Skip to main content
Category

Cyber Sales Articles

CCPA California Violations

CALIFORNIA CONSUMER PRIVACY ACT

VIOLATIONS & LAWSUITS

THE 1ST COMPANIES SUED FOR VIOLATING NEW CCPA PRIVACY LAWS

Zoom, SalesForce, Marriott, Clearview AI, Ambry Genetics, Aeries, Sunshine Behavioral Health Group, Minted, TikTok, Apple, Life on Air, and Walmart have been some of the first companies to experience privacy violations lawsuits of the brand new California Consumer Privacy Act, known as CCPA, that went into effect on January 1st, 2020. Businesses were granted 6 months to comply with the new statute with violation eligibility beginning on July 1st, 2020.

DOES EVOLVE’S CYBER POLICY COVER CCPA SUITS?

Evolve’s cyber insurance policy covers foreign, federal, state, & private privacy suits resulting from a cyber event. Evolve’s coverage includes legal defense costs of any CCPA lawsuit brought against the Insured and/or the cost of fines/penalties. CCPA violations are covered in Insuring Clause 4: Network Security & Privacy Liability.

DOES MY BUSINESS COMPLY WITH CCPA?

Evolve’s policyholders get access to a 30 minute consultation with ControlCase, a specialized regulatory privacy auditing company FREE OF CHARGE. On this call, business owners can find out if the information their business stores has any liability under CA’s CCPA statute.

WHAT IS THE CCPA?

Going into effect on January 1st, 2020, the California Consumer Privacy Act (CCPA), is a new privacy regulation designed to give California residents control over their own data. The CCPA takes the position that California consumers “own” their privacy information and provides them five general “rights” for their personal information. Under the Act, California consumers will have the right:
1. To know what personal information is collected about them.
2. To know whether and to whom their personal information is sold/disclosed, and to opt-out of its sale.
3. To access their personal information that has been collected.
4. To have a business delete their personal information.
5. To not be discriminated against for exercising their rights under the Act.

WHICH BUSINESSES MUST COMPLY WITH CCPA?

CCPA applies to for-profit businesses that collect California residents’ personal information, do business in the State of California, and meet one of these three requirements:
1. Annual gross revenues in excess of $25,000,000.
2. Receive or disclose the personal information of 50,000 or more California residents, households, or devices on an annual basis.
3. Derive 50% or more of their annual revenues from selling California residents’ personal information.

CCPA PENALTIES & PRIVATE LAWSUITS

Consumers can claim actual or statutory damages ranging from $100 – $750 per consumer, per incident, caused by a data breach.
CA Attorney General can impose injunctive or declaratory relief in fines for violations ranging from $2,500 (unintentional) to $7,500 (intentional).

CASE STUDY: WALMART’S CCPA VIOLATION

According to Bloomberg Law, Walmart recently joined the list of major CCPA lawsuits on July 11 after hackers accessed their website’s database and siphoned customer credit card information. Ranging anywhere from $5 – $110 on the dark web, hackers resell credit card information in exchange for bitcoin, hardware, or software. 
The California plaintiff accusing Walmart felt that the organization’s data security controls could not have been up-to-par due to the hackers’ easy entry into their networks and systems.  Walmart is currently disputing the allegations, stating that their controls do in fact meet the standards of the CCPA, in hopes that the door to a class action lawsuit will close after further investigation of the incident.
With fines up to $750 a head, Walmart could be facing charges in the thousands to hundreds of thousand of dollars based upon the size of the affected individuals. 

kanye biden obama elon twitter hack

TWITTER HACKED

High Profile Accounts Hacked In Social Engineering Scam

Hackers take over the following twitter accounts after accessing HQ admin tool:

Joe Biden, Kanye West, Barack Obama, Warren Buffett, Michael Bloomberg, Jeff Bezos, & Elon Musk.

 

How did Twitter get hacked?

Hackers socially engineered or “tricked” Twitter employees into giving them access to internal Twitter systems & tools. The hackers targeted celebrity twitter accounts by requesting bitcoin for charity, tricking people into sending money to the hacker’s fraudulent bank account!

How much money did the hackers steal?

The scam resulted in 383 transactions and 13 bitcoin or $118,000 worth of money over 24 hours sent to the hackers’ fraudulent bank account.  The tweets posted from the high-profile accounts were up for about 3 hours before Twitter’s cybersecurity team contained the event and alerted users to the hack. 

Does Evolve provide cyber insurance for this type of event?

