On March 2, 2021, Microsoft reported that it had observed targeted attacks, using four zero-day vulnerabilities in Microsoft Exchange Server to fully access all e-mails on the victim’s system. What should you do?
recent alarm “Global Network and Technology Practice” from Lockton pointed out that in addition to checking out Microsoft security updates, Such cyber attacks may trigger any cyber insurance established by the organization. The alert specifically pointed out that the cost of responding to the incident and complying with any notification or other legal obligations in the incident should be included.
Network insurance policies usually provide the insured with the option to notify the insurer of the circumstances that may lead to the losses covered by the policy. Although organizations running affected Exchange Server products may be eager to notify their cyber insurance companies, Lockton recommends doing so only when the organization discovers an exploited vulnerability in the system. If an organization discovers that an attack is underway, it should immediately report it to its cyber insurance company.
A good strategy should also cover the cost of restoring or recreating any damaged data, as well as any losses caused by the interruption of the organization’s business due to an attack. The network strategy should also cover the organization’s legal responsibilities for supervisors and/or individuals whose private information may be compromised.
Lockton explained that looking ahead, they hope that cyber insurance underwriters will begin to ask questions about whether there are vulnerabilities that may lead to attacks, and that insurance companies may refuse to provide insurance for organizations that have not remedied these vulnerabilities.
Indeed, according to reports, the Ministry of Labor Include questions Information about the employer’s written cybersecurity policies and procedures, and ask about cybersecurity attacks and the response to them as part of the plan review. Early this month The Government Accountability Office (GAO) called on the Ministry of Labor to set minimum standards for mitigating cybersecurity risks and formally declare whether it is the trustee’s responsibility to mitigate these risks in the determined contribution plan.