Cyber Insurance: What is your bank doing to manage risk? presented by

Similar documents
2018 Data Security Incident Response Report Building Cyber Resilience: Compromise Response Intelligence in Action

Legal Aspects of Cybersecurity

Personal Cybersecurity

Cybersecurity and Nonprofit

Cybersecurity The Evolving Landscape

CLICK TO EDIT MASTER TITLE STYLE Fraud Overview and Mitigation Strategies

DeMystifying Data Breaches and Information Security Compliance

UPDATE: HEALTHCARE CYBERSECURITY & INCIDENT RESPONSE Lindsay M. Johnson, Esq. Partner, Freund, Freeze & Arnold, LPA

Security & Phishing

Moving from Prevention to Detection March 2017

The Data Breach: How to Stay Defensible Before, During & After the Incident

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

Cybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City

Managing Cybersecurity Risk

Cyber Risks in the Boardroom Conference

Preparing for a Breach October 14, 2016

Cyber-Threats and Countermeasures in Financial Sector

You ve Been Hacked Now What? Incident Response Tabletop Exercise

Cybersecurity and Hospitals: A Board Perspective

2017 Data Security Incident Response Report. Be Compromise Ready: Go Back to the Basics

FTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved.

Electronic Communication of Personal Health Information

Cyber Security Updates and Trends Affecting the Real Estate Industry

The Impact of Cybersecurity, Data Privacy and Social Media

Cyber Security and Data Protection: Huge Penalties, Nowhere to Hide

Business continuity management and cyber resiliency

2017 RIMS CYBER SURVEY

Data Breach Preparation and Response. April 21, 2017

CYBER SECURITY AIR TRANSPORT IT SUMMIT

Evolution of Spear Phishing. White Paper

Cyber Attack: Is Your Business at Risk?

NORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers

CYBERSECURITY IN THE POST ACUTE ARENA AGENDA

Today s Security Threats: Emerging Issues Keeping CFOs Up at Night Understanding & Protecting Against Information Security Breaches

Data Breach Preparedness & Response

Data Breach Preparedness & Response. April 16, 2015 Daniel Nelson, C EH, CIPP/US Lucas Amodio, C EH

June 2 nd, 2016 Security Awareness

Assessing Your Incident Response Capabilities Do You Have What it Takes?

10 Cybersecurity Questions for Bank CEOs and the Board of Directors

Unified Communications Phase 2 Presentation to IT Services Users Group

Understanding Cyber Insurance & Regulatory Drivers for Business Continuity

Cybersecurity in Higher Ed

2017 Cyber Incident & Breach Readiness Webinar Will Start Shortly

What is Cybersecurity?

Entertaining & Effective Security Awareness Training

COUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE. Presented by Paul R. Hales, J.D. May 8, 2017

CYBER THREATS: REAL ESTATE FRAUD ADVISORY COUNCIL

How Cyber-Criminals Steal and Profit from your Data

CYBER SECURITY RISK ASSESSMENT: WHAT EVERY PENSION GOVERNMENTAL ENTITY NEEDS TO KNOW

Brian S. Dennis Director Cyber Security Center for Small Business Kansas Small Business Development Center

Employee Privacy in the Electronic Workplace

The Devil is in the Details: The Secrets to Complying with PCI Requirements. Michelle Kaiser Bray Faegre Baker Daniels

The Cyber War on Small Business

Tackling Cybersecurity with Data Analytics. Identifying and combatting cyber fraud

CYBER INSURANCE: MANAGING THE RISK

Six Steps to Protect Your Clients and Protect Yourself from Identity Theft

Cybersecurity Today Avoid Becoming a News Headline

ID Theft and Data Breach Mitigation

Six Steps to Protect Your Clients and Protect Yourself from Identity Theft. Ley Mills IRS Stakeholder Liaison December 20, 2017

Governance Ideas Exchange

Protecting Your Gear, Your Work & Cal Poly

HOW SAFE IS YOUR DATA? Micho Schumann, KPMG, Cayman Islands

Florida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government

Cybersecurity is a Company-Wide Issue

Security Breaches: How to Prepare and Respond

Cybercrime and Information Security for Financial Institutions. AUSA Jared M. Strauss U.S. Attorney s Office So. District of Florida

What can we lose not implementing proper security in our IT environment? Aleksandar Pavlovic Security Account Manager Cisco

Legal Issues Surrounding the Internet of Things and Other Emerging Technology

PCI Compliance. What is it? Who uses it? Why is it important?

