Category Archives: Insurance

10 Lessons Learned from Breach Response Experts

Posted on by

SAN FRANCISCO—As hacking collectives target both the public and private sectors with a wide range of motivations, one thing is clear: Destructive attacks where hackers destroy critical business systems, leak confidential data and hold companies for ransom are on the rise. In a presentation here at the RSA Conference, the nation’s largest cybersecurity summit, Charles Carmakal and Robert Wallace, vice president and director, respectively, of cybersecurity firm Mandiant, shared an overview of some of the biggest findings about disruptive attacks from the company’s breach response, threat research and forensic investigations work.

In their Thursday morning session, the duo profiled specific hacking groups and the varied motivations and tactics that characterize their attacks. Putting isolated incidents into this broader context, they said, helps companies not only understand the true nature of the risk hackers can pose even in breaches that do not immediately appear to target private industry.

online pharmacy tobradex with best prices today in the USA

One group, for example, has waged “unsophisticated but disruptive and destructive” against a number of mining and casino enterprises in Canada. The hackers broke into enterprise systems, stole several gigabytes of sensitive data and published it online, created scheduled tasks to delete system data, issued ransom requests, and even emailed executives and board members directly to taunt them about the data exposed and increase the pressure to pay. Further increasing that pressure, the group is known to contact journalists in an attempt to publicize the exposed data. Victims have endured outages for days while trying to recover data from backups, and some have paid the ransoms, typically requested in the range of $50,000 to $500,000 in bitcoin.

Mandiant refers to this group as Fake Tesla Team because the hackers have tried to seem a more powerful and compelling threat by claiming they are members of Tesla Team, an already existing group that launches DDoS attacks. As that group is thought to be Serbian, they have little reason to target Canadian entities, and indeed, the bits of Russian used by Fake Tesla Team appears to be simply translated via Google.

In all of the group’s attacks that Mandiant has investigated, the hackers had indeed gained system access and published data, but they exaggerated their skills and some of the details of access. Identifying such a group as your attacker greatly informs the breach response process based on the M.O. and case history, Mandiant said. For example, they know the threat is real, but have seen some companies find success in using partial payments to delay data release, and they have found no evidence that, after getting paid, the collective does anything else with the access they’ve gained.

Beyond considerations of specific hacking groups or their motivations, Carmakal and Wallace shared the top 10 lessons for addressing a breach Mandiant has distilled from countless investigations:

  1. Confirm there is actually a breach: make sure there has been a real intrusion, not just an empty threat from someone hoping to turn fear into a quick payday.
  2. Remember you face a human adversary—the attacker attempting to extort money or make other demands is a real person with emotional responses, which is critical to keep in mind when determining how quickly to respond, what tone to take, and other nuances in communication. Working with law enforcement can help inform these decisions.
  3. Timing is critical: The biggest extortion events occur at night and on weekends, so ensure you have procedures in place to respond quickly and effectively at any time.
  4. Stay focused: In the flurry of questions and decisions to make, focus first and foremost on immediate containment of the attack.
  5. Carefully evaluate whether to engage the attacker.
    online pharmacy zydena with best prices today in the USA

  6. Engage experts before a breach, including forensic, legal and public relations resources.
    buy vardenafil online https://galenapharm.com/pharmacy/vardenafil.html no prescription
  7. Consider all options when asked to pay a ransom or extortion demand: Can you contain the problem, and can you do so sooner than the attack can escalate?
  8. Ensure strong segmentation and control over system backups: It is critical, well before a breach, to understand where your backup infrastructure is and how it is segmented from the corporate network. In the team’s breach investigations, they have found very few networks have truly been segmented, meriting serious consideration from any company right away.
  9. After the incident has been handled, immediately focus on broader security improvements to fortify against future attacks from these attackers or others.
  10. They may come back: If you kick them out of your system—or even pay them—they may move on, perhaps take a vacation with that ransom money, but they gained access to your system, so remember they also may come back.

Greenberg, New York State Settle Long-Running Civil Case

Posted on by

One of Wall Street’s longest-running dramas closed Feb. 10 as New York State and Maurice “Hank” Greenberg finally ended a legal clash which began in 2005 under the stewardship of then Attorney General Elliot Spitzer.

Former American International Group, Inc. CEO Greenberg and the Attorney General’s office reached a settlement over accusations that the company engaged in fraudulent transactions to boost reserves and hide losses.

