed with the current ransomware trends in 2023, the groups that are giving data security experts sleepless nights, the effects of AI on data security, and how organizations can keep their data safe.

Would you like to learn more on how to prevent ransomware attacks? Listen to this episode.

Key Talking Points of the Episode:

[02:20] How Jason got into security

[07:31] Jason’s advice to people who want to join the cybersecurity industry

[10:22] Ransomware trends in 2023?

[13:34] Most common ransomware groups

[16:48] How safe is MFA?

[20:04] How can organizations beef up their data security?

[22:01] How is AI impacting data security?

Standout Quotes from the Episode:

“Understanding the type of MFA is going to become critically important in the future.”

“When companies can go in and create this baseline of the security controls, they are going to be more protected against ransomware and other attacks than somebody that does not have that.”

Connect With Jason Rebholiz:

LinkedIn: https://www.linkedin.com/in/jrebholz/

YouTube: https://www.youtube.com/@teachmecyber

 

 

Cybersecurity Risks And The Rising Demand For Chief Information Security Officers With James Kim

In this episode of CHATTINN CYBER, Marc Schein interviews James Kim, the Vice President and Director of Cybersecurity Strategies and Programs at City National Bank in Florida, about the roles and responsibilities of a cybersecurity professional, leveling up into a CISO (Chief Information Security Officer) role, and managing cybersecurity risks in an organization.

James begins by discussing his path to his current position, attributing his success to luck, ambition, and grit. He started as a help desk technician at a bank and worked his way up over the years, focusing on risk management and developing business acumen. He realized that there was a gap between the technical aspects of cybersecurity and business, which led him to focus on improving the relationship between the two areas. He believes that this focus on developing relationships and maintaining partnerships is critical to his role and cybersecurity more broadly.

James’s day-to-day responsibilities involve incident reviews, working with governance, risk and compliance teams, reviewing policies and controls, managing projects, and tracking various initiatives. He enjoys the variety of tasks and the opportunity to work across the entire spectrum of cybersecurity, including governance, risk and compliance, security architecture, identity and access management, and business continuity and vendor risk management.

James discusses the future of the CISO role and where he sees himself in five years. He believes that the CISO role will continue to expand in prominence, with more emphasis on managing cybersecurity risks for the organization.

He concludes the conversation by advising young professionals interested in cybersecurity to know the many different aspects of the field, including governance, risk and compliance programs, cybersecurity auditing, and security engineering and analysis. He also stresses the importance of work-life balance, given the challenging and stressful nature of the work.

 

Highlights:

 

“We all have similar responsibilities around maintaining a robust information security or cybersecurity program, ensuring that we have proper processes, procedures in place to report incidents; and at the end of the day, having the appropriate safeguards in place to protect client information or patient information.”

 

“If you’ve been kind of following along with current events, I feel that within the next five years, the CISO role will continue to expand and gain more prevalence with management and the board.”

 

Time-Stamps:

 

[00:50] How did James get into cybersecurity?

[02:38] James’s day-to-day responsibilities as a security operations manager.

[04:04] Working across the entire spectrum of cybersecurity.

[06:06] Where do you see the Ceo role in five years?

[08:07] How to promote awareness internally and externally within the organization.

[10:13] Advice for young professionals trying to enter cybersecurity.

[12:14] Challenges in the future of cybersecurity.

 

Connect with James:

 

LinkedIn: https://www.linkedin.com/in/james7kim/

 

 

 

 

 

 

 

The Rise Of AI And AI Cybersecurity: How To Future-Proof The Technology of Tomorrow With Vickram Kooblall

In this episode of CHATTINN CYBER, Marc Schein interviews Vickram Kooblall, CIO and CISO at Scahill Law Group. Vickram is in charge of managing the firm’s operations and directing its technology infrastructure. He investigates and analyzes the firm’s digital transformation and cybersecurity resilience initiatives.

Vickram tells us about his upbringing and what led him to a career in cybersecurity. He reveals that the internet was never designed with security in mind, but as it grew, we realized how important it is to manage, secure, and protect data.

Vickram also describes how artificial intelligence has become the digital transformation means of law firms and many other organizations. AI and ML have greatly aided attorneys in many areas, including contract management, document management, due diligence, legal research, behavioral prediction, and so on, allowing them to become better litigators. According to Vickram, law firms deal with sensitive data daily, so data security is critical. He also shared some basic hygiene tips, like, using a strong password and multi-factor authentication.

Internal and external threats are treated equally by law firms. Internal threats are prevented/curbed with utmost employee care, especially during times like the great resignation or big quit, because data is the most important threat then. To ensure data security, many organizations today use zero trust. Encryption is also critical.

Towards the close of the episode, Vikram emphasizes the importance of focusing on AI security because of the numerous native adversarial attacks specific to AI. So, it is important that organizations using data and developing an AI model must also ensure its security.

Listen to the conversation for more details!

