Your Identity is at Risk! How Can You Protect Yourself in a Digital World?
05.29.2024
Cyber SecurityMiIdentity
Harry Croydon, Co-Founder & COO, MIC Global | LinkedIn
MiIdentity: Maintaining your online identity.
Some things take a long time. Sometimes taking your time is worth it. Today, we are launching our MiIdentity™ product in India.
MiIdentity is a collaboration of some of the largest insurance companies in the world, with MIC Global instrumental in bringing these partners together. We are very excited to get the MiIdentity program launched. We’re confident this will be worth it.
Our MiIdentity journey started just over two years ago when we were asked to come up with an innovation that would help bring together the London insurance market and the Indian consumer. We went though many iterations during development, starting with a product that was 600 Rupees (USD$7.20) per month per policy and met the digital innovation requirements. We were all happy with this result. Then, in a follow-up meeting, customer feedback revealed that it should be closer to and under 1,000 Rupees per year per policy!
So, back to the drawing board. How do we keep the essence of the product but deliver it at 1/10th of the cost? Our collective teams were up to the challenge! Our technology team reengineered the product platform and operational processes, while we worked with our partners to refine the insurance elements, accomplishing a market-fit product that was acceptable to all and within budget.
Next was the delicate negotiations of the release and getting it through three or four layers of compliance and approval. Those who know me understand how patient I am, so one can understand that the past 12 months have been interesting. This process has been a test. However, the outcome has been an impressive collaboration between many teams and groups of people, from different countries and companies, with careful diplomacy to weave a path to get MiIdentity launched.
Finally, the day has come that we are releasing MiIdentity into the Indian Market. Brokers and insurance partners can now buy the product though their relationships with New India Assurance.
So, what is MiIdentity?
MiIdentity’s goal is to maintain your online identity safety in a digital world. Our world has been growing digitally for decades and it’s becoming increasingly important to have a safety net for when life happens, and this includes our digital worlds and our online identities.
MiIdentity establishes a digital safety net. It’s a fully digital insurance solution for individuals and families who are worried about their digital identity being compromised or personal and financial data being stolen and used without their knowledge, which can leave them liable for financial losses together with the costs to recover their identity.
Inside MiIdentity there is a tech-driven, 24 hours a day, 365 days a year data monitoring service that alerts you when your data is found on the Web (Open, Deep, and most importantly, Dark) or being used to take out loans or open new bank accounts. The MiIdentity service comes with an online portal where you can keep up to date with threats and alerts, and offers support and actions you can take to maintain control of your data and identity.
As part of the insurance platform, it comes with cover (supported by our MiIncome Digital Identity reinsurance solution) that pays for financial losses, up to limits, if your identity is used and you become liable for a loan or new account, or to replace identity documents and to recover control over your identity – a necessity in today’s digital world.
MiIdentity is a cost-effective way to cover and monitor your identity for a whole year. For the cost of a meal in India, your identity is covered year-round – so when you pay for that meal with your credit card, you can be confident that should your data be stolen, you will be aware and can manage any resultant damage effectively.
MiIdentity is worth the wait and it’s available now.
To learn more about MiIdentity, visit our product page, and send us your email below to discuss how we can help differentiate your business and you support you customers with innovative identity monitoring.
MIC Global partners with New India Assurance to launch MiIdentity, India’s first digital identity monitoring and insurance solution
05.29.2024
Cyber SecurityMiIdentityPress Release
NEW YORK, NY, UNITED STATES (May 29, 2024) – With identity theft incidents and subsequent losses on the rise, MIC Global (MIC), a pioneering full stack embedded micro insurance company, has partnered with The New India Assurance Co. Ltd. (NIA), India’s premier general insurance company, to launch India’s first all-in-one digital identity monitoring, restoration, and insurance solution: MiIdentity.
The MiIdentity platform empowers NIA customers to monitor digital identity and financial activity to quickly restore compromised identities and unauthorised transactions.
NIA customers register the identities they wish to track – such as email address, passport number, and banking details – and receive alerts when their monitored data appears on the Dark Web or is involved in suspicious financial activity. The MiIdentity online portal provides advice and support for restoring compromised identities. Insurance triggers provide inconvenience payments (up to policy limits) in the event of monetary loss due to stolen and fraudulent use of identity – insured by NIA with digital reinsurance provided by MIC, in partnership with GIC Re.*
As the world becomes increasingly digital, re/insurance innovations for personal online identities and personas will become more vital and relevant. MIC is excited to be at the forefront of developing these re/insurance solutions, providing a safety net for the digital world.
