Welcome back to Cyber Weekly - a weekly update on what's going on in the cyber world. With over 1000 people subscribed to this newsletter, we know these updates are important to the cyber community. Share this newsletter with those who could benefit.
Cyber insurance companies have an important exclusion in their insurance contracts. It’s called the “Act of War.” So, if a cybercrime is considered an “Act of War”, insurance companies do not have to cover for the damage related to a cyber attack. Well, in 2017, pharmaceutical company, Merck &Co.’s, got hacked by what we now know as NotPetya. Their insurance company denied coverage, refusing to pay, under the pretense that the attack was an “Act of War.” Merck took them to court. And won $1.4 billion. (Bloomberg)
My thoughts: This case is a huge warning sign to cyber insurance companies needing to be more specific on what is covered compared to what’s not covered. We should expect additional and stricter exclusions to be the norm when it comes to cyber insurance coverage. That will be hard on the average business. It will certainly be more difficult to get coverage. Cyber insurance is relatively new though. Do you think more businesses will consider it?
Canadian Centre for Cyber Security is recommending critical infrastructures in Canada to take action in their cyber security initiatives. Here is the breakdown from their bulletin:
“The Canadian Centre for Cyber Security encourages the Canadian cybersecurity community—especially critical infrastructure network defenders—to bolster their awareness of and protection against Russian state-sponsored cyber threats…The Cyber Centre urges Canadian critical infrastructure network defenders to:
My thoughts: Their list of recommendations is pretty good to build cyber resilience. Note, that the last step is optional. However, if you have any questions about the next step you should take in your cyber resilience initiatives, private message me. I would gladly answer any questions you may have.
“We immediately retained security experts to investigate this matter further and ensure the integrity and security of our systems.” Francis Bouchard, the agency’s manager of corporate communications and public affairs said.
The agency, known in English as Visit Montreal, is one of many victims attacked by the Karakurt group.
The Karakurt posting, dubbed its Winter Data Leak Digest, says “the data amount we have obtained is speaking for itself. Which means there is a big hole in IT department that allowed us to exfiltrate everything we wanted.”
This may potentially affect the agency’s 900 local members and partners. (IT World Canada)
My thoughts: One month later and the investigation is STILL on-going.
In Sante Fe, New Mexico, the Albuquerque Public Schools announced a cyber attack after trying to fend it off for a few weeks. They were one of 5 other public schools that were attacked over the last two years. It happened over the holidays which allowed the district to make plans, but they still needed to shut down the school for a few days. (Toronto Star)
My thoughts: Here are a few consequences of a cyber attack that most don’t consider:
REvil was behind some of the biggest ransomware attacks like the Colonial Pipeline. But just last week, the US and Russia worked together. The Federal Security Service raided 25 residences tied to the group and seized approximately $6.8 million in various currencies. (CoinDesk)
My thoughts: A communal approach is the only way to survive cyber attacks. Helping each other out is the right lead taken on by these governments working together.
“China has developed the world's largest electric-powered quadruped bionic robot, which is expected to join logistics delivery and reconnaissance missions in complex environments that have proven too challenging for human soldiers, including remote border regions and highly risky combat zones.” (Global Times)
My thoughts: Thought this was very interesting to share. Kind of scary.
Access The Untold Stories of IT Professionals.
Assurance IT launched IT Spotlight - a weekly newsletter putting the spotlight on IT professionals. Get the inside scoop on their careers, their predictions in the industry and more. Once a week, every week, find out what other IT professionals are up to. Learn more here.
Access monthly conversations with IT & Tech Leaders about the hottest cyber security topics in the industry.