1-888-643-2217 Email ABEX
Keeping you updated

It’s Not Too Late, Start Your Cyber Resolution Today

CFC has put together a few top cyber-related resolutions for this year.  Check them out and have a secure 2019!

  1. I will change all default passwords on my personal and work devices.
  2. I will regularly check for updates to the operating systems of my laptop, computer and mobile phone.
  3. I will install strong anti-virus software and keep it updated.
  4. I will think twice before clicking on unknown links or attachments in emails.
  5. I will authorize payments to new transfer partners via telephone to minimize risk of fraud.
  6. I will not share sensitive information on social media that could be used against me in phishing attacks.
  7. I will back up my entire system at least once a week on an external hard drive.
  8. I will encrypt my mobile phone and all of my other devices.
  9. I will talk to my kids (or parents) about how to stay safe online.
  10. In the event that resolutions 1-9 fail, I’ll have a cyber insurance policy in place to save the day!

Source: www.cfcunderwriting.com


Cyber Claims Case Study: CEO Swindle

One of the most common types of social engineering is CEO fraud. This is typically a targeted attack where a fraudster impersonates the CEO or another senior executive within an organisation and instructs a member of the finance department to make an urgent payment to a particular account for a specific reason. Even traditional businesses who might not think they have a strong cyber exposure can lose thousands in attacks like this.

CFC’s latest cyber claims case study tells the story of a manufacturer who fell victim to CEO fraud and the financial fallout the company experienced as a result.

The key takeaway points are:

  • CEOs and senior executives are prime targets for cybercriminals. They tend to act as the face of their respective companies and have bigger profiles on company websites and social media accounts, allowing cybercriminals to gather valuable information about them. Cybercriminals also know that employees are instinctively less likely to question instructions from senior executives. CEOs and senior executives therefore need to be especially conscious of sticking to good cybersecurity practices, and employees need to be particularly alert to suspicious emails and have robust authentication procedures in place.
  • Cybercriminals are becoming increasingly sophisticated. In the past, it was not uncommon to see blatant attempts at funds transfer fraud over email, with an urgent appeal for help or bogus prize give-aways being just two examples. Now, however, we are seeing far more nuanced attacks, with fraudsters sending convincing credential phishing emails to gain access to email accounts, setting up forwarding rules on email accounts to avoid detection and making use of seemingly legitimate invoice templates to add authenticity to their scams.
  • Lots of businesses don’t think they need to purchase cyber insurance because they believe they have good IT security in place, such as firewalls and anti-virus software. But this ignores the fact that people are often the weakest link in an organisation’s IT security chain. With increasingly sophisticated attacks like this on the rise, it makes it difficult for employees to tell the difference between a real email and a fake email or a real invoice and a fake invoice, and it makes the chances of a successful social engineering attack against a business increasingly likely.

Read the full case study here

Source: cfcunderwriting.com


Signs of Progress on National Flood Program for Canada

Canada is making good progress on a national flood program, pending a final decision by federal, provincial and territorial (FPT) ministers responsible for emergency management.

“What they are looking at is one national insurance solution to improve outcomes for high-risk Canadians across the country,” Craig Stewart, vice president of federal affairs at Insurance Bureau of Canada (IBC) told Canadian Underwriter in an interview Tuesday. “There may be regional insurance pools adapted to local conditions, but it would be nationally coordinated.”

FPT ministers responsible for emergency management have mandated IBC to lead a national working group to take a look at options and what they would look like. IBC provided three options:

  • A pure market approach (like in Germany and Australia) where governments exit disaster assistance
  • A broadened version of the status quo, but with better-coordinated insurance and disaster assistance
  • Deployment of a high-risk pool analogous to Flood Re in the United Kingdom.

The next step is for the working group, which Stewart chairs, to cost out the pool. “The pool needs to be capitalized as it was in Flood Re,” Stewart said. “So, we need to figure out where that money is going to come from. Is it going to come from governments? Is it going to come from insurers? Where is it going to come from?”

A final decision will be made by ministers after the high-risk pool is costed, which Stewart expects to be completed by June. Decisions on eligibility, how to capitalize the pool, and on any cross-subsidization await the results of that costing analysis.

In addition, this spring, the ministers will hold a technical summit on flood data and science. “Our view of the risk many not align with the government’s view of the risk,” Stewart said. “We need to bridge the gap. This symposium is going to focus on essentially the data and science of flood modelling.”

In early 2020, there will be the launch of a consumer-facing flood risk portal. IBC has been working with the federal government to develop the authoritative flood portal, where consumers can discover their risks and what to do about them.

“Elevating consumer awareness of flood risk is key,” Stewart said. “Consumers aren’t going to be incented to protect themselves or to buy insurance unless they know their risk.”

In May 2018, FPT ministers responsible for emergency management tasked IBC to lead the development of options to improve financial outcomes of those Canadians at highest risk of flooding. IBC worked with a wide range of insurers, government experts, academics and non-governmental organizations to produce the three options, which were tabled with ministers last week.