Harry Croydon, Co-Founder and COO, MIC Global, said:
“Just 10 years ago typical transactions in India were all completed in local markets by people buying and selling goods with well-worn banknotes of all sizes. Today, these same people are more likely to use credit cards, smartphones and QR codes. New digital finance apps mean that millions of people in this vast economy can accept payments, settle invoices, and transfer funds anywhere in the country with just a few screen taps or a swipe. Along with this, new risks have been unmasked. Who would have thought 10 years ago, that an average household in India would need their identity protecting? Today, this is very necessary as identity theft and online fraud rocks not only India but Asia as a whole.
“The MiIdentity project has been a massive undertaking for all parties involved and we are excited to launch to the Indian market. The innovative merging of embedded micro insurance and technology within the MiIdentity solution is a testament to MIC and NIA’s unwavering commitment to providing support for people when they need it most in the digital world.
“MiIdentity seeks to mitigate the distress caused by identity fraud with useful education, online support, and financial support. We can’t wait for NIA customers to start reaping the benefits of this new identity protection product.”
NIA endeavor to make insurance products that are easy to understand and accessible, creating simple digital platforms for individuals to purchase relevant coverage and make claims in their time of need. The MiIdentity platform adds another supportive platform to their extensive insurance offering.
Mukta Sharma, General Manager, The New India Assurance Co. Ltd., stated:
“As more of the Indian population moves online and shares sensitive identity information on various platforms, it’s vital that individuals have access to the right protection should their data be breached. I’m pleased to introduce our latest innovation in safeguarding the Indian market against identity theft with our new ‘My Identity Theft Insurance’ product. A unique feature of this new product is that monitoring services are being offered.
“As a committed insurer, we’re dedicated to providing peace of mind and comprehensive protection for our customers’ digital identities.”
“GIC Re, India’s sole domestic reinsurer, is pleased to partner with MIC to provide digital reinsurance solutions to the Indian insurance market. We believe this product will meet the need of the market and enhance personal digital security, thereby contributing to a more reassuring digital environment in India.”
Aon’s Reinsurance Solutions brought together leading insurance and reinsurance providers to provide supporting capital for the MiIdentity platform, which in turn delivered strategic value to the re/insurance industry.
Kshitij Anand, Head of International Strategy, Aon Reinsurance Solutions said:
“This product is a great example of how Aon’s multi-faceted approach delivers innovation in the marketplace. In line with our global perspective on Risk Capital, MiIdentity combines India’s leading insurance and reinsurance capacity with MIC Global’s underwriting and tech capabilities to create a solution that assists policyholders in managing their digital heath and identity threats.”
About MIC Global:
MIC Global is a full-stack embedded micro insurance provider purpose-built to transform the insurance industry by reimagining and integrating simple and relevant insurance products that provide loss of income cover for people so that they can provide for their families and recover swiftly. MIC was founded with an aspirational goal to help close the insurance protection gap by providing inclusive and affordable insurance to people and to support them in their time of need.
New India Assurance is India’s largest nationalised general insurance company, offering a wide range of non-life coverages to India and the rest of the world. Based in Mumbai, India, NIA has further operations in 25 countries. As the only Indian direct insurer to be rated A- by AM Best and with a AAA/Stable rating from CRISIL, NIA has the highest degree of financial strength to uphold its commitments to Policyholders.
GIC Re is the largest reinsurer in the domestic reinsurance market in India and leads most of the domestic companies’ treaty programmes and facultative placements. GIC Re maintains a diversified risk portfolio that includes property, health, motor, agriculture, marine, engineering, aviation, liability, and life. GIC Re has been ranked 16th largest global reinsurer group by AM Best, based on gross reinsurance written premium figures in 2022.
Aon plc (NYSE: AON) exists to shape decisions for the better — to protect and enrich the lives of people around the world. Through actionable analytic insight, globally integrated Risk Capital and Human Capital expertise, and locally relevant solutions, our colleagues provide clients in over 120 countries and sovereignties with the clarity and confidence to make better risk and people decisions that help protect and grow their businesses.
