Network Critical - The Window to your Network

Is Your Company Cyber Covered?


Your company is likely insured to cover a variety of business risks. Some of the most common business coverages include general liability insurance, product liability insurance, professional liability insurance, commercial property insurance and perhaps some other specialty coverages depending on your business. So, as a business manager, you might think, I am covered. Well, it might be time for an insurance review that includes a relatively new, yet potentially devastating risk…cyber crime.

Most insurance companies that provide commercial property policies exclude electronic data under the definition of “covered property.” General liability coverages are designed for bodily injury or property damage which are narrowly defined in the policy. Electronic data is usually excluded under the definition of “covered property”. Personal and advertising injury excludes infringement of copyright, patent, trademark or trade secret loss which are often cyber targets.

Insurance companies and their actuarial research and tables have not kept pace with the blazing advancement in cyber technology. While technology continues to advance at a rapid pace, the insurance industry is struggling to keep up. There are, however, some companies that are developing and marketing cyber insurance policies to cover the potentially devastating effects from a cyber attack. AIG, for example, has introduced a stand alone policy called “CyberEdge.” that offers coverage against many cyber risks.

Many large companies mostly in developed economies are working with their insurers writing specific risk policies that provide coverage for business interruption, liability, remediation costs and other damages caused by cyber attacks. The cyber insurance industry is currently estimated to be about a $4 billion a year business and growing fast. Here are a few reasons for growth in cyber insurance…

Target - Data breach of 41 million customers credit card information in which Target settled for US$18 Million Anthem Health Care - Data breach exposed personal information of millions of patient records that Anthem settled for US$115 Million JP Morgan - The largest bank in the United States was hit by a breach where hackers obtained personal information including Social Security numbers of 76 million households and 7 million businesses. Subsequently, the bank has increased its cyber security budget to US$250 million per year.

A Ponemon Institute report found that the average cost of data breach for the 383 participating companies in 12 countries was about US$4 million. Two of the “megatrends” discussed in the report are that 1) Regulated industries such as healthcare and financial have the most costly breaches because of fines and a higher than average rate of lost business and customers. 2) Investments in certain data loss prevention controls and activities such as encryption and endpoint security solutions are important for preventing data breaches.

Similar to many other types of coverages, the insurance companies are working on developing risk assessment practices in order to better manage the cyber vulnerability score of applicants. Of course, the higher the risk score, the more the applicant will pay for coverage if a policy is underwritten. Many insurance companies, lacking industry-wide standardized practices are using Payment Card Industry (PCI) data security standards as a baseline for providing coverage. These standards require specific security practices such as firewall protection as well as other intrusion, encryption and data loss protections. An organization that is not in compliance with PCI standards will find it difficult to obtain coverage.

Strong network protection starts with a Next Generation Firewall (NGFW) that integrates intrusion protection along with traditional firewall protection. Additional appliances such as Data Loss Protection (DLP) provide another layer of protection helping prevent the download of protected information by unauthorized devices. Other critical appliances that identify traffic anomalies, block suspicious traffic and help weed out malware are coming to market every day.

Good news and bad news is the pace of malware protection innovation. Good that there is a constant flow of new technology coming to market with each new appliance covering a previously under-protected vulnerability. Bad that deploying numerous specialized appliances on every link of a complex network is very costly and can impact reliability and availability of networks to legitimate users. Fortunately there is one more “good” to this story.

Security appliances can be connected directly to links or can be “brokered” through intelligent visibility appliances that are designed to connect numerous appliances. These intelligent TAPS and Packet Brokers can map network traffic through connected appliances and bypass problem units. The port mapping and power-fail protections keep networks “alive” even when certain appliances are “dead”.

To summarize, cyber attacks are increasing in sophistication and frequency. A well written and rated cyber insurance policy can protect businesses from costly breaches and the associated liabilities. In order to get the best coverage at a reasonable rate, review your security profile prior to applying for coverage. The cost of a strong security infrastructure can be more than offset by lower insurance rates and by defeating attacks before the damage is done.

Posted: 15/08/2017 17:36:42 by Network Critical with 0 comments

Do You Know Where Your Data Is?