The ministers released the first-ever Emergency Management Strategy for Canada: Toward a Resilient 2030 on Jan. 25. The document provides a road map to strengthen Canada’s ability to better prevent, prepare for, respond to, and recover from disasters.

“In less than two years, Canadian insurers have secured a mandate with every province and territory to finalize development of a national flood insurance solution, have successfully catalyzed a national approach to flood risk information, have secured over two billion dollars in funding for flood mitigation, and have succeeded in securing a funded commitment for a national flood risk portal,” Stewart said.

Source: Canadian Underwriter


“Reading the Policy” Means Reading Every Word

Every insurance professional has had experience with small policy language changes that have big effects (usually negative) on coverage. Sometimes it’s a single word—added, deleted, or altered—that fundamentally changes the way a policy will respond to a given loss exposure, and those language differences are obviously the hardest to deal with, or even to find.

Take a look, for example, at this phrase from a modified commercial general liability (CGL) policy “aircraft, auto or watercraft” exclusion: “… the ownership, nonownership, maintenance, use or entrustment to others of any auto.…”

The term nonowership, of course, has a long tradition in commercial automobile insurance. It provides liability coverage for automobiles the insured does not own, hire, lease, rent, or borrow but that are used in connection with the named insured’s business. It includes autos owned by employees, partners, or members of their households used in connection with the business. So, it’s not a strange coverage term … in an auto policy. But remember, the policy under discussion is a CGL policy.

A knowledgeable CGL insured doesn’t expect to have coverage for liability arising out of the ownership, maintenance, or use of autos. But that same insured will expect to have CGL coverage in connection with auto-related exposures when some unrelated third party—for whose activities the insured does not otherwise have any legal responsibility—is the owner, operator, or user of an auto. (The use of vehicles by an independent contractor doing work for the insured is a common example. In such situations, the insured’s liability arising out of the nonownership of an auto is an important feature of CGL coverage, although few people would be likely to describe the exposure using that term.)

In this instance, the CGL insurer that was excluding coverage for the “nonownership of any auto” was one that markets its policies to firms with large land holdings, industrial operations, or retail establishments with substantial vehicular traffic. Warehouses, industrial sites, timber operations, quarries, and entertainment venues are examples. These risks typically have heavy traffic on their premises and perhaps personnel directing traffic in and out. An exclusion applicable to the “nonownership” of autos wipes out general liability coverage for these common exposures.

The modified exclusion in question was imposed in the middle of 1 of 23 pages of endorsements to a standard CGL policy. While it resulted in a material, and important, reduction in coverage, it could easily have gone unnoticed by an insured—or that insured’s insurance professional—unless every word of the policy and its endorsements were read carefully.

Source: International Risk Management Institute, Inc. (IRMI)


Vulnerability Found in Multi-Factor Authentication

CFC sent us the advisory below to share regarding a new multi-factor authentication (MFA) vulnerability.  Whether you have your cyber policy with CFC or elsewhere, please review and take steps to minimize your exposure.

CFC has become aware of a significant new security vulnerability that can be easily exploited to bypass multi-factor authentication (MFA). MFA is commonly used to protect against phishing attacks and compromised passwords, which are two of the most common root causes of cyber claims seen by our incident response team. Even worse, we’ve become aware of tools available on the dark web that exploit this vulnerability and expect substantial use of the tool to compromise previously protected environments.

How it works

A new penetration testing tool has been published by a security researcher that automates phishing attacks against multi-factor authentication protected websites. This tool, dubbed Modlishka, sits between a user and a target website such as Outlook 365 or Gmail.

The victim receives authentic content from the legitimate site but all traffic and all the victim’s interactions with the legitimate site pass through and are recorded on the Modlishka server. Any passwords a user may enter are automatically logged on this server, while the reverse proxy also prompts users for 2FA tokens when users have configured their accounts to request one.

If attackers are on hand to collect these tokens in real-time, they can use them to log into victims’ accounts and establish new and legitimate sessions. We have seen a similar method used to intercept other web services such as Citrix Web Access.

You can find more information here.

Steps to take

  1. Disable web access to email or remote desktop environments where possible
  2. Use hardware tokens as a means of multi-factor authentication (FIDO 2.0 and U2F)
  3. Implement phishing awareness and education:
    • Do not click on links in emails, and instead type the address in your browser
    • Avoid suspicious email attachments or links, and if necessary, verify the sender
    • Never hand over your credentials such as passwords or sensitive information such as bank account numbers
    • Check that the website address looks right and is spelled correctly
  4. Use DMARC in order to protect against spoofing of email domains

Blog

FOLLOW OUR BLOG

Receive notifications of new posts automatically.



ABEX - AFFILIATED BROKERS EXCHANGE IS ON FACEBOOK.

Like us on Facebook

Connect with us on LinkedIn