New Year, New Password: Keeping Your Data Safe in 2024
12.27.2023
Cyber SecurityMiIdentity
With many of your trusted partners playing loose with your data and digital identity, is it time for you to make more effort? Six billion digital records were compromised in 2023 – more than those of 2021 and 2022 combined. (IT Governance)
So, it’s getting worse. The end of the year is time to do something. Many of us are now reflecting on the past year and thinking about how we can improve our habits. This coming year, we propose a different kind of resolution: maintaining your digital identities.
In today’s blog, we discuss what can happen with your compromised data, offer tips for improving your digital identity habits, and explore our solution to keeping your data secure: MiIdentity.
Let’s start with a few facts and figures from the last year…
Millions. Billions. Trillions.
An estimated 365 million people have been affected by data breaches in 2023 – slightly more than the entire population of the United States! (The Independent)
The largest data breach of 2023 happened to a UK-based digital risk protection company, DarkBeam, exposing a massive 3.8 billion records. (IT Governance)
In 2015, the global financial impact of cybercrime was estimated to be $3 trillion. It is now predicted that the annual cost by 2025 will be $10.5 trillion. That’s 5x the size of the UK’s GDP. (Forbes)
Consumers are feeling the effects. In a 2023 survey, 95% of studied organisations had experienced multiple breaches, and more than half of those breached were more likely to pass costs onto consumers. (IBM)
With these huge numbers in mind, is now the time you should be thinking about that 2024 New Year’s Resolution to finally take back some control and track your identity?
Why you should manage your data.
We all provide sensitive data to companies around the world, sometimes as simple as an email address to sign up to a newsletter, other times as complex as our health profiles when applying for insurance. We trust that it will be kept safely and used appropriately. You may not think too much about it when clicking submit, but outside of your control, your information (and by extension, you as an individual) instantly becomes vulnerable.
When a data breach occurs, your information can appear in shadowy corners of the internet – known as the dark web – and fall into the wrong hands. Primarily, cybercriminals use your compromised data for financial gain. With your stolen personal data (name, address, social security number, and date of birth, etc), cybercriminals can make fraudulent loan and credit applications, unauthorized transactions, and empty your bank accounts. With less information available, for example just an email address, you can be included in phishing email lists with the hopes that you may click and reveal more information about yourself.
Depending on how you are targeted, you can be left out of pocket and scrambling to secure your identity. But it doesn’t have to be that way.
Keeping your data secure.
As cyberattacks become more frequent with each passing year, we resolve in 2024 to protect our digital identities. Let’s look at four simple ways to do this.
1. Enable two-factor authentication (2FA) on all your accounts.
Where possible, enable this feature. 2FA adds an additional layer of security to your accounts, prompting users for a one-time password (via email/ SMS/ authenticator app), or biometric identifier (fingerprint/ facial recognition) be provided before allowing access to your account. If a hacker tries to remotely access your account, they will be unable to proceed. Check your account or app settings.
2. Be vigilant to phishing scams – spam emails, unsolicited texts, and unknown callers.
Phishing scams are becoming ever more sophisticated, in many cases looking identical to communications from real companies. You may receive an email asking to click to login and confirm account details (leading to a site harvesting user data), a text requesting confirmation of information (often linked to a premium rate number), or a phone call asking for all sorts of personal information (you know the ones!).
If you receive anything that seems suspicious: think twice, and do not click – unless it’s the delete button! If in doubt, contact the company in question directly.
3. Check for compromised data.
You can find out right now whether your email accounts have been compromised and leaked. Sites like Have I Been Pwned and Cybernews offer free tools that reveal in which breaches, if any, your email addresses and phone numbers have been leaked.
4. Change your passwords regularly and make them complex.
Having checked above, if your data has been leaked, there’s no better time than now to get your passwords updated. Regularly updating your passwords also means that if your details do get leaked, the data will soon be out of date, reducing the chance for malicious access – a good rule of thumb is every 90 days.
Your passwords should have at least 12 characters and include uppercase and lowercase letters, numbers, and special symbols – random jumbles make for even stronger passwords! There are many tools online that can do this and your device may even offer to set one for you, such as LastPass Password Generator or iCloud Keychain – make sure to keep your passwords in a safe, encrypted place.
Use MiIdentity, from MIC Global.
MiIdentity is our all-in-one identity monitoring and insurance platform, brought to customers via our insurance and platform partners. Upon registering, you provide the data that you wish to monitor, and our system proactively searches the dark web for listings and credit bureaus for financial activity. If your data is discovered or a suspicious transaction takes place, you are alerted with detailed information of your breached information – empowering you to secure your identity before it is used maliciously or further financial damage occurs.
In the event of theft and subsequent fraudulent use of personal identity documents, or monetary loss as the result of stolen or breached data, our Digital Identity reinsurance solution enables our partners to provide you with inconvenience payments to help deal with securing your compromised identity – such as replacing documentation or mitigating loss from a fraudulent transaction.
You are not alone in the identity recovery process. The MiIdentity platform is equipped with informative articles to kick-start recovery, and if further support is needed our team is available to help you through chat support and call operators.
Businesses can also benefit from MiIdentity. When a breach occurs, the platform becomes a critical tool in a full-scale data breach response. MiIdentity provides reports which can be used to measure the breach in real time, giving crucial data on the immediate and on-going impact as the breach progresses. Data from MiIdentity enables your recovery team to focus their efforts, and aids in creating specific messaging to support your customers.
Wishing you a secure 2024.
You wouldn’t leave your home or car unlocked for strangers to enter. So, as our lives and activities move increasingly online, we need to treat our personal data with the same respect and importance. With a few simple steps you can keep your data and digital identities safe on the internet and avoid being part of 2024’s statistics – a New Year’s resolution you can be sure to stick to next year and beyond!
“Happy New Year” from all at MIC Global.
Tell me more about MiIdentity
To learn more about our MiIdentity platform and digital reinsurance solution, visit our product page and get in touch with us below or via our contact form to discuss how we can help enhance your business’ customer cybersecurity offering and data breach recovery strategy.
MIC Global collaborates with Experian to bolster its MiIdentity product in India
12.20.2023
Cyber SecurityMiIdentityPress Release
NEW YORK, NY, UNITED STATES (Dec. 20, 2023) – MIC Global has entered a service level collaboration with Experian to strengthen the dark web and credit bureau monitoring service within MIC’s MiIdentity platform. MiIdentity is set to launch in India, bringing robust digital identity monitoring to individuals in the country’s rapidly growing online population.
MiIdentity is MIC’s proactive digital identity monitoring and insurance platform. The MiIdentity platform offers real-time dark web and credit bureau tracking, sending registered users alerts when their compromised data or suspicious financial activity is discovered. MiIdentity’s Digital Identity insurance component (provided as digital reinsurance via insurance platform partners) offers cover when individuals suffer a financial loss due compromised identity or financial data and documentation. In collaboration with Experian, Indian users can expect industry leading data monitoring, helping them to keep their data secure and maintained.
Experian is an international data analytics and consumer credit reporting company. The company’s core offerings include credit reporting, scoring models, and identity protection services, which empower businesses to assess creditworthiness and consumers to manage their financial well-being. Experian’s identity tracking expertise drives value and sets new standards in safeguarding digital identities, ensuring a secure and resilient online environment.
About MIC Global:
MIC Global is a full stack digital microinsurance company that provides embedded microinsurance for today’s digital world. MIC Global combines insurance capacity, in-country insurance licenses, world class distribution, and scalable tech. MIC Global creates embedded microinsurance solutions for platform companies that adds value by enhancing their brand, differentiating their product, driving up revenue, and attracting and retaining customers.
Experian is a global information services company that specializes in providing data and analytics solutions to assist businesses and individuals in making informed financial decisions. With a presence in 37 countries, Experian plays a crucial role in the financial ecosystem by collecting and analyzing vast amounts of data related to credit history, identity verification, fraud detection, and more.
Data Breach Detected! How MiIdentity Empowers Corporate Recovery in the Aftermath of a Hack
11.07.2023
Cyber SecurityMiIdentity
In today’s digital age, where personal information is increasingly stored and shared online, corporate data breaches have become a prevalent threat. According to tech.co, at the time of publishing, there have already been at least 50 significant corporate data breaches and information leaks reported in 2023.
These breaches can have severe consequences, not only for the affected companies but also for their customers. Companies can hold sensitive personal and financial information on their customers, with breaches increasing the probability of financial loss and identity theft for individuals… and leading to a damaged reputation for the companies affected.
In this blog post, we will be focusing on the consequences of a data breach for businesses and customers, and how our MiIdentity platform and digital reinsurance solution serves as a vital part of a data breach recovery strategy, enabling companies to support their customers and mitigate the fallout after a breach.
A data breach from any company has the potential to affect your customers – in the last year, firms with massive customer and employee bases have fallen victim to breaches.
Social media platforms Meta, Twitter, Discord, and Reddit have been separately targeted with users’ personal information, login details and email addresses exposed; while a recent significant hack of Ipswitch’s MOVEit software stole sensitive employee personal data – such home addresses, bank details and National Insurance numbers – from hundreds of companies and government agencies worldwide including recognisable organizations such as Zellis, British Airways, BBC, Siemens, and New York City Department of Education, with the list growing daily as more companies come forward.
Organizations aren’t just vulnerable from malicious external attack either – breaches can also happen from within. A bug in OpenAI’s ChatGPT coding caused the AI chatbot to expose active users’ personal data to other users, highlighting the importance of internal security vigilance when using new technologies.
When any company suffers a data breach, it can seriously impact your customers. When their personal information falls into the wrong hands, they become vulnerable to digital identity theft – one of the most distressing consequences of the data breach. Your customers’ data will be permanently stored and displayed on the web, affecting them in the short and long term. Hackers often gain access to sensitive customer information, such as names and addresses, email IDs, credit card details, social security numbers, and banking credentials – depending on your industry your company could hold more data than this. Hackers and other criminals armed with this information can carry out fraudulent activities with your customers’ data for their own financial gains, for example to open new lines of credit and make unauthorized transactions and purchases… or they can simply cause mayhem with the data.
Digital identity theft leaves individuals vulnerable and grappling with the aftermath of repairing their credit history and attempting to reclaim their stolen identity which can often be impossible. The emotional burden of such violations can lead to prolonged stress and anxiety, as affected individuals deal with fraudulent charges, the laborious process of recovering lost funds, and proving their innocence in the matter. In the most severe cases, victims may suffer social impact and permanent financial damage, with long-lasting consequences for their overall financial well-being.
Your data breach response is critical.
While your company likely has many security features and safeguards in place intended to minimize the likelihood of a successful hack, the possibility is rarely reduced to zero. If your company does fall victim to a data breach, it becomes less about what security you have in place and all about how you respond – especially toward your affected customers. It’s a sink or swim moment for your company.
Once a breach is detected, your company must begin enacting its recovery plans and strategies to secure its systems that were affected, collect and retain any evidence around the breach, and protect its customers and their data. The first two points are tackled internally and are of the utmost importance to avoid further breaches, whereas the third point is public and a much more delicate operation – one wrong move can further damage your company’s reputation.
Next, it is vital to measure the impact of the breach…
How do you measure the impact to your customers and their data from the breach?
Introducing MiIdentity.
In response to the ever-present threat of data breaches for businesses, we have developed MiIdentity – a robust software solution with embedded micro insurance, designed to be an integral part of your organization’s cybersecurity suite and play a pivotal role in your data breach recovery strategy. MiIdentity supports companies and their customers through a combination of data leakage monitoring, security education, and financial reimbursement. MiIdentity measures the overall impact of personal data leakage so companies can comprehend and measure the impact of the breach.
It is important to note that MiIdentity does not prevent data from being hacked or breached data from being used. However, it acts as a powerful tool for an identity recovery strategy and customer reimbursement compensation processes after a breach occurs.
How does MiIdentity help your customers after a data breach?
Your customers interact with and provide personal data to an ever-increasing number of companies every day – many of which are high-profile targets like those discussed earlier – making it more than likely that eventually their data will be compromised. MiIdentity helps your customers after a data breach by notifying them when their data has been identified on the web or has been used to commit a crime. MiIdentity can tell a user where and how their data has been exposed and used – for example, if their data has been published on the Dark Web or used to acquire a loan.
MiIdentity comes with a web application where users can register their data for monitoring, such as phone numbers, email addresses, personal identifications, and financial and banking information. Our team supports all MiIdentity users through the recovery journey with helpful articles, chat support, and call operators. This can range from helping them with the process to rectify financial information and losses, to general security information like creating a strong password.
Where an individual suffers financial loss as a result of a breach, MiIdentity Digital Identity reinsurance supports our insurance and platform partners to provide inconvenience payments to mitigate the cost of securing the identity in question, such as filling in for lost monies after a fraudulent loan application. These timely inconvenience payments take the stress and financial burden out of securing compromised identities, as cash is available fast to get on top of identity recovery.
How does MiIdentity help your company after a data breach?
As your customers enrol in your MiIdentity offering and register identities for monitoring, we begin to collate monitoring data and provide comprehensive reports. Your company can understand the current condition of your customer data and then perform a thorough post breach analysis to measure the impact.
When your business is hacked, MiIdentity proves itself as a crucial tool as part of a full-scale response. Reports received after a data breach can be used to measure the fallout in real time, enabling your company’s response team to track the severity of the breach and arm them with crucial data to help recovery. MIC’s reports provide data on the immediate impact once a breach has been detected, and successive reports give your team clear insights into how a breach is progressing – tracking its growth and measuring the impact of the breach. With this data in hand, your team can focus their efforts internally and aid in creating specific messaging to support customers.
Although your customers wouldn’t wish to have their identity jeopardized; being diligent and having practical tools such as MiIdentity in place during the aftermath of a breach enables your company to support its customers with timely updates backed by measurable data. By playing an active role in helping them to recover from compromised identity, your company can potentially minimise reputation damage and customer trust.
When should your company start using MiIdentity?
MiIdentity can be implemented at any time – with maximum benefit received before a breach has occurred, giving you an understanding of your customers’ data at present. Once active, your customers can be encouraged to enrol in the platform and register their identities for monitoring. Reports start right away, giving your team a baseline of activity that can be compared against in the event of a data breach to accurately measure the fallout of stolen data.
The MiIdentity platform adds immediate value to your company’s offering, with alerts not only reserved for local data breaches but any instance of suspicious activity detected on a registered identity. When customer data is discovered after a data breach, your company can support them with alerts, education, and identity and monetary recovery – making your company a go-to destination for identity monitoring and keeps enrolled customers returning.
Leverage MiIdentity for your data breach recovery and supporting your customers.
A data breach to your company is a severe threat that can have a profound impact on your company and customers. It is imperative for your organization to prioritize robust cybersecurity measures, proactive risk management, and incident response policies to minimize the risk of a breach and actively address and limit the fallout if one occurs.
As more and more companies fall victim to data breaches, MiIdentity has been developed as a comprehensive solution to support corporate recovery efforts. When used alongside cybersecurity systems, MiIdentity gives your business an additional layer of reporting that aids a smooth recovery and demonstrates your commitment to your customers’ digital wellbeing.
This support goes beyond mitigating immediate effects of a stolen identity – it showcases your company’s dedication to customer satisfaction and strengthens the important bond of trust you’ve built with them.
Tell me more about MiIdentity.
To learn more about MiIdentity, visit our product page and get in touch with us below or via our contact form to discuss how we can help enhance your business’ customer cybersecurity offering and data breach recovery strategy.
Zoom – An Introduction to the Dark Web You Did Not Want
04.16.2020
Cyber Security
For many up to a few weeks back Zoom was the cool way to do video conferencing. No sign up and simple controls, I mean who wants the fuss of actually logging in right?
Zoom, that since it became more popular than ever during quarantine and then it went through serious security issues with many holes found in its security.
Now it seems that for 500,000 of Zoom users it maybe their first introduction to the Dark Web….. and the phrase “zoombombing” where hackers can enter video calls that they were not invited to.
Cybersecurity company Cyble has raised has alerted that more than 500,000 Zoom user accounts for sale on Dark Web forums for salefrom $0.002,and in many cases are directly “gifted” to annoy people in video calls, just for fun..
Zoom accounts began appearing on these forums from April 1, and include personal user information such as email address, passwords, personal meeting links, and the HostKey code, which allows you to take control of a meeting.
So not so much fun then for the user! Another careless security breach by yet another ‘great’ Tech company.
The “Dark Web” is a concept that is opposed to that of “Clearnet”- which is the more common internet we know. Dark Web sites are not accessed publicly through an address or a search engine.
Firstly how did Zoom allow this to happen, how they steal data?
These user credentials take advantage of data from old leaks, with which “hackers” have managed to access the current Zoom user accounts using stuffing techniques or credential filling, as reported by the Bleeping Computer.
In cases where they managed to enter the accounts, this data has been collected in lists that are currently sold on hacker forums on the Dark Web. Some account credentials were even offered for free so hackers could use them for malicious activities or for ‘zoombombing’, which involves entering group calls as an intruder, or sold simply to create chaos in third-party calls.
The “Dark Web”, what is it?
Deep Web and Dark Web are two terms that are used a lot to define a part of the internet that most of us don’t know much about. In the press and In general, its use is associated with security circles it is generally associated with criminal activities.
