• Coalition asserts that “Businesses that reinforced their security controls and embraced partnership with cyber insurance providers were generally more secure than other organizations.” Coalition advocates for an “active approach to cyber risk management.”
• 56% of claims fielded by Coalition were categorized as “funds transfer fraud” or “business email compromise.” Both types of incidents start in the email inbox, highlighting [1] the success that threat actors are achieving with financially-motivated cybercrime that starts with email, and [2] the criticality of protecting email from all types of cyberthreats.
• Funds transfer fraud is where a business is tricked into transferring money into a fraudster’s bank account, usually based on a fraudulent email request. The average loss across 2023 (the reporting timeframe of the 2024 report) was $278,000. On page 11 of the report is a paragraph we could have written based on our recent research – “Cybersecurity trends point to threat actors using generative artificial intelligence (AI) tools to launch more sophisticated attacks. Phishing emails are becoming more credible and harder to detect, and threat actors are believed to be using AI to parse information faster, communicate more efficiently, and generate campaigns targeted toward specific companies — all of which may contribute to increases in FTF claims.” At Osterman, we’d just call this business email compromise.
• Coalition gives the example of a client who transferred $4.9 million to a bank account in Hong Kong based on a fraudulent invoice. Through Coalition’s assistance and their coordination with the FBI and law enforcement agencies, they got all the money back.
• In Coalition’s use of terms, business email compromise incidents, by comparison, are defined as events where a threat actor gains access to the inbox but doesn’t get direct access to funds. Instead, they use the compromised account to “wait inside the network and send phishing emails to compromise a user with direct access to money.” At Osterman, we’d call this account takeover and note its correlation with internal phishing and supply chain compromise scenarios.
• The frequency of ransomware incidents is much lower than the high water mark of 2021, but the average cost per incident is significantly higher than 2021. In other words, fewer attacks but for more per each.

For more, get your copy from Coalition’s web site.

Organizations have insufficient cyber insurance coverage

CYE, a cyber risk quantification firm, calculated that the average organization is only covered for 25% of the financial risk associated with a cyber breach. The data comes from external (not CYE) and internal (CYE) sources. CYE said that 80% of organizations lack sufficient coverage, and the maximum insurance gap is 3000% – which would mean that the organization is only covering 0.03% of its total cost due to a data breach. 

The associated report (it’s not in the press release) says that the gap could be “in the ability or willingness of cyber insurers to provide adequate insurance coverage,” which is the major trend line we’ve seen the most due to the spate of high-cost ransomware incidents that decimated insurance company profits. We agree that it could also be due to an inability to quantify risk internally, but would see the insurance market dynamics as the major influence. Regardless of the impact on insurance policy issuance, the value of risk quantification is that it shows what an organization is not covered against from an insurance POV, thus highlighting to senior leadership the urgent work that needs to be done to actually improve security posture – not merely shift the cost of a breach to a third-party. Press release Report

MDRs are failing to help enough; a better approach is needed

A study by Radiant Security found significant shortcomings in MDR (managed detection and response) services, such as a lack of context about their environment (34%), more escalations than a SOC team can handle (32%), and a long time frame for remediating incidents (44% take more than 4 weeks per incident). Also, 70% of respondents said they are saving only 25% or less of their time after outsourcing to an MDR service – which doesn’t line up with the outsourcing value proposition. Radiant says it’s time for a new approach, and it has some ideas on what organizations should be doing instead. Press release

Microsoft and Google continue to top the list of most impersonated brands

Microsoft and Google continue to be in first and second places respectively as the most impersonated brands used in phishing attacks, followed by LinkedIn, Apple, and DHL in 1Q 2024. Amazon brand impersonation has dropped from 4Q 2023 to 1Q 2024, and Airbnb has made a first time appearance in 1Q 2024. Be careful what you click on peeps! InfoSecurity Magazine