Tag Archive | Data Breach
September 13, 2023  

MGM Cyber Hack Has its Las Vegas Hotels Resorting to Cash Bars, Paper Vouchers

MGM Resorts International is a large publicly traded company with billions of dollars of annual revenues. So, reading the news about the cyber attack they’re currently facing might have you thinking that something like this only happens to those large, multi-billion publicly traded companies.

The reality, however, is that ALL businesses in today’s world, large and small, are exposed to cyber attacks in some way, shape of form.

First, a quick update to what’s going on here:

News like this takes center stage do to the notoriety of MGM Resorts International. However, let this be a lesson that the issues that MGM is facing are the same issues everyday main street businesses face from a cyber attack, just on a smaller scale.

Think about the repercussions of this cyber attack. Here’s a list to get you thinking:

First Party Damages

  • Loss of electronic data: the cost to repair damaged software or replace lost or stolen data from the cyber attack.
  • Cyber extortion: cyber criminals holding data and/or information hostage for a ransom; cost to help pay for the ransom.
  • Business interruption/loss of income: a data breach or cyber attack leaves you unable to operate your business. The lost income and expenses add up fast here.
  • Security fixes and cyber forensics: Costs of upgrading your security and investigating the data breach.
  • Notification and identity protection for affected customers: Cost of notifying customers impacted by data breaches and paying for identity protection.
  • Fraud and credit monitoring services: Cost of credit monitoring for any customers impacted by a data breach.
  • The impact on your business reputation: Costs of handling public relations and repairing the damage to your business reputation. Libel, copyright infringement, defamation.

Third-Party Liability

  • Damage to a third-party system (in case of an accidental virus transmission, for example)
  • Network Security and Privacy Liability: Liability for alleged negligence or that you failed to properly protect customer information.
  • Media Liability Claims: This includes accusations of libel, slander, fraud, etc.
  • Regulatory proceedings and or fines form regulatory bodies
  • Legal costs, settlements, and damage awards

So, what if this happened to your business tomorrow? You come to work in the morning and realize that you’re locked out of your entire network and not a single employee can get a single task done.

You have a ransom demand of $400,000 from a hacker.

Where do you start? Are you capable of doing this all alone? To pay the costs out of pocket? To deal with the IT forensics and loss of data? The network fixes and trying to get back to where you were before you shut down the night before?

If this reality hits you hard in the face, cyber liability/data breach insurance coverage is something you should consider to address these very circumstances.

Cyber insurance programs can team up with your managed IT provider to help with the list of costs and expenses to navigate through the mess caused by a cyber attack. And carriers have deep resources to help fix the mess and get you back to business much faster and more efficiently than trying to deal with this sort of mess alone.

There are many cyber insurance options out there. No two are the same. It’s important to work with a provider who knows the ins and outs of cyber insurance coverage.

Contact me today if you have questions about cyber insurance or would like to look at coverage and cost options.

Let’s hope that MGM gets this settled as quickly as possible for all involved.

April 4, 2023  

Do Manufacturers Need Cyber Insurance?

Although ALL industries are at risk of cyber attacks now more than ever, did you know that manufacturers make the top 5 list of industries being targeted the most by cyber criminals according to Forbes?

That’s because digital systems such as IoT, shop floor controllers, and monitoring platforms have enabled the interoperability of different teams in the manufacturing industry to streamline processes.

Unfortunately, this convenience has also drawn the attention of cybercriminals for data theft or ransom demands capable of disrupting operations on a massive scale with global repercussions.

Here are five notable [and extremely costly] cyber risk exposures manufacturers face:

  1. Extortion: An organization’s security is only as strong as the judgment of its employees. All it takes is one employee clicking on what appears to be an innocent link, but it is actually malware, for all of the company’s data to be encrypted within seconds. A hacker will then contact the organization asking for a “ransom” ranging from a few thousand dollars to millions to decrypt the files.
  2. Forensic and Notification Costs: Should there be a cyber attack, the Manufacturer will need to engage a forensic investigator ($250-$500/hr) to determine the scope of the attack and if any sensitive data such as employee records or confidential corporate information was breached.
  3. System Damage: Manufacturers rely heavily on their computer systems to properly fill orders. Damage to a manufacturer’s computer system could be devastating and lead to defective products or a complete halt in production.
  4. Business Interruption: Manufacturers will experience a direct financial loss every hour that their systems are down. They will incur unexpected additional costs such as sourcing products by alternative means and paying staff overtime to meet deadlines.
  5. Social Engineering: Believe it or not, Cyber Crime (aka Social Engineering) is one of the most frequent claims in cyber insurance to date. Cybercriminals will trick financially responsible employees of the manufacturer to send money to a fraudulent bank account. Hackers have become patent and will open sit in the system undetected monitoring and intercepting email activity before executing their scam. Their tactics range from posing as the CEO, a vendor, or a client to simply creating fake employee profiles in the payroll system to siphon money out.

