1-888-643-2217 Email ABEX
Keeping you updated

How Much Could Ransomware Cost Your Client?

CFC’s new tool helps you find the answer.

Ransomware attacks are a disproportionately expensive type of cyber event, accounting for 81% of all cyber-related losses last year. But how much it costs an individual business depends on their industry sector and size as well as a number of other factors, from how long they were out of action to whether sensitive data was stolen.

Built from data analysis relating to thousands of cyber events handled by CFC, this new tool gives users low, medium, and high severity ransomware loss estimates based on just four simple pieces of business information. It also generates a bespoke, downloadable report explaining the methodology used.

Try it out and help your clients get to grips with the single biggest cyber threat facing their business today.

Click here to enter CFC’s brand new ransomware calculator.

Source: www.cfcunderwriting.com

‘Spooky’ Risks Covered by CFC

Think those of us working in insurance are too boring to celebrate Halloween? Witch, please. Believe it or not, CFC has some serious appetite for spooky risks. From mortality consultants to synthetic humans, they’ll consider more than your bog standard risk! Check out the some of the haunting risks from their healthcare, management liability, professions and tech teams:

Childhood fears

Exposure therapy is designed to help you overcome your deepest and darkest childhood fears. Put on a VR headset that simulates scary clowns chasing you through a funhouse. That’ll sort you out, right?

We provide healthcare, tech and cyber cover (including affirmative bodily injury language arising out of multiple triggers) for digital health exposure therapy companies, all under our eHealth policy.

Hello from the other side

If you’re looking to speak to a loved one who is deceased, a platform now exists to connect consumers with psychics via the telephone or messaging. However, all is well until a client claims to be defrauded by a psychic’s services.

We covered the tech platform under our management liability policy.

Synthetic humans

A medical device manufacturer is developing a synthetic human to be used by hospitals and medical schools to reduce the need for human donors and animals for use in training. A fa-boo-lous idea!

We provided D&O coverage to meet the requirements of the manufacturer’s seed investors.

Modern day grim reaper

Goodbye grim reapers, hello mortality consultants. These professionals develop computer-based models of how long an individual or population is likely to live and the most likely causes of death.

We provided professional liability cover for the mortality consultancy.

Horror games

Not everyone likes to get their fill of thrills, but those who do have probably dabbled in a few of the popular horror games developed by a well-known mobile games developer who we insured.

We provide cover for tech E&O, including contingent BI/PD, cyber and media, as well as excess coverage over D&O for game developers.

Bonus: We did not write that…

As much as we love our extraterrestrial friends, our K&R team had to decline a submission for alien abduction and impregnation. Regrettably, we also did not cover a Sasquatch sighting which caused severe shock and emotional distress.

Source: www.cfcunderwriting.com

September Cyber Incidents

It’s been busy in the world of cyber risk, and September is no exception. In the past month, we’ve seen big players like Apple and Microsoft suffer zero-day vulnerabilities as well as ransomware continuing to wreak havoc across the globe.

  1. The return of the REvil ransomware groupThe REvil ransomware gang has returned and is attacking new victims and publishing their stolen files.

    Following a massive attack on July 2nd, which exploited a zero-day vulnerability in the Kaseya VSA platform to encrypt 60 managed service providers and over 1,500 businesses, REvil shut down their infrastructure and completely disappeared. The attack’s impact was felt worldwide, bringing the attention of international law enforcement, and the REvil gang suddenly shut down on July 13th.

    To everyone’s surprise, the REvil ransomware gang came back to life on 7th September under the same name when the Tor payment/negotiation and data leak sites suddenly turned back on and became accessible. Proof of new attacks emerged on September 9th when someone uploaded a new REvil ransomware sample compiled on September 4th to VirusTotal. On September 11th, the group published screenshots of stolen data for a new victim on their data leak site.

  2. Windows MSHTML zero-day exploits shared between attackersThreat actors are sharing Windows MSHTML zero-day (CVE-2021-40444) tutorials and exploits on hacking forums, allowing other hackers to start exploiting the new vulnerability in their own attacks.

    On 7th September, Microsoft disclosed a new zero-day vulnerability in Windows MSHTML that allows threat actors to create malicious documents, including Office and RTF docs, to execute commands on a victim’s computer remotely. After the vulnerability was disclosed, Microsoft Defender and other security programs were configured to detect and block parts of this attack.

    While these mitigations will help, as the exploit has been modified not to use ActiveX controls, users are still at risk until an official security update is released. Until Microsoft releases a security update, everyone should treat all Word and RTF attachments suspiciously and their source manually verified before opening them.

  3. Olympus hit with BlackMatter ransomwareOlympus, a leading medical technology company, is investigating a “potential cybersecurity incident” that impacted some of its EMEA IT systems last week. Olympus has more than 31,000 employees worldwide and over 100 years of history developing for the medical, life sciences, and industrial equipment industries.

    While Olympus did not share any details on the attackers’ identity, ransom notes left on systems impacted during the breach point to a BlackMatter ransomware attack. The same ransom notes also point to a Tor website the BlackMatter gang has used in the past to communicate with victims.

  4. Apple patches zero-day flaw exploited by NSO GroupApple has released security updates for a zero-day vulnerability that affects every iPhone, iPad, Mac and Apple Watch. Citizen Lab, which discovered the vulnerability and was credited with the find, urges users to immediately update their devices.

    Citizen Lab said it has now discovered new artifacts of the ForcedEntry vulnerability which it first revealed in August as part of an investigation.

    This exploit is significant because it breaks through new iPhone defenses that Apple had baked into iOS 14, dubbed BlastDoor, which were supposed to prevent silent attacks by filtering potentially malicious code. Citizen Lab calls this exploit ForcedEntry for its ability to skirt Apple’s BlastDoor protections.