YES! Evolve’s Cyber Crime covers Push Payment Fraud, or 3rd party social engineering coverage for the Insured’s clients or vendors. These attacks occur when a business’ customers (or in this case social media users) are tricked into sending money to a fraudulent bank account, under the impression that it belongs to the business. If the Push Payment Fraud section of our policy is triggered due to a cyber event, we will reimburse the Insured with the costs associated to indemnify their customers who were tricked into sending money to a hacker. 

 

Evolve | Billions of Passwords New Accessible via the Dark Webs Underground Forums

BILLIONS OF PASSWORDS

LEAKED ON THE DARK WEB

Usernames and passwords for over 15 billion accounts, including network administrator accounts, bank accounts, and streaming services are in circulation online.

HOW DO HACKERS SUCCESSFULLY ATTACK BUSINESSES?

The cybersecurity researchers at Digital Shadows studied The Dark Web for 18 months analyzing how hackers gain access to stolen account details. Their findings; shocking, yet powerful to mitigate your client’s cyber exposure. Right now, the average person has signed up for 191 online services, actively giving out 191 combinations of confidential login credentials. You would never give out your work email address and favorite reused password to a stranger, but that is exactly what the average person has done 191 times. Hackers have stolen over 15 billion login credentials from over 100,000 online services. These stolen login credentials are behind the vast majority of successful hack attacks on businesses!

THE SCARY, SHOCKING CYBER EXPOSURE REALITY

The vast majority of people do not understand that their confidential login credentials are already being used by hackers to attack their company! Most businesses learn this lesson, only after experiencing a hack attack.

MITIGATE CYBER EXPOSURE WITH THE DARK WEB SCANNER

Evolve’s Dark Web Scanner pulls the top 10 people within the organization that have had their login credentials stolen, prioritized by the amount of services that have lost their information. Empower your clients to mitigate their cyber exposure by presenting this information with security recommendations to decrease cyber exposure. Risk mitigation recommendations include, but are not limited to, implementing a strong password protection plan, multifactor authentication, and secure funds transfer protocols. You can find a total checklist of security best practices for management to audit their IT department in the Secure My Business Checklist button above.

DARK WEB HACKING STATISTICS

  • 15 billion login credentials are circulating The Dark Web, up 300% since 2018.

  • 100,000 online services have had their sensitive login information stolen by hackers.

  • General login credentials are initially sold for $15.43 before being released for free.

  • Financial/bank account credentials are sold at an average of $70.91 per login.

  • Administrator credentials are sold at an average of $3,139, but can go as high as $140,000.

  • 2 million “invoicing” (already) compromised email threads are actively being sold.

  • Brute force cracking software is widely being used to verify stolen passwords at $4 an account.

Evolve | The Dark Web Scanner

The Dark Web Scanner

The Cyber “Security” Sales Tool

What is the Dark Web Scanner?

Did you know that the majority of your clients have already been compromised by hackers? Right now, hackers have access to billions of confidential “stolen” login credentials from online 3rd parties. Hackers specifically use these compromised login credentials to get into things like employee email accounts or even worse, bank accounts. This hack attack is called “business email compromise” or “BEC” and it costed US businesses $1,700,000,00 last year according to the 2019 FBI Internet Crime Report. Click the button below to pull a dark web scan for your client!

How does the Dark Web Scanner simplify cyber sales?

Before discussing cyber insurance, Evolve now shows the top 10 people in the organization that have had their login credentials compromised, the amount of times, and the services that lost their information. Most businesses are unaware that their employees have compromised login credentials, until those credentials are successfully used in a hack attack against the business. By showing the business owners actual, compromised employees in their organization, cyber insurance exposure becomes real. Hackers frequently use these credentials to successfully execute the two most common cyber attacks; “Ransomware” & “Funds Transfer Fraud.” Click the button below for more information on each type of attack!

How does the Dark Web Scanner mitigate cyber exposure?

Step one is making the business aware that hackers have stolen sensitive login information on their employees, via online 3rd parties, increasing the business’ hack attack vulnerability. Step two is recommending a strong password security protection program that mitigates against BEC hack attacks. Best practices include top down implementation of corporate password management software, strict difficulty requirements, and the simple rule: NEVER REUSE PASSWORDS. Click the button below for a business owner “cybersecurity best practices checklist.”

Evolve Wins Advisen 2020 Cyber Awards

Thank You For The Support!

“Evolve Wins Monumental Advisen 2020 Cyber Awards”

What are the Advisen Cyber Risk Awards?

For the past seven years, Advisen Ltd., the insurance industry’s leading data, technology, & media company, has hosted what has become the most esteemed international awards ceremony in the cyber insurance community.  Thousands of industry leaders from across the globe gather at the awards ceremony to become acquainted with their peers and honor the cyber market’s top performers. Last year, Evolve MGA took home the “Cyber Newcomer of the Year Award” thanks to the outstanding support from our broker relationships. This year, Evolve took home not one, but TWO of the most sought-after awards Advisen has to offer.

The folks at Evolve wanted to say a special THANK YOU for helping us win these awards.

Evolve Wins Advisen’s 2020 “Cyber MGA of the Year”

The Cyber MGA of the Year award is presented to the managing general agent that has proven their enduring commitment to cyber industry by working closely with their clients to uphold the highest standards of customer service, while offering specialized underwriting capabilities on behalf on an insurer. Evolve is truly humbled to have won this prestigious award.

Esteemed Nominees: CFC Underwriting, Coalition, Corvus, Cowbell Cyber, Ascent Underwriting, At-Bay, Arceo.ai, EmergIn Risk, Pen Underwriting, ProWriters, & Victor Insurance Services.

Acceptance Speech

Evolve Wins Advisen’s 2020 ” USA – Cyber Person of the Year”

The Cyber Person of the Year – USA award recognizes the commitment and judiciousness of the market’s most deserving individual, as well as their dedication to their peers, clients, and company.  This year, Evolve’s Patrick Costello (LinkedIn) & Michael Costello (LinkedIn) were both honored with this award, making all of us at Evolve very proud to work among such capable and accomplished leaders.

Esteemed Nominees: Erica Davis (Guy Carpenter), Yosha DeLong (Zurich), Joe DePaul (Willis Tower Watson), Christiaan Durdaller (INSUREtrust), Christian Hoffman (AON), Sylvia Menetre (McGriff Insurance Services), Garin Pace (AIG), Brian Robb (CNA), Rob Rosenzweig (Risk Strategies), Marc Schein (Marsh), and Michael Tanenbaum (Chubb).

Acceptance Speech

Thank you!

We cannot express our gratitude enough and look forward to continuing our journey as one of the cybersecurity insurance industry’s most prominent leaders in years to come. 

We appreciate YOU for supporting Evolve MGA.

– The Evolve Team

 

What is Cyber Insurance?

Evolve | What is Cyber Insurance

What is Cyber Insurance?

Cyber insurance, also referred to as “cyber liability insurance,” “data breach insurance,” or simply “hacker insurance” is an insurance product that covers the costs associated with hack attacks and data breaches.  In today’s world, hackers are constantly evolving (pun intended) by thinking up new, creative methods of illegally acquiring company funds and sensitive data via electronic means.  Cyber insurance covers all the costs faced by a business after experiencing a hacker prompted cyber attack.

What does “cyber liability insurance” cover?

Traditional cyber “liability” insurance coverage provides reimbursement for third party legal defense costs a business faces after a cyber attack results in a third party lawsuit and/or a regulatory fine or penalty. The most common third party lawsuit occurs after a business loses sensitive personally identifiable information (PII), protected health information (PHI), or payment card information (PCI). The second most common cyber liability lawsuit occurs when a business passes a computer virus to a third party. 

What does cyber insurance cover?

Modern day cyber insurance has liability coverage and extensive first party coverage built in for all the costs that come out of the businesses’ pocket after a cyber attack. Most cyber attacks require expensive forensic experts to stop the attack before it is out of control and a data breach attorney to mitigate any future costs by following federal, state, and private regulatory bodies. Other first party cyber insurance costs include notification, PR hourly billables, system damage & restoration, business interruption lost profit, reputational harm lost profit, cyber crime fraudulent transfers, ransomware extortion, cryptojacking, and hardware replacement.

What are the most common cyber attacks?

Nearly all cyber attacks start as either ransomware or funds transfer fraud, also known as social engineering or wire transfer fraud. In a ransomware attack, a curious employee normally clicks on a phishing email sent by a hacker that automatically downloads ransomware malware. The ransomware virus is written to locate enterprise information stored in the cloud & locally, encrypt the information grinding the business to a halt, and extort the business for cryptocurrency in order to have their information decrypted. Wire transfer fraud, is reimbursement cyber insurance coverage after the business accidentally sends money to a fraudulent third party, better known as a hacker!

In a ransomware cyber attack, what is covered by cyber insurance?

A cyber specialist forensic expert, at a $500 hourly billable rate, is the first call to remove ransomware and get the business back up and running. In the event the ransomware is unable to be decrypted, the business will be directed to pay the cryptocurrency extortion payment to decrypt the data. If the ransomware is not caught in time or the hackers decide not to decrypt the data, the business could face serious business interruption costs, data recreation costs, and reputational harm costs.

In a funds transfer fraud cyber attack, what is covered by cyber insurance?

