In a survey, over half of UK citizens expressed privacy and security concerns over AI being used to analyze patient data
Monthly Archives: July 2023
Navigating the Cyber Insurance landscape as a Gen Z digital citizen
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.
In the modern world, cybersecurity and cyber insurance go hand in hand. As we head into the future and the presence of AI in every part of your life grows, so will the responsibilities that need to be taken to ensure security and peace of mind regarding your data and personally identifiable information. As the relatively new cyber insurance industry gets on its feet, it will become more accessible to everyday life, and that trend is already emerging. Teens already are involved in many insurance policies (car, life, health, etc.), so why not add cyber to that and bring the extra reassurance that you are protected against any new threats that could come up?
Insurance is put in place to mitigate your risk against external factors that could cause harm to you, your business, or other entities. Cyber insurance is a sub-industry of this and helps reduce risks from ransomware, data breaches, lawsuits, and more. As more industry gears towards individual cyber insurance, we will likely see policies shifting towards protecting against individual data loss and possible foul play. Cyber insurance is a crucial tool for managing risks in a modern environment. With it, customers can expect to mitigate risks in extortion, identity theft, cybercrimes, and data breaches.
For example, if you were sent a phishing email asking for banking information, you click on it, enter your details, and fall victim to a common scam. You get a wire confirmation not long after. If your policy included wire fraud coverage, you would receive adequate compensation for these problems. This same experience can apply to many other situations and problems. It could range from general cybercrime to identity theft, the commonality being that you would be covered and reimbursed for any associated losses. However, because this insurance genre is so new, every policy is tailored to the individual buyer, so each problem has certain exceptions. To get the best coverage and risk mitigation, you must understand the most important thing for you and your family in an ever-evolving world.
What is Cybersecurity Insurance?
Cyber insurance is a policy that protects you and your personal information online. It’s a way to recover if you’re hacked or experience a data breach. Cyber insurance could cover the cost of repairing your computer, restoring data, and defending yourself if attacked. Cyber insurance is vital because cyber-attacks are becoming increasingly common.
How does it work?
Cyber insurance is like any other type of insurance policy where you pay a monthly or yearly premium to a company, and in return, they cover damages that may occur. In the case of cyber insurance, the policies can vary depending on what you need to be covered. Coverage could include cybercrime, extortion, online identity theft, and data breaches. There are different levels of coverage, such as liability and loss of reputation, when companies suffer data breaches that compromise their customers’ personal information. Overall, cyber insurance is an essential safeguard against cyber threats. A cyber-attack can happen to anyone, and the costs can be staggering. Victims will have to contend with the financial burden without cyber insurance.
AI in the modern era and Cyber Insurance
As technology advances, the threat of AI-driven attacks looms over businesses and consumers alike, making cyber insurance a vital consideration for anyone looking to protect themselves from the consequences of an attack. We, as students, wanted to get an industry experts view on this topic as well, so we sat down with Eric Wistrand, CTO of Couch Braunsdorf Insurance Agency, to discuss the increasing relevance of cyber insurance in modern-day markets as AI ramps up and cybercrime becomes more prevalent.
In that same ever-evolving world comes the new threat of AI; with it could come new types of impersonations, the potential for far more convincing scams, and overall, the mass reemergence of cybercrimes in many aspects of life. According to Eric Wistrand, cyber insurance will become increasingly relevant in modern-day markets. As AI ramps up, so will cybercrime; this comes with the potential for litigation no matter what side of the table you’re on. Mr. Wistrand states, “Another aspect of cyber insurance is that it can provide coverage for legal expenses and regulatory fines in the event of a data breach. If a company experiences a breach and customer data is compromised, it may face legal actions from affected individuals or regulatory bodies. Cyber insurance can help cover the costs associated with legal defense and any fines or penalties imposed by regulatory authorities.” As highlighted, this aspect of cyber insurance ensures that companies can navigate potential legal actions and regulatory penalties with financial protection. This cyber insurance legal protection aspect isn’t specific to businesses, and cyber insurance could assist in the realm of cyber-derived individual lawsuits.
It’s worth noting that cyber insurance policies need to be standardized across carriers. Mr. Wistrand explains, “All cyber reliability policies in the market right now are different. So each carrier’s policies are custom, essentially tailor-made for the individual’s needs. Each carrier has its forms and language, making standardization and widespread application more difficult.” As Mr. Wistrand explains, each carrier tailors their policies to meet the specific needs of individuals. This level of .customization ensures that cyber insurance coverage is designed to address the unique requirements of each policyholder. This can be seen as a distinct benefit and hardship for anyone purchasing cyber insurance. On the one hand, there is the potential for far more diverse and specifically tailored coverage; on the other, it could be harder to get. However, this risk may be worth it in today’s ever-changing world, even if it takes a bit longer.
As technology advances, the threat of AI-driven attacks looms over businesses and consumers alike. Mr. Wistrand goes on to state, “Because of the emergence of AI models, we’re going to enter an area where one person that has a concept and is relatively sophisticated but not necessarily off the chart can now launch an attack leveraged by AI, the likes of which we’ve never really seen and it’s gonna be quite scary for businesses and consumers moving forward.” The emergence of AI-powered attacks, which relatively “normal” individuals can now launch, presents unprecedented challenges.
As a result of this sinking level of complexity for these attacks to work, they will become much more common and bring someone who, before the AI revolution, would not be considered a target into the crosshairs of an assailant simply because the resources for these mass attacks are now available. This further reinforces the urgency for consumers to revisit the idea of cyber insurance because, much like when a house fire breaks out, you don’t know when an attack will happen or what the consequences will be. Everyone is a target nowadays, and to be one of the few protected from the results of an attack, looking to cyber insurance may not be a bad idea.