Agenda. Security essentials. Year in review. College/university challenges. Recommendations. Agenda RSM US LLP. All Rights Reserved.

Don t Be the Next Headline! PHI and Cyber Security in Outsourced Services.

CyberEdge. End-to-End Cyber Risk Management Solutions

Forging a Stronger Approach for the Cybersecurity Challenge. Session 34, February 12, 2019 Tom Stafford, VP & CIO, Halifax Health

mhealth SECURITY: STATS AND SOLUTIONS

KnowBe4 is the world s largest integrated platform for awareness training combined with simulated phishing attacks.

Healthcare HIPAA and Cybersecurity Update

Cybersecurity for the SMB. CrowdStrike s Murphy on Steps to Improve Defenses on a Smaller Scale

10 FOCUS AREAS FOR BREACH PREVENTION

Background FAST FACTS

Engaging Executives and Boards in Cybersecurity Session 303, Feb 20, 2017 Sanjeev Sah, CISO, Texas Children s Hospital Jimmy Joseph, Senior Manager,

INFORMATION SECURITY-SECURITY INCIDENT RESPONSE

Protecting your next investment: The importance of cybersecurity due diligence

4/5/2017. April 5, 2017 CYBER-RISK: WHAT MANAGEMENT & BOARDS NEED TO KNOW

AUTHENTICATION. Do You Know Who You're Dealing With? How Authentication Affects Prevention, Detection, and Response

ASSESSMENT LAYERED SECURITY

Cybersecurity It Matters to SMB

CYBER SECURITY WORKSHOP NOVEMBER 2, Anurag Sharma [CISA, CISSP, CRISC] Principal Cyber & Information Security Services

Cybersecurity Auditing in an Unsecure World

But it Was Such a Little Phish February 2016 Webinar

Cyber Attacks and Data Breaches: A Legal and Business Survival Guide

Cybersecurity Conference Presentation North Bay Business Journal. September 27, 2016

Employee Security Awareness Training

T11: Incident Response Clinic Kieran Norton, Deloitte & Touche

Preventing fraud in public sector entities

Ransomware A case study of the impact, recovery and remediation events

2016 Tri-State CF Partnership Webinar Series. Cyber Crime Trends a State of the Union April 7, 2016

TIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE

ACM Retreat - Today s Topics:

SECURITY STATE OF THE INDUSTRY

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016

Transcription:

Cyber Insurance: What is your bank doing to manage risk? David Kitchen presented by Lisa Micciche

Today s Agenda Claims Statistics Common Types of Cyber Attacks Typical Costs Incurred to Respond to an Incident Prevention and Remediation Tips We will not cover: Overview of notification laws (US State, HIPAA, GDPR, etc.) Communication strategies Regulatory notifications and investigations

2017 Cyber Claims Reported Claims by Industry Financial Sector 18% Professional Sector 18% Retail/Wholesale 12% Manufacturing 10% Business Services 10% Other 8% Energy & Transportation 8% Media & Technology 8% Public Entity & Non-Profit 5% Hospitality 5% Source: AIG Cyber Claims Study 2018

2017 Cyber Claims Reported Claims by Type, Across Industries Extortion 29% Data Breach 19% Security Failures 15% Impersonation Fraud 9% Other 8% Virus Infection (Non-Ransomware) 8% Physical Loss of Assets 6% Regulatory Issues 4% Denial of Service Attack 2% Source: AIG Cyber Claims Study 2018

2017 Cyber Claims Reported Claims by Type Community Banks Claims Losses by Type Community Banks Ransomware 2% Phishing 3% Physical Data Loss 8% Intellectual Property 1% ADA 6% Ransomware 7% ADA 37% Intellectual Property 23% Data / System Breach 13% Impersonatio n Fraud 14% Impersonation Fraud 51% Data / System Breach 35%

Top 3 Security Risks Remote access ability Weak password requirements Lack of education (phishing)

What happened?

Industries Affected Source: BakerHostetler Data Security Incident Response Report 2018

Data at Risk Source: BakerHostetler Data Security Incident Response Report 2018

Timeline: Incident Response Trends Source: BakerHostetler Data Security Incident Response Report 2018

Overall Source: BakerHostetler Data Security Incident Response Report 2018

W-2 and Business Email Compromise Scammers use emails from a target organization s CEO, asking HR and accounting personnel for employee W-2 information. Scammers last year also phished online payroll management account credentials used by corporate HR professionals.

Business Email Compromise Examples Version 1: Bogus Invoice, Supplier Swindle, and Invoice Modification A business, with a long standing relationship with a supplier, is asked to wire funds for invoice payment to an alternate, fraudulent account. If an e-mail is received, the subject will spoof the e-mail request so it appears similar to a legitimate account that takes close scrutiny to determine it was fraudulent. If a fax or call is received, it will mimic a legitimate request. Version 2: CEO Fraud, Business Executive Scam, Masquerading, and Financial Industry Wire Frauds Email accounts of business executives (CFO, CTO, etc.) are compromised. The account may be spoofed or hacked. "A request for a wire transfer from the compromised account is made to a second employee who is normally responsible for processing these requests. In some instances, a request for a wire transfer from the compromised account is sent directly to the financial institution with instructions to urgently send funds to bank X for reason Y. Version 3 An employee has his/her personal e-mail hacked. Requests for invoice payments to fraudster-controlled bank accounts are sent from the employee s personal e-mail to vendors identified from the contact list. The business may not become aware of the fraudulent requests until they are contacted by the vendors to follow up on the status of their invoice payment.

Account Takeovers

Phishing Statistics

Threat Vector Tactics: The Most Used Email Lures 2016 Proofpoint The Human Factor

Ransomware on the Rise On April 29, 2016, the FBI issued a warning that ransomware attacks are on the rise. Cyber-criminals collected $209 million in the first three months of 2016 by extorting businesses and institutions to unlock computer servers. Hollywood Presbyterian Medical Center paid 40 bitcoins about $17,000 to hackers who were holding its computer network hostage.

Ransomware is here to stay Critical reliance on technology New iterations affect mobile and IoT devices Low entry cost for cybercriminals Business oriented ransomware models are: Developing new strains Engaging in customer service Data mining

A Simplified View of a Data Breach Discovery of a Data Breach Evaluation of the Data Breach Managing the Short-Term Crisis Handling the Long-Term Consequences Theft, loss, or Unauthorized Disclosure of PHI, PII, PCI Forensic Investigation and Legal Review Notification and Credit Monitoring Public Relations Class-Action Lawsuits Regulatory Fines, Penalties, and Consumer Redress Reputational Damage Income Loss

Responding to Security Incidents is Costly Source: BakerHostetler Data Security Incident Response Report 2018

Be Compromise Ready Threat information gathering Technology preventative & detective Personnel awareness & training Security assessments Understand where assets and sensitive data are located Implement reasonable safeguards Increase detection capabilities Vendor management Incident response plan and tabletop exercises Insurance Ongoing diligence and oversight

Incident Response Trends 1. Increase awareness of cybersecurity issues 2. Identify and implement basic security measures 3. Create a forensics plan 4. Build business continuity into your incident response plan 5. Manage your vendors 6. Combat ransomware 7. Purchase the right cyber insurance policy 8. Implement a strong, top-down risk management program 9. Adopt updated password guidance, and implement MFA or other risk-based authentication controls 10. Keep data secure in the cloud 11. Prepare for more regulatory inquiries

We welcome your questions at this time.

Thanks for your participation Contact information David Kitchen, BakerHostetler dkitchen@bakerlaw.com 216-861-7060 Lisa Micciche, ABA Insurance Services lmicciche@abais.com 216-220-1297

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback