Search This Blog

Showing posts with label Business. Show all posts

Rise of Cyber Insurance Due to Hackers



The new technologies used by hackers to invade victims’ systems are becoming a concern for organizations and companies. Many organizations are providing cyber insurance to protect the data of users and businesses. 

Australian companies are investing more than $800 million in cyber insurance in the next two years. This is a part of their strategy to create the protection of the companies and safeguard them from malicious attackers. The government has also put up higher penalties in case of breaching data.

The malware attacks on Optus and Medibank caused great harm to their financial building. Macquarie Research proved that there has been an increase in investment by companies to safeguard themselves against such attacks. 

The analyst of the investment bank evaluated that the premium cyber insurance had doubled since 2020 to $840 million this year in Australia. They also added in the report that this number will rise to $815 million by 2024. 

Cyber insurance is comparatively an unpopular market, and it is still a smaller market than other insurances. However, a rise in cyber insurance demand has been noticed by analysts which is complemented by an increasing need for cyber protection. 

In one of the reports, the analysts explained that attacks on Medibank and Optus will increase the number of cyber insurances. Currently, 68% of the ASX 200 companies have already bought cyber protection. 

It is expected that there could be further significant price increases across all industries over the next 12-24 months in response to the proposed backdating of higher fines in Australia. 

Analysts believe that the majority of costs incurred by companies as a result of a cyberattack are legal and consulting expenses to rebuild their technology. This is besides fines and ransoms when a company is attacked. The research found that, despite previous warnings for boards to pay more attention to cyber risks, rating agencies still did not pay enough attention to the same when assessing companies' environmental, social, and governance (ESG) risks. 

In other words, "Data is the new coal - once the greatest asset on the balance sheet, it is now the greatest contingent liability on that balance sheet," said a recent study. 

Additionally, there has been a breach of data at a shopping website owned by Woolworths over the last month. This is in addition to the hacks of Optus and Medibank. In the past week, there has been an attack on the Smith Family. 

Insurers may be able to absorb the losses incurred as a consequence of the Optus and Medibank attacks without the need to increase premiums, according to Ben Robinson, placement manager at insurance broker Honan. Despite these incidents, the head of the insurer said companies should pursue cyber risk management to deal with the challenges of the digital age. 

According to Robinson, who practices cybersecurity risk management as part of his firm's corporate consulting services, compliance requirements are getting tighter as they try to reduce vulnerabilities. His clients range in size from $250 million to about $3 billion in market capitalization. 

Moreover, Macquarie's research indicated that insurers were "dramatically" altering their risk appetite, with some insurers declining to quote for companies that were not equipped with the correct controls, and others declining to offer them quotes in the first place. 

The analysts also pointed out that smaller organizations could have difficulty getting adequate cyber protection by relying on local insurers. This is because only half of those on the local market offer cyber products to small and medium businesses, as their survey indicates. 

A small amount of cover is provided by ASX-listed insurers in the cyber insurance market, though Macquarie’s analysts believe that Insurance Australia Group and QBE will be looking at ways of gaining a small amount of market share shortly. 

According to a spokesperson for QBE, "cyber insurance constitutes a small fraction of the company's global business, and it has traditionally not been a focus for the company. However, as a priority, meeting the needs of our customers is crucial, and we need to make sure that our products are designed to address these needs." 

IAG offers small and medium-sized businesses cyber insurance through its brands CGU and NRMA, which are available through its Insurance division. It has, however, been reported that demand for the company's products has not significantly increased as a consequence of the attacks on Optus and Medibank.

Integrated Business Management Solution – Catalize

 

Organizing and managing a business could be a hassle, especially when you're setting about. With Catalize, you can support, improve and automate your business by creating a streamlined digital workplace. Catalize provides modern ways to manage internal and external projects efficiently with a focus on consumer businesses, the company specializes in the ERPNext, the agile open-source ERP platform built with Framework, a low code web framework in Python and JavaScript. They can aid you with their class apart solution, approach, and technology. 

ERPNext is an advanced, user-friendly, free, open-source business system that allows businesses to run more effectively as it supports various aspects of retails including distribution, manufacturing, trading, services, et Cetra. Primarily focusing on aiding services companies, Catalize offers quick and quality solutions by employing emergent technologies to address issues and manage operations which in turn boost productivity by effectively optimizing the processes viz; sales, purchase, manufacturing, CRM, accounting, and HR, to name a few.  

With a focus on accelerating digital transformation, Catalize offers a comprehensive range of highly qualified solutions powered by digital enablement. The company's services integrate all aspects of business management comprising People/HR Management, Sales and CRM, Inventory and Purchase, Accounting, Business Intelligence and Reporting, Manufacturing and Planning, and Project and Order Management.  

