Cyber Risk Governance Insights | August 12, 2024

WEEK IN HEADLINES

FINANCIAL SERVICES - Massive Data Breach Exposes 4.3M HSAs

A security breach at HealthEquity [NASDAQ: HQY], a Utah-based fintech firm, has compromised the sensitive data of 4.3 million customers. The stolen data includes names, addresses, Social Security numbers, and more. HealthEquity is offering affected customers two years of complimentary credit monitoring and urges vigilance in reviewing financial statements for suspicious activity.

INSIGHT: Your data should be protected by advanced encryption methods to protect your data.? You should also regularly update and patch systems, implement stringent access controls, and regularly audit Technical and Governance Controls through a Security And Risk Assessment, as it can help identify potential security and compliance weaknesses.

INFO SERVICES - 2.7B PII Records with Social Security Numbers Exposed

Nearly 2.7 billion records containing personal information, including names, social security numbers, and addresses, were leaked on a hacking forum. The data, originating from the National Public Data April 2024 breach, was exposed by a threat actor named “Fenice.” This breach has led to multiple class action lawsuits and highlights the urgent need for improved data protection measures.

INSIGHT: None of us need another "We're sorry.? Here's Free Credit Monitoring for 12 Months" from these companies.? We await the weight of the multiple class action lawsuits and the fines and penalties from regulators like State Regulators (CCPA), FTC, Data Protection Authorities.

ELECTIONS - State Operations To Influence 2024 US Presidential Election

Microsoft reports increased Iranian efforts to influence the 2024 US presidential election. Activities include covert news sites, spear phishing, and intelligence gathering. These operations aim to stir controversy, incite chaos, and undermine election integrity.

INSIGHT: Prevent these types of cyber-attacks by engaging with a Security Awareness and Education (SAE) Platform. It should include educating employees to recognize and avoid phishing attempts, and identify questionable video content that may have been generated through AI.

EDUCATION - School Boards Assoc Hit by Cyberattack Amid Back-to-School Prep

The Ohio School Boards Association (OSBA) experienced a cyberattack on Thursday, disrupting their website and email services. While no sensitive information was compromised, the breach has hindered communication with its 3,500 members and 700 school districts.

INSIGHT: Another example/evidence of misaligned resources allocated to school districts to potentially help diminish these types of cyberattacks. While increased funding can enhance a school’s cyber resilience posture, it’s not a guaranteed solution. Cyber Risk Management is a complex field that requires a multi-faceted and collaborative approach among the Stakeholders - Administrators, Technologists, and Internal Audit & Compliance.

ENTERTAINMENT - Crisis After Data Breach Leaks Unreleased Shows

Netflix [NASDAQ: NFLX] is grappling with a significant data breach that has led to the leak of unreleased episodes from popular series like “Arcane” Season 2 and “Heartstopper” Season 3. The breach, caused by a compromised post-production partner, has prompted Netflix to take aggressive action to remove the leaked content and protect its intellectual property. This incident marks one of the most severe security challenges in the company’s history.

INSIGHT: This is another supply chain attack where one of the company's post-production partners was compromised.? This is another reminder that cyber risk management is only as good as the weakest link.? We encourage companies to identify their current cyber resilience maturity score as this can provide a competitive edge and attract new customers.

GOOD NEWS - North Korean ‘Laptop Farm’ Funding WMDs Dismantled by US DoJ

The U.S. Justice Department arrested Matthew Isaac Knoot for aiding North Korean IT workers in obtaining remote jobs at American companies. Knoot operated a “laptop farm” that allowed North Koreans to pose as U.S. citizens, funneling earnings to North Korea’s nuclear weapons program.

INSIGHT: This case highlights the ongoing threat of North Korean (state and state-sponsored) cyber activities and the importance of cybersecurity vigilance.? DPKR is only one of many nation-states (and surrogates) actively targeting US companies and citizens and the primary purpose is money.? Ransomware prevention should be top of mind for all organizations.

CONSUMER SERVICES - Hackers Access Customer Data, Company Assures Systems Safe

ADT [NYSE: ADT] disclosed a security breach where hackers accessed customer order information, including emails, phone numbers, and addresses. The company assures that home security systems and sensitive financial data are not compromised. ADT has notified affected customers and activated enhanced cybersecurity protocols to protect their information.

INSIGHT: Be mindful of unusual activity among any of your online or financial accounts - even if ADT assures you its mismanagement of your now compromised data did not include sensitive financial info. Password management is important for all of your online activities.

INSIGHTS & EXPERT PERSPECTIVES

RISK MANAGEMENT

REDUCTION - Ransomware 2024: Insights to Evolving Threats

The first half of 2024 has seen significant changes in the ransomware ecosystem, with over 2,570 incidents tracked by researchers. This report highlights the emergence of new ransomware groups, evolving attack methodologies, and the increasing sophistication of encryption techniques. Key findings include the rise of new groups like RansomHub, the targeting of mid-sized companies, and the continued use of advanced encryption algorithms. The report underscores the need for robust cybersecurity defenses to combat these evolving threats.

Key Insights:

• New Groups Emerge: 21 new groups were identified in the first half of 2024, with RansomHub making a notable impact.
• Advanced Encryption Techniques: Sophisticated encryption algorithms boost the potency of ransomware attacks.
• Mid-Sized Companies Targeted: Companies with AR of ~$5M are more frequently targeted.
• Leak Sites: Ransomware group postings grew 66% from 2023 to 2024.
• Claims Surged: An average of 14 publicly claimed incidents per day.?

