The insurance company Ace American has to pay for the losses:

On 6th December 2021, the New Jersey Superior Court granted partial summary judgment (attached) in favour of Merck and International Indemnity, declaring that the War or Hostile Acts exclusion was inapplicable to the dispute.

Merck suffered US$1.4 billion in business interruption losses from the Notpetya cyber attack of 2017 which were claimed against “all risks” property re/insurance policies providing coverage for losses resulting from destruction or corruption of computer data and software.

The parties disputed whether the Notpetya malware which affected Merck’s computers in 2017 was an instrument of the Russian government, so that the War or Hostile Acts exclusion would apply to the loss.

The Court noted that Merck was a sophisticated and knowledgeable party, but there was no indication that the exclusion had been negotiated since it was in standard language. The Court, therefore, applied, under New Jersey law, the doctrine of construction of insurance contracts that gives prevalence to the reasonable expectations of the insured, even in exceptional circumstances when the literal meaning of the policy is plain.

Merck argued that the attack was not “an official state action,” which I’m surprised wasn’t successfully disputed.

Slashdot thread.

Read More

The insurance company Ace American has to pay for the losses:

On 6th December 2021, the New Jersey Superior Court granted partial summary judgment (attached) in favour of Merck and International Indemnity, declaring that the War or Hostile Acts exclusion was inapplicable to the dispute.

Merck suffered US$1.4 billion in business interruption losses from the Notpetya cyber attack of 2017 which were claimed against “all risks” property re/insurance policies providing coverage for losses resulting from destruction or corruption of computer data and software.

The parties disputed whether the Notpetya malware which affected Merck’s computers in 2017 was an instrument of the Russian government, so that the War or Hostile Acts exclusion would apply to the loss.

The Court noted that Merck was a sophisticated and knowledgeable party, but there was no indication that the exclusion had been negotiated since it was in standard language. The Court, therefore, applied, under New Jersey law, the doctrine of construction of insurance contracts that gives prevalence to the reasonable expectations of the insured, even in exceptional circumstances when the literal meaning of the policy is plain.

Merck argued that the attack was not “an official state action,” which I’m surprised wasn’t successfully disputed.

Slashdot thread.

Read More

Four US states have launched a law suit against Google, claiming that the technology giant continued to track users’ location, even when they users had asked it not to.

Read More

Four US states have launched a law suit against Google, claiming that the technology giant continued to track users’ location, even when they users had asked it not to.

Read More

The data is in, the analysis is done, and the eleventh edition of the AT&T Cybersecurity Insights™ Report: Securing the Edge is ready for you!

We know cybersecurity is a journey and not a destination, that is why each year we look forward to the publication of this report, a guide to help you on your journey to cybersecurity resiliency.

Since the ninth edition of this report, we examined what it means to safeguard your digital assets in a new compute paradigm underpinned by 5G and edge. I encourage you to read the previous two reports – AT&T Cybersecurity Insights Report: Security at the Speed of 5G and AT&T Cybersecurity Insights Report: 5G and the Journey to the Edge along with this new report to gain an understanding of the necessarily increasing role of cybersecurity in organizations of all types and sizes.

Before I highlight some of the key findings from our current report, here are some demographic elements to help set context.

This report is a vendor-neutral thought leadership piece that:

Offers quantitative analysis – a global survey of 1,520 professionals in security, IT, and line of business
Delivers qualitative analysis – subject matter expert interviews with technical leaders across the cybersecurity industry
Focuses on common edge use cases in six vertical industries – healthcare, retail, finance, manufacturing, energy, and U.S. public sector
Presents actionable advice for securing the edge
Examines cybersecurity and the broader edge ecosystem of networking, service providers, and top use cases

Securing the edge

Let’s examine some of the key findings of the report. A great place to start is with the title of the report – AT&T Cybersecurity Insights Report: Securing the Edge. The first question most readers posit is “what do you mean by “edge””? Our research shows that edge means different things to different people. This is analogous to early days of the cloud when there was little consensus on the definition of the cloud, however, there were common characteristics that helped identify the cloud.

Likewise, we are in that same state of flux in searching for a standard definition of “edge”. While our research finds no standard definition of “edge”, we do have three common characteristics that edge deployments may share. Those common characteristics are:

A distributed model of management, intelligence, and networks
Applications, workloads, and hosting closer to users and digital assets that are generating or consuming the data, which can be on-premises and/or in the cloud
Software defined (which can mean the dominant use of private, public, or hybrid cloud environments; however, this does not rule out on-premises environments)

These common characteristics of edge will serve the industry well as we move to an even further democratized version of computing with an abundance of connected IoT devices that will process enormous amounts of data.