Catalize consists of partners and associates who are adept in their respective fields of specialization with substantive experience and expertise. The team of over 10 experienced professionals and techno entrepreneurs with exhaustive industry experience at Catalize combines implementation capabilities with extensive knowledge of standards expected in the global marketplace. Their approach towards helping their customers solve business issues entail the following:  

• Requirement Understanding 
• Project Planning & Organization 
• Functionality Assessment & Design 
• Customization & Design 
• Implementation & Training 
• Post Implementation Support  

In a short span of its advent, the company has successfully delivered more than 25 projects of partial and full implementation and degradation across India and the Middle East for industries such as shipping, education, manufacturing, trading, BFSI, IT, et cetera. Finaxar, RAN, SIIM, HASHh, Pacific Rim Plantation Services, Active International Trading & Contracting Co., SAS Photography, Vridhi Maritime Pvt. Ltd are some of the company's top clients.  

The tenacity coupled with the technical excellence at Catalize provides benefits such as Integration of information, Uniformity and process efficiency, Increase in customer satisfaction, Business Intelligence and reporting, Productivity improvement, Accessibility, and accuracy of records. Here's a quick way to reach out to Catalize: hello@catalize.in 

Cyberattacks In Companies Result in Customer Prices, Cost of Doing Business

 

If a person visits his favorite store that suffers cyberattacks frequently, he might think that someone stole his wallet. These types of data breach or cyberattack, the sense of fear, isn't new to the users. The rise in number of attacks, impact and the cost of these breaches, however, are new, customers notice. In today's date, a customer is up-to-date about these attacks, compared to earlier times. They affect the customers directly more in present times after all, like when threat actors steal personal data from a big organization. 

How do the customers think about such attacks? 

When threat actors target organizations, consumers pay the cost too. In simple terms, customer suffers from the price increase of goods and services. "When attackers sell customer data on the dark web and other criminals buy that data, they can turn an enterprise attack into hundreds of others. It can spin off into credit card fraud, identity theft, and a world of social engineering scams. Cyberattacks may strike once, but identity- and personal data-related fraud is forever," reports Security Intelligence. 

Cyberattacks affect costs because of ransomware payments, lawyer fees, increased insurance rates, cost of returning everything back online, and operational failure. The costs are paid by the companies, but at the last, the customers have to pay the prices. The costs of these attacks are increasing every year. According to Sophos survey, the average cost of a ransomware attack, for example, was $1.85 million in 2020 — double the previous year. 

The future keeps getting dark, cyberattacks costs across the world are said to increase by 15% per year for the next five years, said to reach $10.5 trillion per year by 2025, as per the cybersecurity experts. The rise is in the cost of doing business, which will affect the customer prices. According to Security Intelligence, "the rise in cyberattacks on businesses has heightened consumer worries in the past year. Some 44% feel more at risk from cybercrime than they did before the COVID-19 pandemic began, according to the Norton survey."

ESET: FontOnLake Rootkit Malware Targets Linux Systems

 

Researchers have detected a new campaign that is potentially targeting businesses in Southeast Asia using previously unknown Linux malware that is designed to allow remote access to its administrators, as well as collect credentials and operate as a proxy server. 

The malware group, called "FontOnLake" by the Slovak cybersecurity firm ESET, is reported to entail "well-designed modules" that are constantly modified with a wide range of features, indicating an active development stage. 

According to samples uploaded to VirusTotal, the initial attacks employing this threat may have happened as early as May 2020. The same virus is being tracked by Avast and Lacework Labs under the name HCRootkit. 

ESET researcher Vladislav Hrčka stated, "The sneaky nature of FontOnLake's tools in combination with advanced design and low prevalence suggest that they are used in targeted attacks." 

"To collect data or conduct other malicious activity, this malware family uses modified legitimate binaries that are adjusted to load further components. In fact, to conceal its existence, FontOnLake's presence is always accompanied by a rootkit. These binaries are commonly used on Linux systems and can additionally serve as a persistence mechanism." 

FontOnLake's toolkit consists of three components: trojanized copies of genuine Linux utilities utilized to load kernel-mode rootkits and user-mode backdoors, all of which interact through virtual files. The C++-based implants themselves are programmed to monitor systems, discreetly perform commands on networks, and steal account passwords. 

A second variation of the backdoor also function as a proxy, modify files, and download arbitrary files, while a third variant, in addition to combining characteristics from the other two backdoors, can run Python scripts and shell commands. 

ESET discovered two variants of the Linux rootkit that are based on an open-source project called Suterusu and share features like hiding processes, files, network connections, and itself, as well as being able to perform file operations and obtain and run the user-mode backdoor. 

Enterprise Password Management 

It is yet unknown how the attackers gained initial network access but the cybersecurity firm highlighted that the malicious actor behind the assaults is "overly cautious" to avoid leaving any traces by depending on multiple, unique command-and-control (C2) servers with different non-standard ports. All the C2 servers observed in the VirusTotal artifacts are no longer working. 

Hrčka stated, "Their scale and advanced design suggest that the authors are well versed in cybersecurity and that these tools might be reused in future campaigns." 

"As most of the features are designed just to hide its presence, relay communication, and provide backdoor access, we believe that these tools are used mostly to maintain an infrastructure which serves some other, unknown, malicious purposes."

Software-as-a-Service: Next Big Thing in Tech, Could be Worth $1 Trillion

 

Since the late 1980s, India has been a destination for low-cost, outsourced software and support services and that was the time when the labor force became a cost-effective solution for multinational companies globally. Historically, the labor arbitrage model has increased the country's wealth, also providing employment and fuelling urbanization. 

Because of the world pandemic, global industries are forced to increase their investment in digital infrastructure, boosting the influence of companies providing software-as-a-service, or SaaS. According to a KPMG survey, last year organizations spent an extra $15 billion per week on technology to improve safe remote working environments. 

While India’s software-as-a-service industry will be worth $1 trillion by 2030, it will also likely increase employment by nearly half a million new jobs, according to a recent report compiled by consulting firm McKinsey & Co. and SaaSBoomi, a community of industry leaders. 

SaaS companies are also known as "on-demand software" and Web-based/Web-hosted software facilitates applications that take care of the software. There are some best-known SaaS companies including Zoom (ZM), Salesforce (CRM), SAP Concur, and the messaging app Slack. 

SaaS has become a common delivery model for many business applications, including office software, messaging software, payroll processing software, DBMS software, management software, CAD software. 

According to the report, there are thousands of such companies in India, of which 10 are unicorns, their startups' worth is $1 billion in value. 

"This can be as big an opportunity as the IT services industry was in the 90s," said Girish Mathrubootham, CEO of Freshworks India’s best-known SaaS Company. Last month, the company (Freshworks) filed for an IPO, joining the league of other Indian unicorns that are going public this year.

Furniture Village Hit by a Week-Long Cyber Attack

 

Customers have been left 'with nothing to sit on' and unable to pay while waiting for sofas, beds, and tables as a result of a week-long cyber-attack on Furniture Village. The Slough-based store revealed yesterday that it had been the 'subject of a cybersecurity attack,' but that 'to the best of its knowledge,' no customer data had been disclosed. 

Internal systems are momentarily down, according to the company's website, although orders are still being taken online and in stores. The problem was discovered six days ago, on May 29, when Furniture Village said that its systems were experiencing technical difficulties and that its phone lines had been disconnected. 

Customers have been complaining on social media for over a week about not being able to get refunds or contact customer service, as well as delays or cancellations in delivery. The company confessed in a tweet that deliveries are taking longer than normal since its 'warehouses are currently operating manually.' 

In a statement released yesterday, Furniture Village said: "Frustratingly, our company was recently the target of a cybersecurity attack, however, by immediately implementing security protocols, including shutting down the affected systems, we were able to restrict the scope of the attack. Thankfully, to the best of our knowledge, no personal data has been lost or compromised." 

"We're working around the clock to restore all system-related functions of the business as soon as it’s safe to do so. The business remains healthy, and our teams are focused on supporting our customers, resorting to manual processes where necessary," the company added. 

The precise nature of the attack is unknown at this time, however, some industry experts suspect the retailer was the victim of a ransomware campaign. No formal confirmation has been given as to whether or not law enforcement agencies have been alerted. 

The National Crime Agency of the United Kingdom released its 2021 National Strategic Assessment last week, claiming that criminals are using technological advancements to fuel "serious and organised crime." Ransomware assaults have "grown in frequency and impact," according to the report.

"It is estimated 50 percent of all ransomware attacks included a threat to publish stolen data and over the last year there were £3bn of estimated fraud losses for UK individuals and businesses, but an accurate figure is constrained by significant under-reporting," it said.

Five Steps That Will Boost Your Cybersecurity And Assure Business Community In Real Life

 

The concept of business and marketing has seen a tremendous change for a few years. Business continuity meant protecting your company in times of crisis. However, it is about recovering from large scale cyberattacks as quickly as possible in the present times. These threats can include malware, phishing emails, DDoS attacks, ransomware, etc.


 
In recent times, there has been a rapid change in the field of cybersecurity too. It has now become a vital part of an organization's business continuity, in protecting employee data, intellectual property, operational plans, R&D, etc. Due to this, a question arises of 'how corporate and IT experts can work hand in hand' to protect an organization and promote its business. 

To achieve these goals, a simple five steps method, if followed, can ensure your organization's cybersecurity and prevent it from threats and cyberattacks. 

1. Prioritize: Threat intelligence should be acquired, and it should be prioritized to formulate a defense plan. Keep in mind that simulation attacks won't be much helpful as real-time attacks. Simulated attacks won't tell you the real strengths and weaknesses. This information helps experts identify the threats they must be more careful about and build a counter-testing testing plan. 