What do you know about where your telecommunications and mobile provider stores, manages and secures your personal data. You might say, “Well, I have Verizon so I don’t worry about it. They are based in the US and have great security.” Or, you might say, “I know that Apple is very focused on security and privacy. They even fought against the FBI to not give up personal user data.”

Let’s look at a little history before we move on to the current telco landscape. In the “good old days” prior to the breakup of AT&T the United States had Ma Bell (AT&T) to provide telephone service to 80% of the US market. A secondary company called GTE provided service to the areas AT&T did not want to serve. There were also a few hundred smaller independent telephone companies serving small rural areas where neither AT&T or GTE wanted to develop infrastructure.

In those days, infrastructure was expensive to develop. Most communications connections were copper cable so poles had to be erected or trenches dug to connect serving offices to the customers. There was a network of large communications switches that connected all the phones in the country used exclusively for voice calls. There was also a network of specialized computers that stored customer information, recording such data as call origination, destination, rate structure and duration for billing purposes. This is how your bill was developed.

Now, lets fast forward to 2017. Over the years innovation has exploded, legal restrictions have relaxed and the physical anchor of copper cable networks is gone. Switches have become much more sophisticated and wireless technologies have revolutionized the network. Mobile devices are now the universal terminals for voice, data, text, video, photos, entertainment, banking, shopping and a wide variety of other specialized convenience applications. There are over six billion cell phones in the world with about 1.1 billion connected to broadband services.

The major service providers like Verizon, AT&T, China Mobile, Nippon Telegraph and Telephone (NTT), Deutsche Telecom and others are providing much more than voice connections. Apple, Motorola, Samsung are working with the carriers to provide more and more sophisticated devices that are becoming the indispensable cornerstone of modern business and personal connection. Buckle up folks, here comes the scary part…

These global companies are storing, recording and analyzing everything you do as a broadband customer. These massive computers store information such as where you bank, where you shop, what restaurants you like and do not like. They have your PIN numbers, access codes, passwords and any other information used by any of your connected devices. If you think this information is just being stored in a pile like old furniture you are mistaken. These companies are using this customer identification, location and preference data to their own marketing and competitive advantage. Obviously, the more they know about their customers, the easier it is for them to provide new and interesting services, sell new products and maintain their loyalty as a customer.

These large global companies need to be nimble and cost effective while providing voice and data services to hundreds of millions of customers around the world. First, they locate their massive data centers in countries with low cost structures for land and labor. Then they hire local workers through third party contractors. Of course, they have their instruction manuals and practices that the third party company and contractor employees are expected to follow but close supervision and control is difficult when your human and physical assets are spread throughout a variety of countries and cultures.

Two recent examples of glaring security breaches are Verizon and Apple. Two highly trusted brands headquartered in the US.

  • Verizon - An independent Cyber Risk Team identified a misconfigured cloud-based file repository that exposed personal customer data of as many as 14 Million US customers. This misconfigured data repository was owned and operated by NICE Systems based in Raanana, Israel. What was at risk? Names, addresses, account details and PIN numbers. All the information that could be used to access banks, shopping accounts and other applications.
  • Apple - Employees of a third party sales and customer service contractor in China have been caught selling Apple customer data including names, numbers and Apple ID’s of Apple China’s customers. The ring netted over US$7.5 Million before being stopped.

The increasingly popular Big Data trend, storing massive amounts of data in large depositories for marketing, sales and retention analysis, exposes customers to breach and invasion of privacy. Even though your trusted provider may be in your local area, your personal data likely is being accessed and/or stored far away and managed by third party contractors without the safeguards you would expect from your preferred supplier.

For businesses, BYOD means that the exposure to employees personal devices will carry over to the business network. It is critical that links are secure and traffic visibility is consistent. Perimeter security such as Intrusion Detection as well as specialized appliances to detect traffic anomalies will help secure corporate assets. Connecting these network protection appliances is safe and reliable using intelligent TAPs and Packet Brokers. A Gartner report states that by 2020, 60% of businesses will suffer service failures due to the inability of IT teams to manage digital security. For more information about increasing traffic visibility and securing network links go to www.networkcritical.com.

Posted: 01/08/2017 19:42:19 by Network Critical with 0 comments