Report goal

At the onset of our research, we wanted to understand three primary things:

What are the most common architectures used in edge networks?
What are the most common use cases of these architectures?
What is the perceived risk and perceived benefit of the common use cases?

We found some surprising and some not so surprising answers to these three broad questions.

Edge deployments have momentum

Our research shows that edge deployments have surprising momentum despite a high concern of “perceived risk” among organizations globally.  Security is a critical success factor for edge initiatives.

More edge network projects are underway—and completed in production—than one might anticipate. Many edge use cases are partially or fully implemented across industries and geographies using diverse network environments and security controls. The line of business sees the necessity and benefit of edge use cases.

Over 40% of the surveyed population are in the mature stage of adoption on specific edge projects, with each vertical industry as follows: 

52% of retail and public sector are in the mature stage
52% of manufacturing are in the mature stage
47% finance are in the mature stage
43% healthcare are in the mature stage
40% energy and utilities are in the mature stage

Globally and across industry use cases, loss prevention in retail and video-based quality inspection in manufacturing have the highest rate of mature stage adoption (59%).

While edge deployments have momentum and we are seeing these in production, there is still a high level of perceived risk and overall impact to the business. Across all vertical industries, survey participants resoundingly told us they believe there is a high likelihood of a cybersecurity attack and a high impact to the organization as a result.

Despite these perceived risks, organizations see the competitive benefit of edge deployments. In our 2021 report, 58% of respondents told us they were adopting 5G and edge technologies to remain competitive.

The high number of edge deployments is encouraging and shows that cybersecurity is no longer an activity performed by a select few. The rapid business and digital transformation of the last two years moved cybersecurity from a being a technical issue to a business enabler and requirement.

We provide deeper analysis of edge deployments, perceived risk factors, and concerns of attack vectors in the report.

Hybrid is the reality

Architectures for edge networks and security controls continue to exist in a hybrid world – on-premises and multi-cloud. According to our survey participants, this hybrid world is a reality for the foreseeable future of at least the next three years and possibly longer.

This hybrid approach is evidenced by how organizations view cybersecurity controls and network functions. Secure access service edge (SASE), which converges network functions and security controls, is top of mind for all vertical industries surveyed.

Our research shows an almost equal split in the number of respondents interested in either deploying an on-premises solution that mirrors the security plus network capabilities (51.9%) and/or deploying a similar solution in the cloud, i.e. SASE (51.3%).

This almost equal approach to on-premises and cloud is typical as new and innovative technologies are introduced to market. Some of this split may also have to do with a perceived readiness and risk appetite of an organization. A more conservative view may take an on-premises approach while organizations with a greater appetite for risk may be willing to go all-in on a cloud approach.

See the full report for a detailed breakdown of on-premises and cloud preferences for network functions, security controls, and network types preferred for edge deployments.

In with the old and in with the new – Legacy security controls still remain

The cost of various security controls vs. effectiveness of those controls is still “in debate.”

More importantly, organizations are adopting new approaches and emerging security solutions, but those same organizations are definitely not finished with legacy controls.

It is very telling that organizations are not yet willing to part with legacy cybersecurity controls. We asked our survey participants about the perceived cost benefit of legacy security controls.

Respondents simply stated that the following were the most cost effective:

Firewall at network edge
Intrusion/threat detection
Network access restrictions device-device
Data leakage monitoring
Password authentication
Application proxy (e.g., secure web gateway, CASB, etc.)

An important mention is that patching is ranked low in terms of cost effectiveness. Patching is reactionary, manual, and time-consuming. Edge deployments require always available networks, ephemeral and high-quality applications, and seamless integration. As organizations look to the future it is likely they will leave manual activities such as patching behind and focus on automation, integration, and real-time alerts for security controls.

The good news with edge deployments is that security is top of mind and on average all industries surveyed expect security to be in the range of 11 – 21% of the total project budget.

We offer up different views of the cost benefit, preferred cybersecurity controls by network and devices, and a look into overall security budgets for edge deployments. This analysis can be extremely helpful as you move forward with ideation, planning, or implementation of your edge deployments.

