Details behind new liability insurance now available to protect CISOS, 110 million people with unsafe water to drink due to cyberattack and more...

We have now reached MORE than 23,735 subscribers! Thanks for your support. Help us with our mission of helping 100,000 organizations become cyber-resilient by sharing this newsletter with your network.

Be sure to read the "My thoughts" section to learn strategies for navigating and combating cyber attacks. I'm here to assist you in avoiding and battling these threats should they ever affect you.

Contact me if you have any questions regarding your enterprise's cybersecurity strategy --> Luigi Tiano.

P.S. We often do giveaways on our company page -->?

?

110 million people with unsafe water to drink due to cyberattack??

?

A recent report from the Environmental Protection Agency (EPA) reveals that over 300 U.S. drinking water systems, serving approximately 110 million people, are vulnerable to cyberattacks that could disrupt services or cause physical damage. The EPA’s Office of Inspector General assessed 1,062 water systems and identified critical and high-severity issues in 97 systems, with an additional 211 systems affected by medium and low-severity weaknesses. These vulnerabilities could lead to service disruptions, denial-of-service conditions, and compromise of customer information. (securityweek.com)?

?

My Thoughts: This is a wake-up call. Over 300 drinking water systems in the U.S. are vulnerable to cyberattacks, and this directly impacts millions of people who rely on these services daily. The fact that such critical infrastructure is exposed to these risks is both alarming and unacceptable. We’re talking about water, something essential to life, being at risk of disruption or worse.?

?

For businesses and governments, this is not just a wake-up call; it’s a serious challenge to our national security and public health. The consequences could be catastrophic if the wrong people exploit these vulnerabilities.?

?

To prevent something like this from happening, we need to take action now:?

?

? Strengthen cybersecurity measures: This isn’t the time to cut corners. Systems need to be properly protected with the latest security protocols.?

? Frequent assessments: Regularly test and assess systems to uncover vulnerabilities before they can be exploited.?

? Empower employees: Employees should be properly trained to identify threats and respond appropriately. The human factor is still one of the biggest risks.?

? Government collaboration: It’s essential to work together with federal and state agencies to stay ahead of the evolving threat landscape.?

?

The bottom line: if we don’t act quickly, the damage could be far worse than we can imagine. The safety and well-being of millions depend on how seriously we take this. Let’s not wait until it’s too late.?

?

?

Over 145,000 Industrial Control Systems Exposed Online?

?

Over 145,000 industrial control systems (ICS) worldwide have been found exposed to cyberattacks, according to a recent report. These systems, which are responsible for managing critical infrastructure in sectors like energy, manufacturing, and utilities, have significant vulnerabilities that could lead to disruptions or damage if exploited by cybercriminals. The exposed ICS devices include those used in water treatment, electrical grids, and industrial machinery. Experts warn that the lack of adequate security on these systems poses an ongoing risk, with potential consequences ranging from industrial espionage to widespread service disruptions.?

?

These vulnerabilities are often due to outdated software, poor patch management, and a lack of basic cybersecurity hygiene in industrial environments. As many ICS systems are connected to broader networks, the risk of these vulnerabilities being exploited has grown, further amplifying the potential impact. (thehackernews.com)?

?

My Thoughts: This is nothing short of a cybersecurity nightmare. Over 145,000 industrial control systems exposed to cyberattacks? This is a massive threat to the safety and security of our most critical infrastructures—energy grids, water systems, and manufacturing facilities. The fact that many of these systems are outdated and lack proper protection is just outrageous. These vulnerabilities are a ticking time bomb, and it’s only a matter of time before a serious incident occurs.?

?

For businesses and governments, the consequences of an attack on these systems could be catastrophic, leading to massive operational disruptions or even putting people’s lives at risk. As someone who’s deeply invested in cybersecurity, this is personal. This is why we must act now to protect these systems and avoid the damage that could come from ignoring this threat.?

?

Here’s what needs to happen:?

?

? Urgent system updates and patching: It’s critical that organizations update and patch their ICS systems regularly to close known vulnerabilities.?

? Improved access controls: We need better access controls and segmentation within these systems to prevent unauthorized access from external actors.?

? Security training and awareness: Companies need to train their staff to understand the threats and know how to protect sensitive systems, from basic cybersecurity hygiene to more advanced protection measures.?

? Collaborative response: Governments and private companies must collaborate to secure critical infrastructure, share threat intelligence, and build resilient systems.?

?

