Cybersecurity News: Cyber Insurance, Media Supply Chain Attack, LinkedIn Security
Trending headlines in cybersecurity from the week:
Cyber insurance rates stabilizing and decelerating in 2023
A supply-chain attack on a media company
Australian cybersecurity standards
A third party incident disrupting trains in Denmark
New LinkedIn security measures
Watch this episode now:
Cyber Insurance Rates to Stabilize
There’s good news on the cyber insurance front. After months of unprecedented rate increases, the market is beginning to stabilize and is expected to decelerate in 2023, according to the new State of the Market Report by Risk Strategies. While ransomware attacks, fund transfer schemes, and systemic events remain ongoing concerns for insurers, the pace of attack claims has slowed due to improved cyber awareness and maturity in the marketplace, better awareness at the board level, and increased underwriting scrutiny. Barring a catastrophic event, organizations should expect to see rates stabilize through the end of this year and under the right conditions, decelerate 10-25% in 2023. But a word of caution, too: insurers are still focused on proper risk selection, and companies who fail to prioritize appropriate cyber controls may still experience higher rates or even loss of coverage.
Supply Chain Attack on Media Company
Media companies, usually creating the headlines, find themselves in the headlines this week.
Cybersecurity Standards - Australia
In International news, Australia has been hit hard in recent months with a proliferation of cyber attacks.The lack of sufficient penalties and accountability has made Australian organizations attractive targets for cyber criminals; however, the Australian Prudential Regulation Authority is consulting on new standards to bolster operational risk management and strengthen cyber risk practices in banking, insurance, and superannuation, also known as retirement pension benefits. Major data breaches disclosed since August have affected entities across multiple sectors in Australia, although the attacks were not coordinated. The frequency and severity of these incidents carries significant implications, including ransom losses, lost business, operational interruptions, legal implications and reputational risks, and customer attrition, among others.
Third Party Incident Causes Train Disruption in Denmark
Trains stopped last week in Denmark as a result of a cyberattack. Trains operated by DSB, the largest train operating company in the country, came to a standstill on Saturday morning lasting several hours. But the attack wasn’t targeting DSB directly. The disruption was the result of a security incident at Supeo, a Danish company that provides enterprise asset management solutions to railway companies, transportation infrastructure operators, and public passenger authorities. Supeo shut down its servers following the cyber attack, adversely impacting DSB trains. The incident illustrates how an attack on a third-party IT service provider can result in significant business disruption.
For more visibility into your third-party ecosystem, book a CyberGRX demo now– we’ll show you your blind spots and a better way to manage your third-party risk.
Added LinkedIn Security Measures
LinkedIn users can expect to see changes coming soon to the professional networking platform. The social media giant recently announced it’s beefing up security to curb deepfake accounts and fraudulent activity.
The changes will be rolled out globally over the next few weeks and include:
An “About this Profile” feature, displaying when a profile was created, last updated, and if the member has a verified phone number and work email associated with their account.
Advances in deepfake image detection, using deep learning models and advanced technology to determine if a profile picture was AI-generated, which is often associated with fake accounts.
And warnings on messages that include high-risk content or may impact member security. The alerts also give members the opportunity to report messages they believe are a scam.
LinkedIn hopes the updates will help keep members safe and slow down cyber criminals.
All information is current as of November 7, 2022. Subscribe to receive future episodes as they are released.
View previous episodes of GRXcerpts:
Get Cyber Risk Intel delivered to your inbox each week: