The Ransomware Task Force’s advice needs work

Topic

New Reply

ON SECURITY By Susan Bradley A few weeks ago, the Ransomware Task Force (RTF) released the Blueprint for Ransomware Defense. The RTF was created by th
[See the full post at: The Ransomware Task Force’s advice needs work]

Susan Bradley Patch Lady

2 users thanked author for this post.

lmacri, oldfry

Reply | Quote

Replies

https://www.wsj.com/articles/lloyds-to-exclude-catastrophic-nation-backed-cyberattacks-from-insurance-coverage-11660861586

By 2023, insurer groups must add clauses to cyber policies excluding state-backed hacks that severely affect target nation’s infrastructure, insurance marketplace says

Lloyd’s of London Ltd. will require its insurer groups globally to exclude catastrophic state-backed hacks from stand-alone cyber insurance policies starting next year.

Lloyd’s is a marketplace where roughly 75 syndicates of underwriters congregate to provide insurance coverage for businesses, organizations and individuals. As of March 31, when coverage begins or is renewed, syndicates must exclude state-backed cyberattacks from policies that protect against physical and digital damage caused by hacks, Underwriting Director Tony Chaudhry said in a bulletin dated Aug. 16.

The move is designed to make sure insurers are clearly stating what they will and won’t cover, as the ability of state-backed hacks to spread and cause damage could cause systemic risk in the insurance market, the notice said…

* Let the IT managers pay for damages.

1 user thanked author for this post.

Fred

Reply | Quote

Alex5723 wrote:

https://www.wsj.com/articles/lloyds-to-exclude-catastrophic-nation-backed-cyberattacks-from-insurance-coverage-11660861586

By 2023, insurer groups must add clauses to cyber policies excluding state-backed hacks that severely affect target nation’s infrastructure, insurance marketplace says

Lloyd’s of London Ltd. will require its insurer groups globally to exclude catastrophic state-backed hacks from stand-alone cyber insurance policies starting next year.

Lloyd’s is a marketplace where roughly 75 syndicates of underwriters congregate to provide insurance coverage for businesses, organizations and individuals. As of March 31, when coverage begins or is renewed, syndicates must exclude state-backed cyberattacks from policies that protect against physical and digital damage caused by hacks, Underwriting Director Tony Chaudhry said in a bulletin dated Aug. 16.

The move is designed to make sure insurers are clearly stating what they will and won’t cover, as the ability of state-backed hacks to spread and cause damage could cause systemic risk in the insurance market, the notice said…

* Let the IT managers pay for damages.

state-backed cyberattacks or speculated state-backed cyberattacks? Is a suspicion good enough to back up a claim like that? With the accused country (of course denying it) who is responsible and accurate enough to say that the attack was backed by the X state? Would that be  the pure truth? setting factors like propaganda or other financial reasons aside?

I would love to see this move in action.

2 users thanked author for this post.

wavy, Alex5723

Reply | Quote

Hello,

“It is not intended to serve as an implementation guide, but rather a recommendation of defensive actions that can be taken…”

As it is already stated is a recomendation and it is supposed to be abstract. The purpose of the paper is not to cover fully all possible scenarios \ infrastructures \ installations \ environments.Noone can do that for you…

If you get to know your environment then you will know how much space you need for your audit logs and which logs should you eventually keep or look for. There are other product \ role specific guides available that will tell you which events should you look for in AD etc

There is no one-guide-do-it-all available.Even Certification Material are not that stretched.

That’s why i find your comments (“Many of the items listed are a bit vague or are not stressed enough for small to medium businesses to take action. “) a little bit inacurate.

Reply | Quote

The paper doesn’t include such items as either

1. how to hire a consultant or
2. better abstract advice to consultants

There are way better resources such as Alex Field’s ITpromentor guides for the SMB market.

We need actionable tools and recommendations not abstracts for the intended market.

Susan Bradley Patch Lady

Reply | Quote

Alex5723 wrote:

* Let the IT managers pay for damages.

That’s an interesting thought, a paradigmachange perhaps?

* _ the metaverse is poisonous _ *

Reply | Quote

Alex5723 wrote:

By 2023, insurer groups must add clauses to cyber policies excluding state-backed hacks that severely affect target nation’s infrastructure, insurance marketplace says.

That’s interesting, because I thought it would have already been covered under force majeure (e.g., act of war). Something must have happened to cause Lloyd’s to become more explicit.

Reply | Quote

Will Fastie wrote:

Something must have happened to cause Lloyd’s to become more explicit.

Something did. With hacking on the rise it cost them a lot of money.

Reply | Quote

amonas wrote:

state-backed cyberattacks or speculated state-backed cyberattacks? Is a suspicion good enough to back up a claim like that? With the accused country (of course denying it) who is responsible and accurate enough to say that the attack was backed by the X state? Would that be the pure truth? setting factors like propaganda or other financial reasons aside? I would love to see this move in action.

The layers from the various P&I-clubs will have a whole lot more to fight about.

* _ the metaverse is poisonous _ *

Reply | Quote

Susan Bradley wrote:

The paper doesn’t include such items as either

1. how to hire a consultant or
2. better abstract advice to consultants

There are way better resources such as Alex Field’s ITpromentor guides for the SMB market.

We need actionable tools and recommendations not abstracts for the intended market.

There is the managerial part and the technical part.For the technical part there is of course better and more targeted material out there.

I think the RTF is a managerial document. For managers and desicion makers. Not for the lower levels in the cybersecurity sector. Whenever i see refers to CIA (Confidentiality, Integrity, Availability) i always expect an abstract paper.

BUT i still believe that we need more papers like that. Cybersecurity must start from the C-levels of the organization and not from below.Cut them some slack 🙂

 

“We need actionable tools and recommendations not abstracts for the intended market.”

No we need to convince the management that cyberthreat is out there. And maybe in cybersecurity the ROI (Return of Investment) cannot be directly calculated BUT there is the (Return of NOT Investment) in case measures are not taken. After they realize that, we can talk about professionals, hiring and consulting.

 

 

Reply | Quote