There are simple and effective measures that manufacturing businesses can put in place to be better prepared for emerging cybersecurity threats. These include having a formal incident response plan, effective backup strategy and testing, multi-factor authentication (MFA), Data Retention Policies, and endpoint Detection and Response (EDR) to name a few.

I won’t go into the weeds with technical IT details. That’s for the IT professionals to decide such as your in-house IT team, managed IT provider, or cyber security consultants to help develop. I suggest having your IT provider work in union with a quality cyber insurance policy so that you are prepared in the event of a data breach.

I work with some quality IT professionals and cyber security companies that I can recommend if you need help with this. Just reach out and ask if you need it.

Remember, there’s a reason why manufacturers make the top 5 list of industries being targeted the most by cybercriminals. You don’t just need to hold personally identifiable information to have a cyber exposure. The world is basically run on the cloud now and there’s no hiding from the cyber risk exposures prevalent in today’s technology-driven world.

Credit: Evolve MGA

July 26, 2017  

Ransomware Victims Have Paid Out More Than $25 Million in Past Two Years

Ransomware victims have paid out more than $25 million in the past two years, according to a new study by Google, Chainalysis, UC San Diego and the NYU Tandon School of Engineering. The study reviewed 34 separate families and discovered that a particularly harmful strain, Locky, received more than $7 million in payments. Ransomware, which infects and locks a system until payment has been received, has become “an almost unavoidable threat” over the past few years. It’s shown to be popular amongst cybercriminals, who often demand payment in the form of bitcoin. Two ransomware attacks made earlier this year by WannaCry and NotPetya had been “deemed destructive in nature,” Forbes writes, but only received $140,000 and $10,000, respectively.

A viable solution to this sort of threat? A good Cyber Liability insurance policy will pay extortion expenses and extortion monies as a direct result of a credible cyber extortion threat. This is only one of the many areas a Cyber Liability insurance policy can help.

Cyber insurance can be essential in helping your company recover after a data breach, with costs that can include business disruption, revenue loss, equipment damages, legal fees, public relations expenses, forensic analysis and costs associated with legally mandated notifications. A lesser-known benefit of cyber insurance is the role it can play in protecting your company long before a breach occurs.

#RansomwarePayout #CyberLiability

-JK

October 1, 2016  

Educate Your Employees During National Cyber Security Awareness Month

This October is Cyber Security Awareness Month, an event co-sponsored by the Department of Homeland Security (DHS) and the National Cyber Security Alliance (NCSA) in order to raise awareness of the importance of cyber security issues. While the event is designed to highlight some of the nation’s cyber security precautions, as well as how to be prepared in the event of a national cyber security incident, much of the focus is on good cyber security practices for the average individual.

Specifically, the groups are trying to promote their “Stop. Think. Connect.” and Stay Safe Online campaigns—efforts that teach good cyber security in terms everyone can understand. In order to encourage your employees to practice good cyber security, review the following lessons with them:

  • Password Security: More powerful computers have given criminals the ability to crack passwords easily. Passwords with a mix of capitalized and lowercase letters—as well as numbers, symbols and other special characters—are much harder to crack. And, though it should go without saying, make sure your employees don’t write their passwords down in plain sight in their work spaces.
  • Phishing Scams: A number of different scams could fall into this category, but they all have commonalities that your employees should be aware of. Never open an email from an unknown source, and never click on a link in an email unless both the sender and the link can be trusted.
  • Software Updates: Security patches are designed to fix known vulnerabilities. Make sure your employees download the latest security patches when they become available.

Those wishing to participate in this year’s activities can find a number of resources available online, or contact me  for further cyber security materials.

-JK

May 2, 2016  

Participating On A Panel for Cyber Crime

This past Wednesday I was part of a panel for an educational workshop to discuss innovative ways to protect small businesses from cyber crime.

On the panel was an FBI Special Agent who shared FBI insights on fighting cyber crime. Akilah Kamaria from Blue Fields Digital Intelligence shared strategies organizations can use to prepare for and respond to a cyber incident. I shared information on cyber liability and data breach insurance and its role in helping to protect companies from cyber crime losses.

Special thanks to Akilah Kamaria for allowing inviting me to participate. Also, to Gal-A Photography for the professional photos:

Thank you for putting on such an important and great event!

-JK