How is it relevant to organizations and modern society?
As a high schooler, protecting your online identity and personal information is essential. While it may seem daunting, it’s a necessary part of life in the modern world. By familiarizing yourself with cyber insurance, you can protect yourself against these threats and enjoy peace of mind. As technology becomes ever more advanced, so too do its risks. Hackers have become more advanced and cyber attacks more frequent.
Cyber insurance has become an indispensable asset to companies that rely heavily on tech in their daily operations and provides coverage against malware attacks, network intrusion, and data loss. Cyber insurance cannot be understated, as the financial repercussions of security breaches can be catastrophic for companies. Cyber insurance provides coverage of costs such as forensic investigations, data restoration services, and legal fees associated with an attack; additionally, it ensures businesses continue operating smoothly after such attacks have taken place by covering losses due to any downtime associated with them.
Overall, cyber insurance is an indispensable risk-management tool in modern business environments. Due to an increasing reliance on technology, businesses face the threat of cyber attacks. Cyber insurance offers companies peace of mind and financial protection should an attack occur; it is a worthwhile investment. Considering its ever-evolving nature, businesses should consider purchasing cyber coverage to safeguard assets while mitigating liabilities.
It is essential to understand the concept of cyber insurance and how it can protect individuals and organizations from cyberattacks or data breaches. Cyber insurance is similar to home and driver’s insurance because it covers unforeseen events. Just as home insurance protects homeowners from damage to their property, cyber insurance protects organizations from damage to their digital property. School districts, for example, are a prime target for cybercriminals, making cyber insurance necessary. Cyber liability insurance protects school districts in the event of cyberattacks or data breaches, covering the costs schools could incur from legal fees, credit monitoring, financial losses, and other services. Cyber insurance for schools is essential to protect educational institutions, students, and staff records.
Like driver’s insurance, cyber insurance premiums can be lowered by preventative measures. Organizations in the education sector can lower their cyber insurance premiums by implementing cybersecurity measures such as regular software updates, employee training, and risk assessments.
It is important to note that cyber insurance is not typically included in general liability insurance policies, just as flood insurance is not typically included in home insurance policies. Therefore, purchasing a separate cyber insurance policy ensures proper coverage in the event of a cyberattack or data breach.
In conclusion, cyber insurance protects organizations from cyberattacks or data breaches. Just as home and driver’s insurance cover unforeseen events, cyber insurance offers coverage for digital property. As a high schooler, it is essential to understand the importance of cyber insurance and how it can protect individuals and organizations from cyber threats.
About the authors:
The co-author, John (Jack) Schlenker, is a Freshman at Ridge High School interested in all things business, finance, and education. He enjoys learning through experiences and always finds it interesting to see activities and topics from a new perspective, especially internationally. “Throughout my time at Ridge, I have learned about many new issues that we face today. One of the biggest and most consistent ones was the issue of cybersecurity and how it is applied in the modern world. I hope to share some of these ideas and help bring a new perspective to anyone who wants to listen!”
Adithya is a Freshman at Ridge High School interested in gaming, gadgets, anime, and working on math proofs. He also enjoys tennis, volunteering to tutor kids in Math and Science, and engaging them with the Big Sibling program at school. “As a Freshman, I am taking a class on financial literacy and computer security where I was introduced to CyberStart, and it got me thinking about how I can apply some of those basic ideas to stay safe in the online (cyber) world-hope you enjoy them!” I constantly seek to expand my knowledge and deepen my experience in dynamic, hands-on STEM initiatives.
European Commission to Tweak GDPR For Cross-Border Cases
USN-6201-1: Firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2023-37201,
CVE-2023-37202, CVE-2023-37205, CVE-2023-37207, CVE-2023-37209,
CVE-2023-37210, CVE-2023-37211, CVE-2023-37212)
Martin Hostettler discovered that Firefox did not properly block storage of
all cookies when configured. An attacker could potentially exploits this
issue to store tracking data without permission in localstorage.
(CVE-2023-3482)
Paul Nickerson discovered that Firefox did have insufficient validation in
the Drag and Drop API. If a user were tricked into creating a shortcut to
local system files, an attacker could execute arbitrary code.
(CVE-2023-37203)
Irvan Kurniawan discovered that Firefox did not properly manage fullscreen
notifications using an option element having an expensive computational
function. An attacker could potentially exploit this issue to perform
spoofing attacks. (CVE-2023-37204)
Ameen Basha M K discovered that Firefox did not properly validate symlinks
in the FileSystem API. If a user were tricked into uploading a symlinked
file to a malicious website, an attacker could obtain sensitive information.
(CVE-2023-37206)
Puf discovered that Firefox did not properly provide warning when opening
Diagcab files. If a user were tricked into opening a malicicous Diagcab
file, an attacker could execute arbitrary code. (CVE-2023-37208)
New Tool Helps Devs Check For Manifest Confusion Mismatches
Security Experts Raise Major Concerns With Online Safety Bill
ZDI-23-895: TP-Link Tapo C210 Password Recovery Authentication Bypass Vulnerability
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of TP-Link Tapo C210 IP cameras. Authentication is not required to exploit this vulnerability.
ZDI-23-896: D-Link DAP-2622 DDP Change ID Password Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.
ZDI-23-897: Progress Software MOVEit Transfer UserProcessPassChangeRequest SQL Injection Authentication Bypass Vulnerability
This vulnerability allows remote attackers to bypass authentication on affected installations of Progress Software MOVEit Transfer. Authentication is not required to exploit this vulnerability.
DSA-5447 mediawiki – security update
Multiple security issues were discovered in MediaWiki, a website engine
for collaborative work, which could result in cross-site scripting, a
bypass of vandalism protections or information disclosure.