• The Ransomware Task Force’s advice needs work

    Home » Forums » Newsletter and Homepage topics » The Ransomware Task Force’s advice needs work

    Tags:

    Author
    Topic
    Susan Bradley
    Manager
    August 22, 2022 at 2:42 am #2471817

    ON SECURITY By Susan Bradley A few weeks ago, the Ransomware Task Force (RTF) released the Blueprint for Ransomware Defense. The RTF was created by th
    [See the full post at: The Ransomware Task Force’s advice needs work]

    Susan Bradley Patch Lady/Prudent patcher

    2 users thanked author for this post.
    lmacri, windbg
    Reply | Quote
    Viewing 6 reply threads
    Author
    Replies
    • Alex5723
      AskWoody Plus
      August 22, 2022 at 5:16 am #2471833

      https://www.wsj.com/articles/lloyds-to-exclude-catastrophic-nation-backed-cyberattacks-from-insurance-coverage-11660861586

      By 2023, insurer groups must add clauses to cyber policies excluding state-backed hacks that severely affect target nation’s infrastructure, insurance marketplace says

      Lloyd’s of London Ltd. will require its insurer groups globally to exclude catastrophic state-backed hacks from stand-alone cyber insurance policies starting next year.

      Lloyd’s is a marketplace where roughly 75 syndicates of underwriters congregate to provide insurance coverage for businesses, organizations and individuals. As of March 31, when coverage begins or is renewed, syndicates must exclude state-backed cyberattacks from policies that protect against physical and digital damage caused by hacks, Underwriting Director Tony Chaudhry said in a bulletin dated Aug. 16.

      The move is designed to make sure insurers are clearly stating what they will and won’t cover, as the ability of state-backed hacks to spread and cause damage could cause systemic risk in the insurance market, the notice said…

      * Let the IT managers pay for damages.

      1 user thanked author for this post.
      Fred
      Reply | Quote
      • amonas
        AskWoody Lounger
        August 22, 2022 at 5:58 am #2471841
        Alex5723 wrote:

        https://www.wsj.com/articles/lloyds-to-exclude-catastrophic-nation-backed-cyberattacks-from-insurance-coverage-11660861586

        By 2023, insurer groups must add clauses to cyber policies excluding state-backed hacks that severely affect target nation’s infrastructure, insurance marketplace says

        Lloyd’s of London Ltd. will require its insurer groups globally to exclude catastrophic state-backed hacks from stand-alone cyber insurance policies starting next year.

        Lloyd’s is a marketplace where roughly 75 syndicates of underwriters congregate to provide insurance coverage for businesses, organizations and individuals. As of March 31, when coverage begins or is renewed, syndicates must exclude state-backed cyberattacks from policies that protect against physical and digital damage caused by hacks, Underwriting Director Tony Chaudhry said in a bulletin dated Aug. 16.

        The move is designed to make sure insurers are clearly stating what they will and won’t cover, as the ability of state-backed hacks to spread and cause damage could cause systemic risk in the insurance market, the notice said…

        * Let the IT managers pay for damages.

        state-backed cyberattacks or speculated state-backed cyberattacks? Is a suspicion good enough to back up a claim like that? With the accused country (of course denying it) who is responsible and accurate enough to say that the attack was backed by the X state? Would that be  the pure truth? setting factors like propaganda or other financial reasons aside?

        I would love to see this move in action.

        2 users thanked author for this post.
        wavy, Alex5723
        Reply | Quote
    • amonas
      AskWoody Lounger
      August 22, 2022 at 5:52 am #2471834

      Hello,

      “It is not intended to serve as an implementation guide, but rather a recommendation of defensive actions that can be taken…”

      As it is already stated is a recomendation and it is supposed to be abstract. The purpose of the paper is not to cover fully all possible scenarios \ infrastructures \ installations \ environments.Noone can do that for you…

      If you get to know your environment then you will know how much space you need for your audit logs and which logs should you eventually keep or look for. There are other product \ role specific guides available that will tell you which events should you look for in AD etc

      There is no one-guide-do-it-all available.Even Certification Material are not that stretched.

      That’s why i find your comments (“Many of the items listed are a bit vague or are not stressed enough for small to medium businesses to take action. “) a little bit inacurate.

      Reply | Quote
      • Susan Bradley
        Manager
        August 22, 2022 at 9:02 am #2471870

        The paper doesn’t include such items as either

        1. how to hire a consultant or
        2. better abstract advice to consultants

        There are way better resources such as Alex Field’s ITpromentor guides for the SMB market.

        We need actionable tools and recommendations not abstracts for the intended market.

        Susan Bradley Patch Lady/Prudent patcher

        Reply | Quote
    • Fred
      AskWoody Lounger
      August 22, 2022 at 7:22 am #2471853
      Alex5723 wrote:

      * Let the IT managers pay for damages.

      That’s an interesting thought, a paradigmachange perhaps?

      * _ ... _ *
      Reply | Quote
    • Will Fastie
      Newsletter Editor
      August 22, 2022 at 9:15 am #2471873
      Alex5723 wrote:

      By 2023, insurer groups must add clauses to cyber policies excluding state-backed hacks that severely affect target nation’s infrastructure, insurance marketplace says.

      That’s interesting, because I thought it would have already been covered under force majeure (e.g., act of war). Something must have happened to cause Lloyd’s to become more explicit.

      Reply | Quote
    • Alex5723
      AskWoody Plus
      August 22, 2022 at 10:24 am #2471891
      Will Fastie wrote:

      Something must have happened to cause Lloyd’s to become more explicit.

      Something did. With hacking on the rise it cost them a lot of money.

      Reply | Quote
    • Fred
      AskWoody Lounger
      August 22, 2022 at 12:24 pm #2471913
      amonas wrote:

      state-backed cyberattacks or speculated state-backed cyberattacks? Is a suspicion good enough to back up a claim like that? With the accused country (of course denying it) who is responsible and accurate enough to say that the attack was backed by the X state? Would that be the pure truth? setting factors like propaganda or other financial reasons aside? I would love to see this move in action.

      The layers from the various P&I-clubs will have a whole lot more to fight about.

      * _ ... _ *
      Reply | Quote
    • amonas
      AskWoody Lounger
      August 23, 2022 at 2:43 am #2472048
      Susan Bradley wrote:

      The paper doesn’t include such items as either

      1. how to hire a consultant or
      2. better abstract advice to consultants

      There are way better resources such as Alex Field’s ITpromentor guides for the SMB market.

      We need actionable tools and recommendations not abstracts for the intended market.

      There is the managerial part and the technical part.For the technical part there is of course better and more targeted material out there.

      I think the RTF is a managerial document. For managers and desicion makers. Not for the lower levels in the cybersecurity sector. Whenever i see refers to CIA (Confidentiality, Integrity, Availability) i always expect an abstract paper.

      BUT i still believe that we need more papers like that. Cybersecurity must start from the C-levels of the organization and not from below.Cut them some slack 🙂

       

      We need actionable tools and recommendations not abstracts for the intended market.”

      No we need to convince the management that cyberthreat is out there. And maybe in cybersecurity the ROI (Return of Investment) cannot be directly calculated BUT there is the (Return of NOT Investment) in case measures are not taken. After they realize that, we can talk about professionals, hiring and consulting.

       

       

      Reply | Quote
    Viewing 6 reply threads
    Reply To: The Ransomware Task Force’s advice needs work

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information:




DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    April 2025
    S M T W T F S
     12345
    6789101112
    13141516171819
    20212223242526
    27282930  

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.