Recently, two major players in the hospitality industry, MGM Resorts and Caesars Entertainment, found themselves sustaining direct, devastating attacks from cybercriminals. Both attacks shared a common thread: they exploited the human element within help desks, highlighting the critical need for robust training, policies, and procedures to protect against such incidents. The MGM Cyber Attack The […]

In the constantly evolving cybersecurity arms race landscape, it’s becoming increasingly clear that security has to be embedded into products and services from the outset, not just patched on or dealt with downstream when security vulnerabilities are found and exploited. The United States Cybersecurity and Infrastructure Security Agency (CISA) on April 13, 2023, released the […]

In recent years, ransomware attacks have become a major threat to organizations of all types, including nonprofits. In fact, for cybercriminals, nonprofits make for especially vulnerable and enticing targets right now due to the true most common cybersecurity vulnerabilities, which are broader than any specific technical vulnerability, and include:  The truth is that most organizations, […]

Even your best cybersecurity measures can’t render your data perfectly secure.  But you can be almost perfectly secure, if you follow best practices in order to harden your systems against the most common cybersecurity vulnerabilities.  We’ll review exactly what’s meant by “best practices” below, but first let’s look at the successful attack on the password […]

Speaking to the Financial Times on December 26, 2022, Mario Greco, CEO of Zurich Insurance, warned that, just like natural catastrophes, cyber attacks will become uninsurable due to the multiplying and amplifying disruption from successful cyber attacks.  The warning is dire and justified, but all too easy for businesses to misinterpret – to their peril.  […]

As Nation state cyber-attacks become more prevalent, more insurance writers are starting to view the risk exposure as a significant threat. Lloyds of London expressed that starting March 2023, all policies will be excluding nation state cyber-attacks and cyber-attacks that may happen during a war event. Additionally, these policies are said to at least exclude […]

The answer is yes. Here’s why – and specific steps to mitigate the threats.
The truth is that, despite dramatic plot-lines in movies and news stories, the most common cybersecurity threat isn’t from shadowy, skilled hackers, but from all-too-human mistakes and weakness within your organization. 

CISA (The Cybersecurity and Infrastructure Security Agency) is warning organizations that Russia’s invasion of Ukraine could include malicious cyber activity against the U.S. and stated that “evolving intelligence indicates that the Russian Government is exploring options for potential cyberattacks.”

Cryptocurrency holdings targeted by HubSpot hackers On March 18, 2022, HubSpot discovered that a bad actor, using a compromised HubSpot employee account, breached almost 30 portals of its clients. The attack seems to have been targeted at HubSpot customers in the cryptocurrency industry.  The companies affected by the breach have said their operations were not affected and they have […]

The past year has been overwhelming in many ways, but cyber threats really took off and became a primary concern for all businesses, no matter the size. The 2022 Verizon Data Breach Investigations Report (DBIR) summarizes four key paths, all of which pervasive and should be a focus for organizations: Credentials, Phishing, Exploiting vulnerabilities, and Botnets. […]

As you may know, the cyber insurance market has been hardening due to the recent increase in threats, specifically ransomware attacks. In order to stem losses, insurance carriers  are increasing technical requirements and raising premiums. According to a senior analyst at Forrester, premiums grew 18% in Q1 of 2021 then up to 34% Q4 of […]

In today’s digital age, war also means cyber-war.  Russia’s invasion of Ukraine is likely to result in a multitude of cyber-attacks and many cyber coverage battles. Email attacks from Russia are already on a surge and carriers are carefully looking over their coverage and preparing for this cyber-war. “War exclusion” or “hostile act exclusion” generally […]

CISA (The Cybersecurity and Infrastructure Security Agency) is warning organizations that Russia’s invasion of Ukraine could include malicious cyber activity against the U.S. and stated that “evolving intelligence indicates that the Russian Government is exploring options for potential cyberattacks”.  CISA asks that organizations report any malicious cyber activity. Additionally, during this time, every organization should adopt […]

As cyber losses increase and negatively impact insurance carriers and their loss ratio, Lloyd’s of London is proposing to exclude certain coverage from their cyber-insurance policies. The company stated that it will no longer cover any losses that result from “cyber -war”. Cyber-war is a cyber-operation that disrupts the activity of a state or organization. […]

As some of you may have heard, IKEA recently experienced an alleged supply chain phishing attack, BleepingComputer reports. This attack targeted internal mailboxes and there are suspicious emails being sent from compromised IKEA organizations and partners. Supply chain phishing attacks can be extremely harmful to an organization’s reputation and credibility because the suspicious emails come from […]

CISA (The Cybersecurity and Infrastructure Security Agency) is warning organizations that Russia’s invasion of Ukraine could include malicious cyber activity against the U.S. and stated that “evolving intelligence indicates that the Russian Government is exploring options for potential cyberattacks.”