Greenberg, who was chairman and CEO of AIG from 1967 until his ouster in 2005 and now serves as chairman and CEO of C.V. Starr & Co., will pay some $9 million to end his role in the saga. Also, Howard Smith, former AIG CFO and Greenberg’s lieutenant will pay $900,000 to settle the charges stemming from two alleged transactions designed to misrepresent company finances.

This included a $500 million deal in the year 2000 with reinsurer General Re, part of businessman Warren Buffet’s Berkshire Hathaway Inc., to pad AIG’s loss reserves. Greenberg allegedly initiated the Gen Re deal with a call to the company’s CEO.

The two former AIG leaders were also said to be involved in a deal with Capco Reinsurance Co., which masked a $210 million underwriting loss as an investment loss.

The sums paid by the men are related to performance bonuses earned from 2001 to 2004, according to New York Attorney General Eric Schneiderman, who inherited the long-running conflict. Schneiderman sought to ban the men from the securities industry and from serving as directors and officers of public companies as part of the settlement, which ultimately did not include these provisions.

Schneiderman had previously dropped a $6 billion damage claim against Greenberg and others, once a class action settlement was approved in 2013 under which Greenberg paid $115 million to AIG shareholders.

A 2009 settlement with the U.S. Securities and Exchange Commission over charges related to AIG‘s accounting saw Greenberg pay $15 million and Smith $1.5 million to the agency.

Late last year Greenberg and the Attorney General’s office turned to mediation after trial testimony had already begun in state court. The mediation, which ultimately produced the settlement, was run by alternative dispute resolution specialist Kenneth Feinberg.

The finale to the case was perhaps more of a whimper than a bang, with settlements hardly headline-grabbing and no one admitting to much more than accounting slips.

In a press release from the N.Y. State Attorney General’s Office, Schneiderman sounded a triumphant tone. “Today’s agreement settles the indisputable fact that Mr. Greenberg has denied for 12 years: that Mr. Greenberg orchestrated two transactions that fundamentally misrepresented AIG’s finances,” Schneiderman said in the statement. “After over a decade of delays, deflections, and denials by Mr. Greenberg, we are pleased that Mr. Greenberg has finally admitted to his role in these fraudulent transactions and will personally pay $9 million to the State of New York.”

Greenberg, who was unapologetic, in his statement said, “The Gen Re transaction was done for the purpose of increasing AIG’s loss reserves, and the Capco transaction was done for the purpose of converting underwriting losses into investment losses. I knew these facts at the time that I initiated, participated in and approved these two transactions…As a result of these transactions, AIG’s publicly-filed consolidated financial statements inaccurately portrayed the accounting, and thus the financial condition and performance for AIG’s loss reserves and underwriting income.”

The pundits had their say as well, split as to what it all meant.

“The taxpayers of New York State should be furious,” said the Wall Street Journal’s Paul Gigot, editorial page editor. “The $9 million fine amounts to pin money for Mr. Greenberg…It won’t come close to covering the state’s costs for pursuing the case over so many years…The real lessons of the Greenberg case start with the absurd lengths that progressive prosecutors will go to punish capitalists they don’t like,” Gigot said.

Mr. Greenberg’s lawyer David Bois called the deal with the Attorney General a “nuisance settlement,” according to the New York Times.

Others were less forgiving of Mr. Greenberg. “Just because he hasn’t pled guilty to fraud doesn’t mean he’s been vindicated,” David Schiff, a former insurance analyst who followed AIG, told the Times.

Can ORSA Work For All Businesses?

Posted on by

In addition to impacting the way countless organizations conduct business, the 2008 financial crisis was an awakening for regulators charged with reviewing and setting the rules that shape the way organizations assume risk. Insurance, perhaps the riskiest business of them all, did not go unscathed.

buy singulair online cosmeticdermcenter.com/wp-content/uploads/2023/10/jpg/singulair.html no prescription pharmacy

Not only are insurers responsible for managing their own internal risks, but careful calculations and guidelines are built into their business models to ensure that the risks fall within set parameters.

buy sildalis online cosmeticdermcenter.com/wp-content/uploads/2023/10/jpg/sildalis.html no prescription pharmacy

Regulators will argue, however, that this wasn’t always the case.