Removing the silos

We are enthusiastically moving to a world of edge computing. Whether that edge is in your city, your farm, your car, or your home – change is coming. This change calls for a new way of organizations working together – collaborate and communicate cross-functionally, remove artificial barriers to deliver exceptional edge experiences, and challenge old ideas of what security is and how it is implemented.

Edge use cases are abundant, read the AT&T Cybersecurity Insights Report: Securing the Edge to see how very real use cases across industries are.

If you are struggling with how to think about or implement edge deployments, work with a trusted advisor who has experience in this area. A full 65% of our survey participants are working with a third-party for designing and deploying new architectures for edge use cases.

Get the newly released AT&T Cybersecurity Insights Report: Securing the Edge here.

Special thanks

A report of this scope and magnitude comes together through a collaborative effort of leaders in the cybersecurity market. A special thanks to our sponsors for their contributions and guidance on this report.

Akamai
Check Point
Cisco
Digital Defense, by HelpSystems
Fortinet
Juniper Networks
Palo Alto Networks
RedShield
SentinelOne
VMware

One more thing

Join our webcast to learn more about the AT&T Cybersecurity Insights Report: Securing the Edge. We look forward to welcoming you and sharing more highlights of this research. Register here.

Read More

The data is in, the analysis is done, and the eleventh edition of the AT&T Cybersecurity Insights™ Report: Securing the Edge is ready for you!

We know cybersecurity is a journey and not a destination, that is why each year we look forward to the publication of this report, a guide to help you on your journey to cybersecurity resiliency.

Since the ninth edition of this report, we examined what it means to safeguard your digital assets in a new compute paradigm underpinned by 5G and edge. I encourage you to read the previous two reports – AT&T Cybersecurity Insights Report: Security at the Speed of 5G and AT&T Cybersecurity Insights Report: 5G and the Journey to the Edge along with this new report to gain an understanding of the necessarily increasing role of cybersecurity in organizations of all types and sizes.

Before I highlight some of the key findings from our current report, here are some demographic elements to help set context.

This report is a vendor-neutral thought leadership piece that:

Offers quantitative analysis – a global survey of 1,520 professionals in security, IT, and line of business
Delivers qualitative analysis – subject matter expert interviews with technical leaders across the cybersecurity industry
Focuses on common edge use cases in six vertical industries – healthcare, retail, finance, manufacturing, energy, and U.S. public sector
Presents actionable advice for securing the edge
Examines cybersecurity and the broader edge ecosystem of networking, service providers, and top use cases

Securing the edge

Let’s examine some of the key findings of the report. A great place to start is with the title of the report – AT&T Cybersecurity Insights Report: Securing the Edge. The first question most readers posit is “what do you mean by “edge””? Our research shows that edge means different things to different people. This is analogous to early days of the cloud when there was little consensus on the definition of the cloud, however, there were common characteristics that helped identify the cloud.

Likewise, we are in that same state of flux in searching for a standard definition of “edge”. While our research finds no standard definition of “edge”, we do have three common characteristics that edge deployments may share. Those common characteristics are:

A distributed model of management, intelligence, and networks
Applications, workloads, and hosting closer to users and digital assets that are generating or consuming the data, which can be on-premises and/or in the cloud
Software defined (which can mean the dominant use of private, public, or hybrid cloud environments; however, this does not rule out on-premises environments)

These common characteristics of edge will serve the industry well as we move to an even further democratized version of computing with an abundance of connected IoT devices that will process enormous amounts of data.

Report goal

At the onset of our research, we wanted to understand three primary things:

What are the most common architectures used in edge networks?
What are the most common use cases of these architectures?
What is the perceived risk and perceived benefit of the common use cases?

We found some surprising and some not so surprising answers to these three broad questions.

Edge deployments have momentum

Our research shows that edge deployments have surprising momentum despite a high concern of “perceived risk” among organizations globally.  Security is a critical success factor for edge initiatives.

More edge network projects are underway—and completed in production—than one might anticipate. Many edge use cases are partially or fully implemented across industries and geographies using diverse network environments and security controls. The line of business sees the necessity and benefit of edge use cases.

Over 40% of the surveyed population are in the mature stage of adoption on specific edge projects, with each vertical industry as follows: 

52% of retail and public sector are in the mature stage
52% of manufacturing are in the mature stage
47% finance are in the mature stage
43% healthcare are in the mature stage
40% energy and utilities are in the mature stage

Globally and across industry use cases, loss prevention in retail and video-based quality inspection in manufacturing have the highest rate of mature stage adoption (59%).