2. Measure: You should examine whether the measures you are taking to protect your business is helpful. If not, your preventive actions are ineffective. The plan should include analyzing threat adversaries and technical attacks, and how your people respond to it. 

3. Optimize: This step involves analyzing the gaps or barriers that you identified in the measuring stage. An effective business means overcoming these gaps and barriers. When the controls are optimized, the testing can then provide more measurable results that will make your security more robust. 

4. Rationalize: Is your investment in security measures proving beneficial or just a waste of money. With the help of testing data acquired after optimizing controls, the experts now know where to cut costs and invest more. It allows a business to save money while keeping the risk factor under control. 

5. Monitor: The final and most crucial step involves keeping a constant eye on changing the IT environment trends. There might come new challenges that your company might have to face; therefore, there should be a continuous evaluation of potential threats that might impact your business.

America Vs China! The USA Alleges Huawei to be a Technology Thief and Spy for China?


In view of recent reports, China and the US have taken their technology war to court. Now, the US firms allege that the telecom colossus, Huawei has been planning to rip them off of their technology for “decades”.

Hence, the American organizations decided to expand the premises of their lawsuit against the Chinese mega-company.

The prosecuting attorney mentioned that Huawei did indeed violate the terms of the contract with the companies of the US by stealing robot technology, trade secrets and such.

Per sources, Huawei has straightaway denied all the allegations and has cited that the US is merely threatened by the competition and hence are trying to run down the name of Huawei.

Per newspaper reports, the mega smartphone maker’s chief financial officer and the founder’s daughter are held captive in Canada, struggling against extradition.

According to sources, there are charges of fraud and “sanctions violations” on the founder’s daughter, which she has waved off and denied.

Huawei pretty strong-headedly is maintaining that this lawsuit and the charges on the company are trivial attempts at tarnishing the reputation of their company and attempts at depleting stakes of competition.

Per reports, the fresh accusations of the US against Huawei include trade secret embezzlement, racketeering and even sending spies to obtain confidential information.

Sources reveal, that the persecution attorney also said that Huawei with its stolen data cut both times and cost in the research and development for the company which helped it climb the steps faster than the others.

Per Huawei, the newer charges are just another way of bringing up older claims. Nevertheless, it doesn’t look like the US plan to withdraw their claims or the lawsuit in the near future or at all.

This technological rift has a strong possibility of transforming into a political dispute between America and China. The US is forcing countries like the UK to pull back their support from Huawei, continuing to say that the equipment could be used by China for spying.

Relations between China and the US are down a very flimsy and unpredictable road. All the same, the UK still continues its business ties with Huawei but with possible limits.

State of the Art Cyber-Security and Network Security a Top Priority for The Business Market



Reportedly, accepting the growing need for better cyber-security tactics and embracing a further developed regime for securing the businesses on the cyber front, European organizations are up for upgrading their network security.

With a high rise in the number of cyber-crime, mainly data breaches, and other infamous cyber-attacks it’s become the need of the hour to promote more initiatives regarding data safety.

By taking upon themselves the idea of spending more on modern security techniques and solutions, the European businesses are investing truly in lucrative methods of counteracting cyber-crime.

Along with getting into partnerships with their local governments, network security is one of the major focuses of the organizations with allegedly an expected compound annual growth rate of over 15% by 2025 in the field.

Protecting data integrity, guarding businesses against any virus or malware attacks, stabilizing the critical business networks and shielding against any unwanted intrusions are a few of the major missions.

Network management has indeed become difficult owing it to the technological advancements, multiplication in the variety of devices and intricate network structures and hence network monitoring tools have become imperative.


Long gone are the days of traditional solutions to not so traditional cyber-hazards and cyber-insecurities. Antiquated prevention systems are obviously failing at keeping cyber-crime at bay.

Reportedly, large amounts of random alerts are generated everyday but go unnoticed which leads to “classes of risky connected devices” going without proper monitoring, analyses and management.


Per sources, analysis of network security has got to be of paramount importance to any business that wishes to successfully and safely function in these imminently digital times.

Finding out what the actual threats are, reducing noise, realizing their motives and ultimately being ready for them when (if) they arrive at all is the smartest decision any organization could make.

The banking sector, per reports is one of the leading turfs to become cyber-active and cyber-ready. With all the e-commerce platforms and cyber-banking being a huge part of the digital game the investments are supposed face a gigantic hike in the coming years.

Cyber-attacks have several repercussions to them that they leave behind after wreaking the primary havoc. Financial damages, tarnished images, dissatisfaction between customers, clients and other stakeholders are at the top of the list.

With improved and upgraded cyber-awareness regimes and cyber-security solutions owing it to better analytics, all the enterprises from large to smaller ones shall definitely be more lucrative than ever.