Category

Risk and Liability

Ransomware Attacks from Critical Infrastructure to Police Departments

By | Data Protection, Information Security, Risk and Liability | No Comments

Ransomware attacks have been growing over the past three years and in just the past 2 weeks have shown how public these attacks have become.  The first attack on Washington DC (Metropolitan) Police resulted in a massive leak of internal information because they did not meet the blackmail demands1.  The second major attack was on the Colonial Pipeline, which shut down the pipeline, resulting in fuel shortages up and down the East Coast.  The Colonial Pipeline operators decided to pay the ransom of 75 Bitcoin or nearly $5 million USD2.  Government organizations can’t pay ransom per longstanding practices, but commercial groups decide to pay or not based almost purely on cost and impact to their bottom line. The latter could encourage more ransomware attacks since they are so lucrative, but there is very little to guarantee that systems or data are completely “released” once ransom payments are made. We need a better way.

Ransomware can infiltrate an organization through hacking or in the ways that a computer virus might spread. Once executed, the ransomware essentially holds your data and systems hostage. It’s rather effective because rather than attempting to steal all your data, it typically will encrypt all your data and make your systems unusable and unreadable until a ransom is paid for the decryption key.

Ransomware with the release of the Executive Order on Improving the Nation’s Cybersecurity has become a top priority of the White House. Previous attacks against police departments have resulted in cases being dropped due to the offices being locked out of their computers3.  Police departments need to protect sensitive data such as background check files by keeping them separate and ensuring that they can recover the data if they are locked out.

It’s impossible to prevent all forms of hacking. Therefore, one must also develop a strategy to mitigate the effects of an attack. As referenced in the recent Executive Order, Zero Trust is a framework that assumes you and your organization has or will be compromised is a tremendous step forward in changing how computing systems are built and how truly resilient they can be. This involves the same strategies one would implement for a disaster recovery plan, which includes taking regular backups of all the data and rebuilding the infrastructure supporting that data in a short amount of time. Isolated Secure Enclaves, provided by Grey Market Labs, are one possible solution to the problem that police departments face when trying to keep information protected, allowing sensitive forensics (e.g., exploitation reviews) to take place on modern technology and providing increased access for officers while increasing the security of all their digital work.

___________________________________________________________________________________

Grey Market Labs is a Public Benefit Corporation founded with the social mission to protect life online. We build revolutionary software and hardware products, and partner with like-minded industry leaders, to create a future with “privacy-as-a-service”.

Simply: we prevent data from being compromised and protect our customers work, online.

Contact us to see how we can work together.

Pattern-of-Life through Electricity Monitoring

By | Data Privacy, Information Security, Risk and Liability | No Comments

Household electricity monitoring provides insight into the usage of electronics in the home. Monitoring can be accomplished through commercial products (e.g. those described here https://www.bobvila.com/articles/best-home-energy-monitor) or through a utility provider’s service (such as the Duke Home Energy Report). These insights can help pinpoint which devices are wasting energy to help the homeowner save money. The analysis of electricity by these products or providers is so in-depth that they extract exact brand information on individual devices based on how much electricity that device is using and the unique electrical signature it produces

This information can also be used for Pattern-of-life analysis to expose the daily activities inside the home – which could be used for anything from targeted advertising to exploiting security weaknesses. It is important for homeowners to be aware of how this data is being used and what rights they have over it in order to make informed decisions when managing risk and participating in politics.

#GREYdient Score: 3/10

___________________________________________________________________________________

Grey Market Labs is a Public Benefit Corporation founded with the social mission to protect life online. We build revolutionary software and hardware products, and partner with like-minded industry leaders, to create a future with “privacy-as-a-service”.

Simply: we prevent data from being compromised and protect our customers work, online.

Contact us to see how we can work together.

Cyber Liability Insurance: Part of a comprehensive security plan

By | Data Privacy, Information Security, Risk and Liability | No Comments

It seems like every day there is a new story about a data breach and how millions of sensitive user records have been exposed.  The financial and healthcare industries are two of the biggest targets with some of the most sensitive data about people’s daily lives.  Theft and exposure of this data can open up these institutions to huge financial losses in the form of lawsuits and lost business.  Companies need ways to prevent and mitigate these potential losses.  Well-designed security protocols and software can prevent many of the data breaches that happen daily.  There will always be some risk of a breach but the use of best practices and strong security software reduces the number of attack vectors and thus significantly diminishes the risk.

Knowing that there always remains the risk of a breach, the question every company should be asking is: Should Your Business Get Cyber Liability Insurance?  As the CEO of LowCards.com (a free consumer resource website covering the credit card industry) points out, “many businesses are now turning to cyber liability insurance to minimize their risk of loss.”  Bill Hardekopf provides a great 101 on Cyber Liability Insurance and why you should consider it.  An important takeaway from the article is that “The insurance provider will evaluate policies, software and hardware to check for potential areas of weakness.”  The provider may even set a minimum standard for obtaining insurance or charge higher premiums for companies with weaker practices and software. Even if the standards aren’t there today, they will be emerging, and they will begin to affect rates and overall liability of a data compromise or a breach.

A good analogy to cyber liability insurance is property insurance, something every business should have.  Basic safety measures like fire extinguishers and smoke detectors are often minimum standards for even obtaining property insurance.  More advanced features like a security alarm system result in discounts on the premium paid for insurance.  In the same way with cyber liability insurance, installing anti-virus software or an advanced counter-exploitation platform could be considered a minimum standard or result in reduced premiums.

Given the importance of preventing a data breach most companies already implement counter measures.  However, given the likelihood a business will be the target of a successful data breach, companies should also consider adding cyber liability insurance.   Having a comprehensive plan for prevention and mitigation will help a company weather any storm that confronts them.

 


 

Grey Market Labs is a Public Benefit Corporation founded with the social mission to protect life online for people and organizations. Our software and hardware products are creating a future with privacy-as-a-service, delivering proactive internet protection from the moment of access to countering exploitation of digital behavior and activity. Simply: we prevent data from being compromised, establish trust between users and protect our customers work, online

Contact us to see how we can work together.