    Citizen Lab said it attributes the ForcedEntry exploit to NSO Group with high confidence, citing evidence it has seen that it has not previously published.

Source: www.cfcunderwriting.com

Cyber Tips: Backup Policies

Data is the most valuable part of a computer system and may be irreplaceable if lost to a ransomware attack or a hardware failure, or if it becomes corrupted.  The following tips will assist you planning and preparing a backup policy for an incident in case the worst happens.

What is a backup policy?

A backup policy is a well-thought-out plan to mitigate against data loss that could happen due to a ransomware attack, hardware failure, data corruption, or some other detrimental event. If implemented well, it can help an organization to return to business as usual more quickly and easily.

The complexity of the backup policy will depend on the size of the organization, the number of applications and databases it uses, and the quantity of data that requires backing up. It will also depend on company policy and regulatory obligations applicable to the organization.

How do I implement backup policy best practice?

1. Identify your most critical data and plan accordingly

By identifying the most critical data to your business, resources can be allocated to ensure that this data is protected and prioritized. Backups can be tailored to that particular data accordingly.

2. Take frequent backups

If you have mission-critical data, then attention should be paid to the frequency of the backups that are taken.

3. Use the 3-2-1 approach to backups

Create three copies of your data in addition to the original file, using two different backup media types stored locally and one copy stored remotely offsite.

Backups should be isolated or air-gapped from the network when not actively backing up data.  Backup media should never be permanently connected physically or over the network.

4. Employ versioning to data

Backups should contain old versions of your data, not just current versions of files backed up most recently. This is important in case of file corruption or ransomware that may be lurking in current data backups.

5. Periodically test the integrity of your backups

Data should be checked regularly to ensure that it is accessible and readable.

Other considerations for your backup policy

o  Data should be encrypted when backed up. This will help prevent unauthorized access.

o  Consider making your backups immutable, so they cannot be altered by you or the bad actors.

o  Consider using remote storage. Cloud based storage can be a cost-effective option if managed correctly.

o  Automate backups where possible. This will make the practice of backing up your data a part of everyday business.

o  Consider the retention period for your backups. This is especially important if you are using cloud services to back up your data.  Cloud data storage costs can mount up so determine a sensible length of time for storage in your backup policy, considering legal and regulatory obligations.

o  Consider your data retention policy. Do you actually need all the data that you are storing and backing up? Often data is stored unnecessarily adding an unnecessary cost and has additional security burdens if exposed.

Source: www.cfcunderwriting.com

Esports Accelerating into Mainstream Entertainment Market

Imagine a nascent but fast-growing global market generating revenues running to billions of dollars and annual audiences well into the hundreds of millions. Now stop imagining – what you’re thinking about is the world of esports.

Moving mainstream

Esports have been developing for some years now, and the growing numbers and sophistication of the market prove it is here for the long haul.

Most of us are familiar with online gaming. Esports takes things one step further. Instead of people playing video games on their own, esports has created an entire online and in-person spectator experience around these games.

Professional players compete alone or as part of teams, battling each other in tournaments or as part of a league. Audiences fill out arenas, watching players fight it out on massive screens, or supporters log in online and watch their favourites play remotely.

In 2017, esports generated almost $700m in revenues worldwide and a global audience of almost 400 million.

In 2021, despite the impact of COVID-19 on physical spectator events, the market is forecast to have revenues of almost $1.1bn and an audience of 475 million.

Market stakeholders

There are many different stakeholders in the world of esports. There are the publishers who make the games that people play. There are then the tournament organizers. In many cases, publishers run their own tournaments, but there are also lots of third parties organizing events.

Streaming platforms such as Twitch or YouTube Gaming allow players to record and broadcast themselves to online audiences, who can then engage with supporters as they play. These players are often part of professional teams.

There are then the fans, who watch online or attend live events. They spend significant sums on merchandise and can support players through donations and subscriptions.

On top of all this sit the sponsors who provide the lion’s share of the market’s revenue and in 2021 this segment will account for almost 60% of the money generated by esports.

Investment interest

Understandably, investors want to get involved in a market that is generating revenues that will exceed $1bn this year and where live stream viewer numbers are exploding.

The COVID-19 lockdown restrictions accelerated the growth in these numbers, which will continue to grow as more games are tailored for watching on mobile devices and the experience for remote users improves.

FaZe Clan has led the way in monetizing interest in gaming through an entertainment-first model which has garnered a global fanbase of 339 million combined across all social platforms.

Audiences of this scale offer significant opportunities and it is no surprise that most of the money generated in the esports market comes from outside of competitive play.

New concepts are being developed quickly and are proving hugely successful. For example, a Travis Scott concert was hosted and broadcast within the game Fortnite. Players could drop in and watch the concert as part of their playing experience. They could also buy digital merchandise as part of the show.

The concert attracted 27.7 million unique viewers across five showings within the game, demonstrating the potential of these innovative events to engage new and sizeable audiences.

Risk and reward  

In 2024, esports is on track to appear at the Paris Olympics as a side event. This sort of mainstream exposure will further accelerate its already stellar growth and make it even more attractive to big brands and sponsors.

In recent months, the restrictions on live events created by COVID-19 have seen many professional sports turn to esport alternatives to maintain audience engagement.

It is also the case that as a developing market, esports has not yet been standardized, increasing the number of opportunities to engage with the multiple structures surrounding the various players, teams, leagues and tournaments.

In the same way that professional football, or any other established global sport, relies on insurance, elite level esports has the same need for safeguards and protections, and demand is growing.

It is a market that is brimming with potential from media, entertainment and advertising to sponsorship, contingency and individual players.

Source: www.cfcunderwriting.com



Receive notifications of new posts automatically.


Like us on Facebook

Connect with us on LinkedIn