Own Risk Solvency Assessment (ORSA) was adopted and now serves as an internal process for insurers to assess their risk management processes and make sure that, under severe scenarios, they remains solvent.

U.S. insurers required to perform an ORSA must file a confidential summary report with their lead state’s department of insurance.  The assessment aims to demonstrate and document the insurer’s ability to:

  • Withstand financial and economic stress with a quantitative and qualitative assessment of exposures
  • Effectively apply enterprise risk management (ERM) to support decisions
  • Provide insights and assurance to external stakeholders

While ORSA is requirement for insurers, a new study by RIMS and the Property Casualty Insurers Association, Communicating the Value of Enterprise Risk Management: The Benefits of Developing an Own Risk and Solvency Assessment Report, maintains that ORSA can be used for all organizations looking to strengthen their ERM function.

According to the report:

Whether or not required by regulation or standard-setting bodies, documenting the following internal practices is a worthwhile endeavor for any company in any sector to utilize in their goal to preserve and create value:

  • Enterprise risk management capabilities

  • A solid understanding of the risks that can occur at catastrophic levels related to the chosen strategy

  • Validation that the entity has adequately considered such risks and has plans in place to address those risks and remain viable.

The connection between the ORSA regulation imposed on insurers and the development of an ERM program within an organization outside of the insurance industry is apparent.

ORSA and ERM both require the organization to strengthen communication between business functions. Breaking down those silos are key to uncovering business risk, but perhaps more importantly, is the interconnectedness of those risks.

Secondly, similar to ERM in non-insurance companies, ORSA requires risk management to document its findings, processes and strategies. Such documentation allows for the process of managing risks to be effectively communicated to operations, senior leadership, regulators and stakeholders. Additionally, documentation enhances monitoring efforts, the ability to make changes to the program and is a benefit that allows ERM to reach a “repeatable” maturity level as defined by the RIMS Risk Maturity Model.

Developing an ERM program has become a priority for many organizations as senior leaders recognize the value of having their entire organization thinking, talking and incorporating risk management into their work. Examining and implementing ORSA strategies can be an effective way for risk professionals to get their ERM program off the ground and operational.

buy zetia online cosmeticdermcenter.com/wp-content/uploads/2023/10/jpg/zetia.html no prescription pharmacy

Aon Introduces Single-Parent Captive Cyber Insurance Program

Posted on by


With cyberattack listed as one of their top risks, organizations are looking for ways to mitigate their risk in a market where cyber insurance rates are quickly rising. According to the Center for Strategic and International Studies, the annual cost of cyber crime and economic espionage to the world economy runs as high as 5 billion, or about 1% of global income.

buy amoxil online blackmenheal.org/wp-content/uploads/2023/10/jpg/amoxil.html no prescription pharmacy

This does not include intangible damage to an organization, however. Companies are purchasing more insurance to cover the risk. In 2014, the report said, the insurance industry took in $2.5 billion in premiums on policies to protect companies from losses resulting from hacks.

As a result, captive insurers are being used more and more for coverage.

buy tadalista online blackmenheal.org/wp-content/uploads/2023/10/jpg/tadalista.html no prescription pharmacy

Aon said it is addressing shortcomings in traditional cyber coverage with a cyber captive program with capacity of up to $400 million. Companies looking to form a captive would undergo a review to quantify their cyber exposures.

According to Peter Mullen, CEO of Aon Captive and Insurance Management, the program is designed to help clients understand their risk profile. “Once this is understood, they are is in a better position to make decisions about how much risk to retain in their captive and how much risk to transfer to the program,” Mullen said.
Canadian Pharmacy https://royalcitydrugs.com/ no prescription

 “The program allows captives to purchase coverage up to $400 million on a reinsurance or excess insurance basis.”

The cyber captive program will be domiciled in Bermuda and is available to single-parent captives. The basis for coverage will be “a very broad form which includes coverage for property damage and business interruption following a cyber event,” he added.

“Building a large tower of limits can be hampered by differing policy terms and conditions and dislocation of rates at different layers in a program,” Mullen said. “Additionally, many organizations facing cyber risks that can result in physical impacts, such as property damage and business interruption, agree that a more comprehensive approach to cyber risk is needed.

buy anafranil online blackmenheal.org/wp-content/uploads/2023/10/jpg/anafranil.html no prescription pharmacy