Highlights:

“Well, certainly in terms of zero trust is becoming, you know, one of those big, you know, big things that we’re seeing organizations do more and more, we are certainly seeing user rights and access management, being something that is looked at very closely and monitored, you know, who should have access to what and when. Also, I think the timing is very important when you’re working on a large case or a particular matter. Those individuals that don’t need access should not have access to those specific cases. During that time. And, you know, it’s going to come back to encryption.”

“You know, in terms of some basic hygiene, one of the biggest things it comes back to is also employee training. That has been one of my focuses, you know, in the last two years ensuring that the employees themselves are very well versed and understand threats that come their way. You know, in terms of strong passwords, that’s been some of the basic hygiene that every organization should implement, and more so many law firms. I have seen at least, maybe once or twice during a week of some law firm email being compromised due to exactly that not having a strong password, we have multi-factor authentication, which is certainly a must-have for any organization, especially, you know, law firms in this space..”

“I think, AI has become the digital transformation that we’ve been looking for. Look, law firms are very slow in adopting new technology and trying to, you know, get a, you know, trying to, it’s always been such a labor-intensive type of practice.”

Time-Stamps: 

[00:29] – How Vickram became executive director of the most prestigious law firm in the Northeast

[03:38] – Why is Artificial Intelligence important for law firms?

[05:38] – The best practices in law firms to secure data

[07:12] – Is Vickram concerned more about internal threats or external threats?

[08:49] – How to mitigate some of the internal threats inside an organization?

[10:15] – How is AI security important?

Connect with Vickram:

 

LinkedIn: https://www.linkedin.com/in/vickramk/

 

 

 

 

Investing in Internal Infrastructure To Mitigate Cyber Risks with Nadav Aharon-Nov

In this episode of CHATTINN CYBER, Marc Schein interviews Nadav Aharon-Nov, VP of Cybersecurity at R-MOR, Israel. He is experienced in Organizational and Regulatory Compliance, Information Security Management, Auditing and Governance, among many other areas of cyber risk management. During the conversation, Nadav shares getting into cybersecurity, leading a cybersecurity firm in Israel, the differences and similarities of the threats observed in Israel and America, the importance of investing in internal systems for any company, and how to mitigate cyber risks by thinking from the point of view of the attacker.

Nadav explains that due to the constant cyber-attacks faced by Israel, the country has learned to be creative on the cybersecurity front. They’re always thinking outside the box to figure out ways to keep their civilian life safe. The majority of the threats faced by the companies in Israel is due to ransomware attacks. Cybersecurity firms like his’ continually level up their attempts to study the attacking group’s moves and intelligence and try to get them from the inside without them knowing.

He also talks about the importance of assessing a business’ infrastructure from the outside – from the viewpoint of the attackers or hackers. While internal assessments are fairly common, external assessments could give a firm a competitive edge. Another critical piece of information shared is about automation. Attacking groups tend to use more manpower and less automation to analyze issues and make decisions quickly.

The present times have highlighted the importance of cybersecurity more than ever. Working from home, with not more than a VPN connection as security, the security offered by office spaces is quashed. Nadav explains that his company offers two unique departments – web analytics and cybersecurity to create a strategic platform that collects information from all three layers of the web to understand the hacker’s perspective, security gaps in the existing technologies and products, and to assess a company’s internal infrastructure thoroughly. A company must invest in their internal systems more than anything else, especially in today’s times.

Tune in to the episode now!

Highlights:

“There’s a big blind spot when it comes to businesses, seeing their infrastructure from the outside in. So they’re usually looking from the inside out, doing internal assessments,  (…) they’re forgetting about the other point of view. And that is the external point of view – how a criminal or a hacker or someone with malicious intent looks from the outside-in.”

“The problem is you have nothing to secure yourself at home other than a VPN connection. And most of the infrastructure at your house is either a simple modem, no firewalls, no true security on your endpoints, and everything is very exposed. So the comfort that you had in your infrastructure back at the office is literally smashed and you have nothing to get home.”

“(Every company) needs to invest in internal systems, because the criminal could be either from the outside (or) from the inside. Everyone could have criminal intentions when it comes to manipulating data, stealing data.”

Time-Stamps:

 

[02:19] – The threats faced by Israel vs. America in cybersecurity

[03:23] – How Nadav got into cybersecurity

[05:24] – How COVID has caused a rise in the need for cybersecurity

[10:19] – Where should a company invest more to mitigate cyber risks (other than cybersecurity teams)? 

Connect with Nadav

Website: https://www.linkedin.com/in/nadav-aharon-nov-62a8b5a/?originalSubdomain=il

 

 

 

 

 

 

 

Layered Security And Protection Against Ransomware Attacks With Greg Edwards

In this episode of CHATTINN CYBER, Marc Schein interviews Greg Edwards, the Founder of Canauri, a well-known cybersecurity firm, to discuss the growing threat of ransomware attacks and how businesses can safeguard against them.

Greg has been involved in the backup and disaster recovery industry since 2007. In 2012, as ransomware attacks rose, he observed that many of his off-site backup clients were affected and needed full recovery. Recognizing that this could escalate into a greater issue, he founded Canauri and decided to address this threat using deception technology.