INSIGHTS: Assessing your organization’s cyber resilience and cyber risk posture is a valuable first step in defending against existing and new ransomware groups and variants. Here’s why:

• Understanding the Threat Landscape: By assessing your cyber risk, you gain a clear understanding of the various threats your organization faces, this awareness can help you tailor your defenses to your business objectives.
• Identifying Vulnerabilities: A security and risk assessment can help identify vulnerabilities in your network and governance, allowing you to take steps to address them and reduce your risk.
• Improving Incident Response: By understanding your cyber risk posture you can improve your incident response. If Minimize the potential damage by being prepared to respond effectively and confidently.
• Appropriate Security Investments: A security and risk assessment can inform you about your security investments. You can allocate resources more effectively, ensuring that you’re getting a security ROI.

?An equally valuable activity is conducting a DIY Business Impact Analysis. A BIA should be a part of your organization’s business continuity plan to help manage cyber risk. Here’s how:

• Identify Critical Functions: A BIA helps you identify and prioritize critical business functions that could be affected by cyber threats to focus your cyber risk mitigation efforts where they are most needed.
• Understand Impact: By assessing the potential impact of a cyber incident on critical functions, you can better understand your cyber risks and costs - both direct costs (like system repair) and indirect costs (like reputational damage).
• Informed Risk Management Decisions: Understanding the potential impact of a cyber incident can inform your risk management decisions aligned with business objectives and resources.
• Develop Recovery Strategies: It also helps you develop effective recovery strategies, potentially restoring business function within 24 hours avoiding significant operational impact.
• Stakeholder Communication: It can also help illustrate the potential impacts of cyber risks to not only internal stakeholders but also investors and customers, building support for your cyber-related initiatives.?

A BIA is key for any organization that wants to take cyber resilience seriously. The more you understand your risks and the potential impact on your business, the better prepared you’ll be.?

If you'd like our free BIA Template, send a message to Sean Mahoney or Stanley Li.

TRANSFER - Report Reveals Stark Disparity in Insurance Coverage

The 2024 Intangible versus Tangible Risks Comparison Report from Aon, highlights a significant gap in insurance coverage between intangible and tangible assets. Despite the higher value and risk associated with intangible assets, only 19% are insured compared to 60% of tangible assets.

Intangible assets often include data, intellectual property, and digital infrastructure, which are highly vulnerable to cyber threats.

The report underscores the urgent need for businesses to reassess their risk management strategies, especially in light of evolving threats from generative AI and cyber security.

Key Insights:

• Protection Gap: Only 19% of intangible assets are insured, compared to 60% of tangible assets.
• Higher Risk: The average probable maximum loss for intangible assets is 37% higher than for tangible assets.
• Cyber Threats: 56% of organizations experienced a significant security breach in the past 24 months.?

INSIGHTS: We still see a bit of uncertainty among underwriters for cyber liability insurance, and the dynamic cyber risk landscape and AI make it challenging to accurately assess and price these risks for appropriate coverage and affordable premiums.? Therefore, you should focus on investing in advanced defense-in-depth technologies, enhancing internal controls and governance to enhance your cyber resilience rather than solely relying on insurance.

If you take the initiative to elevate your cyber resilience and provide evidence of such investments, you may be able to get better insurance coverage and mitigate potential financial losses from cyber incidents.

A Security and Risk Assessment (SARA) can be effective in understanding where resource allocation can be more effective, especially in light of the findings from the Aon report. Here’s how:

1. Identifying Critical Assets: SARA helps identify both tangible and intangible assets that are critical to the organization’s operations.
2. Assessing Vulnerabilities: SARA identifies vulnerabilities in your systems and processes that could be exploited.
3. Prioritizing Risks: SARA highlights the likelihood of various risks, prioritizing which risks to address first.
4. Informed Strategies: The insights gained from a SARA can inform your development of risk mitigation strategies, including the purchase of insurance.
5. Benchmarking and Tracking: SARA provides a baseline for the organization’s current security posture and can be used to track improvements over time to demonstrate the effectiveness of your cyber risk management.

SARA provides an in-depth analysis of your current security posture, allowing you to distribute resources more effectively in a way that aligns?with your business objectives. This proactive approach to managing cyber risk helps you protect your most valuable assets in an increasingly risky cyber world.?

Thank you to Judy Selby for bringing this report to our attention.

Netswitch Sharpen Your Cyber Edge with Netswitch

Master Compliance & Minimize Risks:

1. Independent Security Audit: Identify network risks with our automated Security And Risk Assessment (SARA). Get a clear picture, prioritize improvements, and optimize resource allocation. Contact Netswitch.
2. Free "Quick Start" Program: Gain a free cyber risk and governance health check. Enroll now and start building resilience.

Deepen Your Knowledge:

• Join Our LinkedIn Group: Collaborate with industry leaders in the CyberRisk Governance Community on LinkedIn. Share insights and stay ahead of the curve.
• Live Events: Participate in interactive LinkedIn Live sessions. Explore cyber risk topics with executives, technologists, and governance professionals.

Don't wait.

Contact Netswitch Technology Management today to take control of your cyber risk.

Disclaimer: The information and links provided in this newsletter are for informational purposes only. Netswitch does not warrant the accuracy or completeness of such information and is not liable for any damages arising from its use.