Cyber insurance covers the reimbursement cost for funds fraudulently sent to the hacker’s bank account from either the businesses’ bank account, the clients’ bank account, or the senior executive officers’ bank accounts.

Why do businesses buy cyber insurance?

Cyber insurance is a cost effective cyber risk mitigation insurance product that can save a business hundreds of thousands to millions of dollars in the event of a cyber attack. Successful cyber attacks are caused by human error, typically rooted in curiosity or blind trust. Millions of small businesses lose billions of dollars every year to hackers!

What does cyber insurance cost?

Cyber insurance costs vary based upon the size of the business, the industry, and the coverage included in the cyber insurance policy. Buyer beware! With over one hundred cyber markets competing against each other, coverage can be extremely limited and pricing is all over the board. It is important to get a professional opinion from an insurance broker on the correct coverage for the right price. For businesses under $50M in revenue, the average cost for the broadest cyber insurance product is $5,000.

What should I look for in a top cyber insurance company?

The best cyber insurance companies offer risk management services that improve the businesses’ overall security practices, the broadest cyber coverage that is triggered in the time of a claim, and immediate access to specialized forensic claims handlers on a 24/7 hotline to stop a claim before it gets out of control.

Cyber Insurance from Evolve MGA

Evolve is a cyber insurance “specialist” market that underwrites the broadest cyber insurance policy in the marketplace distributed directly to retail insurance agencies across the United States. In addition to providing the broadest cyber policy in the market, Evolve policyholders have direct access to the largest cyber specialist claims team in the world and risk management vendors that improve overall cyber security. Retail insurance brokers love Evolve’s simple streamlined quote to bind process and cyber specialized sales and marketing tools. Interested in a cyber quote? Email [email protected] with a business name and revenue figure for quotes!

Client Advisory: COVID-19 Cyber Attacks

Evolve | Corona Cyber Attack

Client Advisory: COVID-19 Cyber Attacks

Hackers Exploit COVID-19 with Malware / Ransomware in Phishing Emails

Cyber criminals have registered over 4,000 domain names containing “Corona” and/or “Covid.” Disguised as COVID-19 help, these new fraudulent domains are being used to execute phishing and ransomware attacks. Fraudulent emails may come in the form of a message from the Center for Disease Control & Prevention (CDS), the World Health Organization (WHO), health advice from a medical specialist, or even internal workplace policy notifications.

Best Practices to Avoid a Cyber Incident

Multi Factor Authentication:

In order to prevent hackers from obtaining access to emails, we highly recommend utilizing Multi-Factor Authentication (MFA) when logging into email related accounts and applications that require a username and password. MFA will send a text / alert to the user’s cell phone with an authorization code, which will be used to confirm the person logging into the email account is in fact them. This is one of the most successful methods of preventing hackers from using brute force attacks, in which they run a program that rallies through a series of passwords until one works. There are free MFA options with every email service provider.

Phishing Training:

One of the best practices that businesses can employ in order to prevent fraudulent email incidents is to train personnel on how to spot them.  If you are an Evolve policyholder, you have access to one of our free risk management tools called CyberRiskAware. This program allows the user to create fake phishing email campaigns which are sent to staff members. If a staff member opens the email and clicks on a link, they will be prompted to watch an educational video about fraudulent email awareness.

Advanced Preparation / Anticipation: 

In the event of a phishing or ransomware attack, it is important to have a plan of action in place in order to contain the incident as quickly as possible.  Our 24/7 cyber incident response team is ready to provide immediate assistance, so please be sure to contract them as quickly as possible if you believe your business may have experienced an email breach.

Recent COVID-19 Hacks in the News

Hackers Claim to Defeat iPhoneX ‘Face ID’ Authentication

Hackers Claim to Defeat iPhoneX 'Face ID' Authentication

Apple’s iPhoneX Face ID feature recently made headlines, but for reasons that questions the security of their cutting edge technology.  A Vietnam research firm, Bkav, claims that they have successfully fooled Apple’s latest facial recognition system, Face ID. According to the firm, the mask used to fool the system is crafted by combining 3D printing with makeup and 2D images, in addition to some special processing on the cheeks and around the face, where there are large skin areas, to fool the AI of Face ID.

This display of sorcery by Bkav reinforces the importance of practicing sound security practices to avoid cyber crimes. We instill a lot of trust in companies like Apple, but companies need to instill that same level of trust in their end users who will be accessing sensitive business information on a daily basis.

To watch the security firm, Bkav, combat Apple’s Face ID technology click on the link.

In the result of your new, company iPhone X being compromised, EvolveMGA cyber policy, EVO 3.0, covers policyholders in the event their cloud data is hacked, lost, or stolen.