First things first: “Clearnet”. This would be the internet as most people know it. we use it everyday and access by a URL and, if we search Google, Bing or any search engine, it appears quickly and everyone is happy.
As it happens, about 90% of the content available on the web is not accessible through the search engines and browsers that we all use. It is simply not public. Pages blocked by a paywall, files saved on services like Dropbox, or temporary pages that are created as you browse, which are then deleted. This is the “Deep Web”.
The Dark Web is just 0.1% of that part. It is an area where content is intentionally hidden from search engines with masked IP addresses and accessible only with a special web browser.
The Dark Web works within the Deep Web. The Dark Web is then segmented into different “Darknets”. To access these, users use a special browser. One of the best known is TOR, although there are others like Freenet, I2P or ZeroNet: each of these is a Darknet.
The important thing is to understand that the contents (pages etc) are “non-indexable” content, thus they will not be displayed by Google, Bing and other search engines.
For all these reasons, the Deep Web is partly used as the Dark Web, special for crime and hackers. It is here where the Zoom accounts are for sale along with all the other data from corporate giants such as BA, Facebook, Experian, Credit Cards and the many other firms and places that have allow personal date to be stolen.
With the rapid expansion of technology entering every field of business, manufacturers and service providers are being presented with previously unconsidered opportunities to reap value from the reuse and repurpose of data initially collected and harvested for other reasons. Learned intelligence through artificial intelligence (AI) systems provides value for the processor not previously realized or recognized in transactions. This is particularly true when considering how AI companies that work with insurers to optimize their claims processing are left with a valuable resource after the data collection is complete. This article addresses how the value of a neural network has been ignored and should be considered when an insurer considers outsourcing its claims processing.
Over two years on from NotPetya, ransomware remains a major threat to organisations which in some instances are losing millions after falling victim to attacks.
What was NotPetya? Basically it was a series of powerful cyberattacks using the Petya malware and began on 27 June 2017. It quickly swamped websites of Ukrainian organizations, including banks, ministries, newspapers and electricity firms. Similar infections were reported in France, Germany, Italy, Poland, Russia, United Kingdom, the United States and Australia.
But despite the damage done by NotPetya and WannaCry before it (May 2017), there are still fears that the world isn’t prepared for the impact of another global ransomware outbreak.
The report by the Cyber Risk Management (CyRiM) project — a collaborative partnership including Lloyd’s of London, the Cambridge Centre for Risk Studies, the Nanyang Technological University in Singapore, and others — uses a theoretical catastrophic ransomware attack to model the broader impact.
The simulation is as follows and sounds very scary.
The malware is potent, once one employee runs the ransomware , it’s enough to spread the file-locking malware around the network, with a demand of $700 in cryptocurrency on each machine.
Around 30 million devices at organisations around the globe are locked in just 24 hours.
Organisations of all sizes in all sectors unable to perform day-to-day operations.
Some organisations opt to pay ransoms — including healthcare companies, due to the need to keep life-saving equipment online.
Other firms opt to replace devices instead of paying criminals — this also costs money, estimated cost at $350 per device.
Predictions of $193bn around the world as a result of cyber incident response, damage control and mitigation, business interruption, lost revenue, and reduced productivity.
Unlikely? Maybe but can you say for sure. Are you even ready? Can you say that your data recovery process is strong?
With the Moller Maersk attack the cyberattack was so bad that it just didn’t seem possible that something so destructive could have happened so quickly according to people involved.
“I remember that morning – laptops were sporadically restarting and it didn’t appear to be a cyberattack at the time but very quickly the true impact became apparent,” said Lewis Woodcock, head of cybersecurity compliance at Moller-Maersk, the world’s largest container shipping firm.
“The severity for me was really taken in when walking through the offices and seeing banks and banks of screens, all black. There was a moment of disbelief, initially, at the sheer ferocity and the speed and scale of the attack and the impact it had.”
The company was one of the most badly hit of those caught in NotPetya, with almost 50,000 infected endpoints and thousands of applications and servers across 600 sites in 130 countries.
Maersk had to balance the need to continue operating – despite the lack of IT – and recovering and rebuilding networks. In many cases, it was a manual process that took days and what was described at the time as a “serious business interruption” is estimated to have cost Maersk up to $300m in losses.
It gets worse….
The last decade has seen significant growth in subscription-based services such as “SaaS” whereby vendors provide customers with the ability to rent or subscribe access to services. This has also transferred into the criminal worlds too.
