Posted by Tyler Chancey, GCFA on

Tyler Chancey is a seasoned cybersecurity professional currently serving as the Director of Cyber Security at Scarlett Cybersecurity Services, With a solid foundation in Computer Software Engineering from the University of Florida, Tyler holds a repertoire of certifications that underscore his expertise. These include the prestigious Microsoft 365 Certified: Enterprise Administrator Expert and Microsoft 365 Certified: Security Administrator Associate, showcasing his mastery in Microsoft's enterprise solutions. Tyler's commitment to comprehensive security is further evidenced by his CompTIA Security+ certification, demonstrating proficiency in core cybersecurity principles. Additionally, his GIAC Certified Forensic Analyst (GCFA) credential attests to his advanced skills in forensic analysis—an invaluable asset in today's complex cybersecurity landscape. Tyler's dedication to staying at the forefront of industry standards is evident in the active pursuit and maintenance of these certifications, making him a trusted authority in the field.

Ransomware Trends

Why are Cyber Insurance Requirements Increasing?

  • More Attacks = More Payments
    • Cyber Liability Insurance providers have observed the sharp spike in cybercrime. This increased activity has lead to an increase in payouts. As a result, prices have gone up and requirements have established a new baseline of security.

  • Double Extortion Ransomware
    • Ransomware is a type of malware that encrypts an organization's data and deamands payment in order to restore access.

    • This new strain of ransomware both encrypts and steals user data. By threatening to leak your data to the press and public websites, there is an even greater incentive to pay attackers.

 

  • Critical Security Gaps
    • Organizations are still generally under the impression that simple anti-virus is enough to stop modern attackers. This is no longer the case, and these cybersecurity gaps have reached a critical mass.

Beating the Baseline - New Insurance Compliance Minimums

  • Multi-Factor Authentication
    • If you can remote into the network, you will need to have MFA enabled.
    • Don’t skip on this one – it will likely lead to denied coverage and poses a major security risk.
    • Multi-Factor Authentication on ALL Remote Access and Web Email
  • Endpoint Detection and Response
    • EDR is Better than AV

    • Anti-Virus is no longer enough to secure an environment.

    • EDR is the new standard; these new tools provide prevention, detection, and response ​​​​

  • Perimeter Security​​​​​
    • Perimeter Security is Still Important

    • Intrusion Prevention/Detection Systems, Next-Gen Firewalls, and Sandboxing are critical.

    • Also ensure that your organization has Geo-IP blocking enabled.

  • Monitored and Aggressive Patching
    • Protects against attacks
    • Fixes holes
    • Keeps systems running smoothly
  • Cybersecurity Training
    • Cyber Security Awareness Training and Phishing Simulations are Required

    • Security without user training is ignoring the primary threat vector at most organizations.

    • Test users with phishing simulations to ensure proper security practice.

 

Share this

Related Articles

Learn the Three Rules of HIPAA: Essential Guidelines for Security and Privacy

Live Nation reveals data breach at its Ticketmaster subsidiary

Ascension hospitals investigating possible data breach after suspected cyberattack disrupts clinical operations