According to Greg, the rise of ransomware coincides with the increased use of cryptocurrency. He believes that cybercrime, in general, gained momentum in 2012 when Bitcoin became mainstream. He emphasizes the significance of layered security and recommends that businesses configure and manage all layers of defense effectively.

During this discussion, Greg also talked about how MSPs (Managed Service Providers) can fall prey to ransomware, and the devastating impact it can have on their clients. Greg narrated an incident where an MSP’s RMM (Remote Monitoring and Management) was hit by ransomware, causing 80 of their clients to be affected simultaneously.

With the shift towards remote work, Greg suggests that businesses must secure all endpoints, including laptops, desktops, and mobile devices, and ensure that the networks they use are secure. He also stresses the importance of patching systems as the most crucial action people can take to defend themselves against ransomware.

In conclusion, Greg shares valuable insights into the increasing prevalence of ransomware, the importance of layered security, and the measures businesses can take to protect themselves from ransomware attacks.

 

Highlights:

 

“If you look back again to 2012, the rise of ransomware coincides with the use of cryptocurrency. So not (that) I’m a fan of cryptocurrency, personally, but the rise of ransomware and cybercrime in general, all started to take off around that 2012 mark. And that’s when that’s when Bitcoin became really big and started to become mainstream.”

 

“In the pandemic, everyone said, go home, go work from home, here’s your laptop, or even people were carrying desktops in their monitors out of the office to go work from home, and then connecting remotely in any fashion that they could. And so that inherently just opens up lots of additional vulnerabilities and attack surfaces for the attackers. So what has to be done is all of those endpoints, laptops, desktops, even mobile devices, need to be properly locked down, and then also need to make sure that the networks that they’re on got to have the proper security now, across all of those remote workers, and manage them, just like you would if it were in an old corporate network environment.”

 

Time-Stamps:

 

[00:50] Greg’s experience starting an off-site backup company in 2007.

[02:37] The rise of ransomware coincided with the rise of cryptocurrency.

[03:56] Layman’s understanding of layered security.

[06:01] Ransomware attack on remote monitoring and management.

[07:16] Advice on how to better protect yourself.

[08:41] What to do to protect yourself from ransomware?

 

Connect with Greg:

 

LinkedIn: https://www.linkedin.com/in/gedwardswpd/

The Challenges To Cybersecurity In Critical Control Systems With Joe Weiss

In this episode of CHATTINN CYBER, Marc Schein interviews Joe Weiss, the Managing Partner at Applied Control Solutions LLC, Managing Director at ISA99 ICS Cyber Security Pioneer and keynote speaker. The discussion revolves around cybersecurity challenges in control systems, with a focus on those in critical infrastructure like nuclear plants. Joe was formerly a control system engineer who worked on instrumentation controls, primarily control and safety systems in nuclear plants.

Joe notes the different challenges in implementing effective cybersecurity measures in control systems. The first, he shares, is the cultural gap between engineers and IT personnel. He explains that these two groups have different mindsets and concerns, which makes it challenging to work together. For example, IT personnel might need to upgrade a computer or perform maintenance, but engineers might resist because taking a workstation down could cause the entire plant to shut down. Joe suggests that doughnut diplomacy, which involves getting engineers and IT personnel together to work out their differences over doughnuts and coffee, has not worked in bridging this cultural gap.

Another challenge is the technical gap in control systems. Joe explains that many control systems are older systems that have been upgraded from a very insecure base. Legacy devices lack basic security features like passwords, authentication, and encryption, which makes them highly vulnerable to cyberattacks. He provides an example of how some brand-new digital sensors installed at a petrochemical plant in Abu Dhabi did not have any passwords in their vendor spec sheets. Therefore, there was no way to send calibration data to the cloud securely.

Joe adds that control systems are very different from traditional IT systems, and security measures that work in one domain might not work in the other. For example, while data is the main focus in traditional IT systems, physics is the primary concern in control systems. Control systems are designed to manipulate physical processes, and the closer they get to the edge, the more efficient the processes become. This makes it difficult to implement traditional security measures like zero trust, which assumes that nothing can be trusted until proven otherwise.

Joe concludes the conversation by suggesting that insurance companies and credit rating agencies can play a significant role in driving improved cybersecurity in control systems. These organizations are highly risk-averse and can convince boards to take cybersecurity more seriously. He believes that control system cybersecurity is not going to be solved by the government and requires a concerted effort from all stakeholders involved.

Highlights:

 

“The general rule is that these big control systems are 1980s, 1990s technology that have been in a funny sense upgraded. But they’ve been starting with a very, very insecure base.”

 

“To a sensor controller in real time, this thing is happening in milliseconds, it’s 100% trust. What’s worse, these devices are built in backdoors, directly to the internet. So everything you’re trying to say not to do on the network side is exactly what’s in this most critical of all of our critical devices.”

 

Time-Stamps:

 

[01:53] Joe’s journey into cybersecurity

[04:10] Everything is about data and data processing.

[05:52] The engineers and the network people don’t get along.

[09:04] Calibrating the sensors

[10:39] Zero trust is 100% trust

 

Connect with Joe:

 

LinkedIn: https://www.linkedin.com/in/joew1/