While edge deployments have momentum and we are seeing these in production, there is still a high level of perceived risk and overall impact to the business. Across all vertical industries, survey participants resoundingly told us they believe there is a high likelihood of a cybersecurity attack and a high impact to the organization as a result.

Despite these perceived risks, organizations see the competitive benefit of edge deployments. In our 2021 report, 58% of respondents told us they were adopting 5G and edge technologies to remain competitive.

The high number of edge deployments is encouraging and shows that cybersecurity is no longer an activity performed by a select few. The rapid business and digital transformation of the last two years moved cybersecurity from a being a technical issue to a business enabler and requirement.

We provide deeper analysis of edge deployments, perceived risk factors, and concerns of attack vectors in the report.

Hybrid is the reality

Architectures for edge networks and security controls continue to exist in a hybrid world – on-premises and multi-cloud. According to our survey participants, this hybrid world is a reality for the foreseeable future of at least the next three years and possibly longer.

This hybrid approach is evidenced by how organizations view cybersecurity controls and network functions. Secure access service edge (SASE), which converges network functions and security controls, is top of mind for all vertical industries surveyed.

Our research shows an almost equal split in the number of respondents interested in either deploying an on-premises solution that mirrors the security plus network capabilities (51.9%) and/or deploying a similar solution in the cloud, i.e. SASE (51.3%).

This almost equal approach to on-premises and cloud is typical as new and innovative technologies are introduced to market. Some of this split may also have to do with a perceived readiness and risk appetite of an organization. A more conservative view may take an on-premises approach while organizations with a greater appetite for risk may be willing to go all-in on a cloud approach.

See the full report for a detailed breakdown of on-premises and cloud preferences for network functions, security controls, and network types preferred for edge deployments.

In with the old and in with the new – Legacy security controls still remain

The cost of various security controls vs. effectiveness of those controls is still “in debate.”

More importantly, organizations are adopting new approaches and emerging security solutions, but those same organizations are definitely not finished with legacy controls.

It is very telling that organizations are not yet willing to part with legacy cybersecurity controls. We asked our survey participants about the perceived cost benefit of legacy security controls.

Respondents simply stated that the following were the most cost effective:

Firewall at network edge
Intrusion/threat detection
Network access restrictions device-device
Data leakage monitoring
Password authentication
Application proxy (e.g., secure web gateway, CASB, etc.)

An important mention is that patching is ranked low in terms of cost effectiveness. Patching is reactionary, manual, and time-consuming. Edge deployments require always available networks, ephemeral and high-quality applications, and seamless integration. As organizations look to the future it is likely they will leave manual activities such as patching behind and focus on automation, integration, and real-time alerts for security controls.

The good news with edge deployments is that security is top of mind and on average all industries surveyed expect security to be in the range of 11 – 21% of the total project budget.

We offer up different views of the cost benefit, preferred cybersecurity controls by network and devices, and a look into overall security budgets for edge deployments. This analysis can be extremely helpful as you move forward with ideation, planning, or implementation of your edge deployments.

Removing the silos

We are enthusiastically moving to a world of edge computing. Whether that edge is in your city, your farm, your car, or your home – change is coming. This change calls for a new way of organizations working together – collaborate and communicate cross-functionally, remove artificial barriers to deliver exceptional edge experiences, and challenge old ideas of what security is and how it is implemented.

Edge use cases are abundant, read the AT&T Cybersecurity Insights Report: Securing the Edge to see how very real use cases across industries are.

If you are struggling with how to think about or implement edge deployments, work with a trusted advisor who has experience in this area. A full 65% of our survey participants are working with a third-party for designing and deploying new architectures for edge use cases.

Get the newly released AT&T Cybersecurity Insights Report: Securing the Edge here.

Special thanks

A report of this scope and magnitude comes together through a collaborative effort of leaders in the cybersecurity market. A special thanks to our sponsors for their contributions and guidance on this report.

Akamai
Check Point
Cisco
Digital Defense, by HelpSystems
Fortinet
Juniper Networks
Palo Alto Networks
RedShield
SentinelOne
VMware

One more thing

Join our webcast to learn more about the AT&T Cybersecurity Insights Report: Securing the Edge. We look forward to welcoming you and sharing more highlights of this research. Register here.

Read More