If we continue to allow these vulnerabilities to exist unchecked, the consequences will be more than just financial—they’ll be personal, affecting millions of lives. We need to act fast.?

?

New liability insurance is now available to protect Chief Information Security Officers (CISOs)?

?

A new professional liability insurance offering from Crum & Forster is now available to protect Chief Information Security Officers (CISOs) from personal financial losses in the event of a lawsuit. Traditionally, executives like CEOs and CFOs have been covered under liability insurance, but CISOs were often excluded. The new policy offers coverage for CISOs, even for consulting and pro bono work, and includes protection against claims of negligence or inadequate performance. This move comes as the role of CISOs has come under increasing legal scrutiny, particularly after high-profile cybersecurity incidents. The insurance plan covers legal defense costs, regulatory protection, and civil or criminal liabilities, ensuring CISOs have robust protection against personal liabilities. (cyberscoop.com)?

?

My Thoughts:?This is a much-needed shift in the cybersecurity landscape. For years, CISOs have been in a tough spot—held accountable when things go wrong, but not always covered by the insurance that would protect them personally. The new policy provides critical support for individuals in this role, helping ensure that their personal finances aren’t jeopardized by the increasing legal and financial risks associated with cybersecurity failures.?

?

For businesses, this development underscores the need to recognize and support their cybersecurity leadership.??

?

Here’s what organizations should consider to protect both their CISOs and the business as a whole:?

?

? Ensure CISO Coverage: Organizations should explore professional liability insurance for their CISOs, ensuring they’re covered in case of litigation resulting from security breaches.?

? Implement Clear Cybersecurity Policies: Establish clear, well-documented cybersecurity protocols, so that all stakeholders understand their roles and responsibilities in protecting company data.?

? Regular Risk Assessments: Regularly assess the potential legal and financial risks related to cybersecurity and adjust insurance coverage to match the evolving threat landscape.?

? Training and Support: Provide ongoing training for the CISO and their team to stay ahead of new security risks, helping to mitigate potential incidents.?

? Create Crisis Management Plans: Ensure your organization has an established incident response and crisis management plan in place to handle breaches swiftly and efficiently, reducing the risk of legal action.?

?

We only partner with the best on the market. We have a variety of options, tailored to your needs and organization size.??

?

Have questions about your cybersecurity posture? Let’s chat.?

?

Calendar Link?

?

The 'Worst' Telco Cyber Attack in US History?

?

The recent cyberattack on major US telecommunications companies, including T-Mobile, AT&T, Verizon, and Lumen Technologies, has been described as the worst telecom hack in the nation’s history. Carried out by the Chinese threat group Salt Typhoon, the attack breached multiple networks and compromised sensitive information. Hackers targeted high-value intelligence individuals, intercepting customer call records, phone conversations, and text messages. The breach has raised alarms about the vulnerability of US telecom infrastructure and its implications for national security. The attackers used a sophisticated blend of legitimate tools and custom malware to exploit vulnerabilities, making the attack particularly alarming. This incident underscores the urgent need for enhanced cybersecurity measures within the telecommunications sector to protect against future threats. (cybersecuritymagazine.com)?

?

?My Thoughts: The Salt Typhoon group’s ability to infiltrate and exploit vulnerabilities in telecom networks is terrifying, especially given how much personal and sensitive data is carried through these systems.?

?

This isn’t just a data breach; it’s an assault on our national security and our trust in the infrastructure that connects us all. The fact that hackers were able to intercept surveillance data meant for law enforcement is a clear demonstration of how high the stakes are.?

?

For telecoms and businesses handling sensitive data, here’s how we can protect ourselves:?

?

? Improve Network Monitoring: Implement real-time monitoring and automated alert systems to detect unauthorized access quickly.?

? Patch Vulnerabilities: Regularly update and patch systems to close any security gaps that attackers could exploit, especially on externally-facing services.?

? Use Multi-Factor Authentication (MFA): Enforce MFA for all access to critical systems, especially remote management tools, to add another layer of security.?

? Strengthen Endpoint Security: Ensure that all devices connected to your network are secure, with antivirus and anti-malware protection.?

? Collaboration with Government Authorities: Telecommunications companies should work more closely with government agencies to bolster national cybersecurity efforts.?

?

As we move into a future of increasingly sophisticated attacks, we need to take proactive steps to safeguard our communications infrastructure. The risks are enormous, and the time to act is now. Let’s make sure we’re prepared to face the next wave of cyber threats.?

?

Assurance IT can help. We know how it’s done.??

?

?