The increase in successful cyberattacks driven by both an explosion of ransomware activity and a series of high profile zero-day vulnerabilities, is forcing cyber insurers to further scrutinize the companies they insure and the policies they offer.
All organizations should have access to the skills needed to detect and contain threats. But, typically, only the very largest enterprises can afford the millions in annual staff and infrastructure investments required to maintain a Security Operations Center (SOC).
The nature of LinkedIn’s professional environment facilitates communication among individuals from various backgrounds across industries. However, threat actors have been known to exploit the business networking platform for malicious aims, including intelligence gathering, identity theft and spear phishing. A number of fake profiles identified on the site have been observed targeting individuals in diverse sectors, particularly those with roles in government, cyber security and education.
Rclone is a data syncing tool often used by threat actors to exfiltrate data during a ransomware attack. Typically, the actors deploy Rclone after gaining remote access to the victim’s network. However, recently, Kroll experts have noted the use of Rclone in M365, using credentials stolen through network compromises or phishing attacks with minimal privileges to stealthily exfiltrate large amounts of SharePoint/OneDrive data.
The costs associated with a cyberattack can be significant, especially if a company does not have an Incident Response plan that addresses risk. The one-two punch of a cyberattack can be devastating. There is the breach and then the related mitigation costs. Implementing a comprehensive Incident Response (IR) game plan into a worst-case-scenario should not be a post-breach scramble. And when that IR strategy includes insurance, it also must address a business’s level of cyber risk.
Proactive threat hunting is a cyclical, proactive and hypothesis-driven process that assumes an undiscovered breach of an unknown type has already occurred. There is no precipitating incident or roadmap; no high-fidelity detection rules have been triggered.
Moving to the cloud is becoming a business necessity. Cloud technologies are flexible and scalable and less expensive to maintain than on-premises solutions, allowing companies to easily adapt as business needs change. The only real barrier to making the move is concerns about cloud migration security.
Our CFO cybersecurity survey has shown that Chief Financial Officers are highly confident in their companies’ abilities to ward off cyber security incidents, despite being somewhat unaware of the cyber vulnerabilities their business faces. Almost 87% of the surveyed executives expressed this confidence, yet 61% of them had suffered at least three significant cyber incidents in the previous 18 months.
Odds are, you are already in the cloud. According to the Flexera 2021 State of the Cloud Report, 99% of people surveyed are using at least one cloud service in their business, and 97% of respondents are using at least one public cloud. The rewards of moving into the cloud are significant. In the cloud, you can build and launch new services and add computing capacity more easily than you can on premises, and in a more cost-effective manner.
The goal of a SOC 2 audit is to evaluate and verify how a service provider, whether an IT provider, Software-as-a-Service (SaaS) platform, or other outsourced solution, handles sensitive customer data. Companies are pursuing SOC 2 certification because it is an industry-recognized way to show customers that their security program is worthy of their trust. When thinking about how to prepare for a SOC 2 audit, cyber risk assessment and penetration testing should be on your list.
