Welcome to the next edition of our cyber newsletter in which we keep you posted on recent developments in the news and review the latest trends, high profile attacks and lessons learnt from this evolving threat landscape.
IN THIS EDITION
CLARITY HAS BEEN FOUND ON DATA BREACH LITIGATION
The US Supreme Court recently rejected an appeal made by a US-based online retailer in a proposed data breach class action lawsuit; this decision could be a setback for companies looking to reduce their data breach liability. We take a critical look at this decision and discuss the potential regulatory implications.
BREACH COSTS AND THE INTENSITY OF CYBER-ATTACKS ARE ON THE RISE
The UK Department for Digital, Culture, Media and Sports recently published the findings of their 2019 Cyber Security Breaches Survey, which contained some surprises following the introduction of the GDPR in May 2018. The Hiscox Cyber Readiness Report 2019 further supported these views.
NEW SUPPLY CHAIN THREAT HAS DETECTED
Kaspersky Lab recently revealed their discovery of a new supply chain threat known as ShadowHammer, which is currently wreaking havoc on various technology, gaming and pharmaceutical companies across Asia.
CYBER BUYING TRENDS HIGHLIGHTED IN ASIA SURVEY
Pre-acquisition JLT Asia’s annual survey documents how companies across Asia have been buying cyber insurance in 2018 and the various trends we have observed concerning industry sector, limits, coverage and claims notification. We also make some interesting cyber buying predictions for 2019.
DEBUNKING THE TOP 5 RANSOMWARE MYTHS
When it comes to ransomware attacks, the general consensus of opinion is one of fear and confusion surrounding the appropriate steps to take once your systems have been disconnected and you receive a ransom demand. Winston Krone from cyber security firm Kivu Consulting provides some clarity on the subject and eliminates popular ransomware misconceptions one by one.
QUANTIFICATIONS ADDS UP TO BETTER CYBER RISK MANAGEMENT
Ideas on best practice for managing cyber risk differ depending on who you ask, so ideally engaging all stakeholders would be the most effective solution. However, gaining consensus from all parties can prove challenging, which is where cyber risk quantification can step in to make things a little easier.
CYBER BUZZWORD OF THE MONTH – EVIL MAID ATTACK
Evil Maid attacks, named by Joanna Rutkowska, refer to scenarios that affect device integrity. This includes gaining unauthorised physical access to an unattended device with the purpose of changing, stealing or selling the information found on the device; and hackers selling ‘brand new’ laptops containing pre-loaded keyloggers or malware to unsuspecting victims. Although the opportunities for this type of attack are limited, physical attacks can have a profound impact on the company.