Given the high demand for RansomWare in this day and age, creative cyber-criminal entrepreneurs followed this subscription based industry trend to and have created RansomWare As A Service (RaaS) to ease the burden (poor things) of cyber attackers having to develop their own attacks.
Would you be able to cope with data recovery?
Do you have a data recovery plan?
While protecting networks and critical systems is the ultimate and is all well and good, a recovery plan must be in place. Failure to do so means that really you are only 50% ready.
A significant part of a recovery plan is that ability to really understand the core business processes and know everything about the systems and applications which run the operation.
Protect Secure and Recover – crucially in that order.
How to start?
A good place to start is here, the IRMI – International Risk Management Institute, Inc.
A cyber-incident response plan should be developed as part of a larger business continuity plan, which may include other plans and procedures for ensuring minimal impact to business functions (e.g., disaster recovery plans and crisis communication plans). Data recovery activities encompass a tactical recovery phase and a strategic recovery phase.
vpnMentor’s research team recently (April 2019) discovered a hack affecting 80 million American households. Nothing new here. Just another massive data breach. Many new and many of the same people affected. Lets wait for the apology and move on……
However this time it’s a little different. There is a data security story with a twist – has the data been left behind?
Cybersecurity hacktivists Noam Rotem and Ran Locar discovered an unprotected database impacting up to 65% of US households. This is hosted by a Microsoft cloud server. The data base includes the number of people living in each household with their full names, their marital status, income bracket, age, and more.
So again – let us OUT the “corporate” stupid enough to leave it unprotected. This case is another step towards our trust dwindling a little bit more….. How much trust do you have left?
The research team is on the look out for these issues, they are looking after joe public interests by undertaking a huge web mapping project. They use port scanning methods to examine known IP blocks. This reveals open holes in web systems, which they examine for weaknesses and data leaks.
Usually, they can identify the company or person who owns the data base and they reach out to the owner to report the leak, and where possible, alert the people affected.
Their aim here is to build a safer and more protected internet, more power to them.
BUT, this time it’s different. Whilst the database includes identifying information for more than 80 million households across the United States, directly impact hundreds of millions of individuals. They cannot directly actually identify who set up the database and who is responsible for it.
Wait? …..What? You mean you can set up a Db on the cloud and not have it linked to you? You can get free space? This is a serious issue – lazy corporates who copy data for testing, PoC’s etc just setting it up and then leaving it behind after the project moves on or fails….no clean up.
It’s hosted on a cloud server, which means the IP address associated with it is not necessarily connected to its owner.
vpnMentor started calling on the public to help identify the database and close the leak. As an update of 30th April 2019 the database is no longer open to the public. Phew.
Following the publication of the vpnMentor report, Microsoft took the server offline. In a statement, Microsoft said, “We have notified the owner of the database and are taking appropriate steps to help the customer remove the data until it can be properly secured”. Microsoft has not revealed who owns the database.
This breach should to be fully reported. How can risk be tracked and identified if the company is allowed to get away with this? On their Cyber Policy renewal what would they say I wonder? We agree with vpnMentor – The 80 million families listed here deserve privacy. Help Them Here.
Do you think your business is too small for a hacker to break in and take data? Is data breach a concern for your business? Banks were said to be ‘too big to fail’ in 2008. Today the big risk is for hacking and crime, many small businesses believe they are ‘too small to be a target’.
In August and September 2018, property and casualty insurer Chubb completed a survey with YouGov in Singapore to gauge their attitude to cyber risks.
“Some SMEs believe they are too small to be targeted by cyber criminals or any internal issues will not greatly impact them. In effect, they think they are “too small to fail”. However, every report, survey or set of statistics on cyber events tell us that all businesses are exposed, whether big or small.
“Structured risk management methods and strategies are largely nonexistent as most SME owners seek to maximise profitability and growth. I see this is an opportunity for insurance companies and brokers to better inform their clients,”
Andrew Taylor cyber underwriting manager, Chubb Asia Pacific
Securing your small business from data breaches is good for you and good for your clients. Many small businesses work for larger businesses and the supply chain is going to gather more focus. Supply chain and audit is growing in focus and companies need to start connecting their whole supply chain with an audit support function to highlight risk and correction. Do companies know the strength of the companies within their supply chain? Especially cyber risks? Hacking small businesses can be an easy way to literally allow a hacker to walk into a larger company.
