Error Omissions
Error Omissions
Submit your information below so we can contact you with a FREE quote
[All fields are required.]
Actual Annual Revenue:
Verify:
=
I have read and agreed to theTerms & Conditions
Error Omissions
Error Omissions

Cyber Liability: Lessons Learned After a Data Breach

Takeaways from High-Profile Data BreachesTakeaways from High-Profile Data Breaches

Recent high-profile data breaches from Target and Home Depot to Sony, Anthem and most recently Premera have risk executives and managers looking for the lessons to be learned in mitigating such compromises. Following are some takeaways, courtesy of SurfWatch.

  • Take a look at potential threats to your organization from all vantage points, not simply from a technical view. Focus on the human element, the tools cyber criminals are using (both physical and digital) and assess their motivations. Too often organizations fall into the trap of looking at only the bits and bytes. It is important to build an intelligence capability that looks beyond only the technical side to understand who is attacking who, what is being targeted, how the attack is being carried out and the impact of the attack.
  • Depending on your organization, the industry in which you serve, and your profile level, understand and monitor indicators that your organization may be targeted by hacktivists sponsored by a nation state. Develop methods to increase your situational awareness of geopolitical and social events that may impact an organization’s supply chain and/or infrastructure.
  • Thoroughly research direct threats to decide if the threat is indeed credible. A cyber criminal may attempt to extort an organization before releasing its information. For example, the malicious actor who breached SONY’s systems sent executives an email three days prior to the initial data leaks. While executives are inundated with emails each day, suspicious emails require additional scrutiny, especially if an organization suspects it may be targeted by cyber threat actors.
  • Classify what type of information the organization has and what the risk is should the information be stolen. Everything can no longer be simply thrown behind a giant wall in a network and forgotten about. Once information is properly classified, protection measures can be implemented based on the level of risk such as encryption, access controls, and data monitoring.
  • Take a good look at what IT services should be operated in-house versus outsourced to a service provider. By the time data-wiping malware or ransomware is detected, it is often too late to recover data. The least expensive and most reliable method to protect company data is to keep a regularly updated remote backup or shift to a cloud provider.
  • Ensure that your organization has a developed Incident Response capability and that it is exercised regularly based on real-world scenarios. Also, develop a breach response playbook that outlines response scenarios based on perceived risks to information within your organization.
  • Establish a committee whose charter is to oversee business resilience risks, including cyber as a focal pillar of the overall risk management program. A committee that measures the organization’s health from a cyber risk intelligence and business resilience perspective will provide a strategic level of visibility to the board of directors.

Review your Cyber Liability insurance program to make sure it is robust enough to respond in the event of a breach and pay for expenses that your organization will incur in the wake of a cyber attack. Determine how much of that risk you want to transfer with a professional cyber liability insurance expert. Axis Insurance Services specializes in Cyber and Privacy & Network Security insurance and can assist you in designing a policy that will address your needs. Give us a call at (877) 787-5258.

Comments

comments

Blogged on: April 13, 2015 by Mike Smith
Error Omissions
Error Omissions
Submit your information below so we can contact you with a FREE quote
[All fields are required.]
Actual Annual Revenue:
Verify:
=
I have read and agreed to theTerms & Conditions
Error Omissions
Error Omissions