You are here: Home / Publications / chris_sullins

Entries by chris_sullins

How Your Social Media Activity Can Make You a Sitting Duck

For many companies, social media is a powerful marketing and recruiting tool, fostering brand awareness and connection to current and potential customers. For a small business with limited resources, social media can function as an inexpensive advertising mechanism to a wide-ranging audience.

 

It’s also a highly engaged audience with the average global user spending 2 hours and 36 minutes a day on social media sites in 2018, according to statista.

 

But, have you considered that the information your company posts to social media can also make it an easy target for cybercriminals?

 

THE PROBLEM

The personal privacy risks associated with oversharing on social media is generally accepted by the typical user, whether or not they act accordingly. But companies also put themselves at risk by providing seemingly safe corporate information on a regular basis to their social media feeds in the interest of having an online presence.

As corporate social media use increasingly looks like mainstream personal use, the same security concerns are brought into play. Posting photos of your events at your office could inadvertently reveal clues that could be used to social engineer an employee or expose a security weakness. Posting updates from your company’s annual trip alerts criminals that your office is empty or is operating with a skeleton staff.

And, it’s not just the posts on your company’s page that can be mined for data. The interrelated nature of social media makes the personal accounts of your employees valuable as additional sources of information as well as potential sources of entry to your network.

Likewise, vendors and partners who are linked to or follow and comment on your social media accounts represent another attack vector, especially if they have a poor cybersecurity profile.

 

HOW COMPANIES GET HACKED

If you think like a hacker, you know that trying to hack past a company’s firewall and compromise highly guarded information without being detected is much harder than developing customized social engineering campaigns using the information you can find easily on social media sites.

People are wired to want to connect, which makes social media so appealing to us and so productive for cybercriminals. People’s willingness to share combined with the trust-based nature of social media is why phishing campaigns are more successful on this platform than via email.

 

Further, statista found that 81% of social media traffic in the third quarter of 2019 came from mobile. That’s important because the user interface on mobile can make users more likely to fall for phishing scams.

 

So, what methods are cybercriminals using on social media to infiltrate your network?

 

·         According to FireEye, email is the vehicle used in 91% of cybercrime. The personal information that is common on social media makes it much easier to impersonate another employee or senior management.

·         Malicious links are more effective on social media, where people are less suspicious than they are with email links. Hackers can pose as someone you know and send malicious links through direct messages.

·         Fake accounts can be created using photos and details of actual people or companies to create real-looking, but fake profiles to attract connections and distribute malware.

·         Similarly, profile hacking, like the August 2019 hack of Jack Dorsey’s twitter account, are generally undertaken to embarrass people or companies and damage their reputation.

·         Old social media accounts, that still exist but are neglected, present an easier opportunity for profile hacking than active accounts and could be used for illegal activity under the guise of your company.

·         Shortened URLs, such as those from Ow.ly and Bitly, can easily hide malicious links.

·         Hackers can pose as a customer service employee of any of the social media platforms and send an email that your account has been cancelled or compromised. Reinstating the account requires you to input your information.

·         Social media quizzes are a way for hackers to acquire personal information that can be used to socially engineer you or your friends.

·         Social media accounts are easily accessed on mobile devices, which makes them easy to compromise if a hacker gains possession of a lost or stolen employee device.

 

HOW TO PROTECT YOUR COMPANY & EMPLOYEES

 

First, be clear on why your company needs a social media presence. Maybe it doesn’t. That’s a tough sell, especially to a new or small business, but companies were able to grow for years before social media existed.

 

Nonetheless, if your company does maintain social media accounts, know which channels you’re on and which employees have administrative access.

 

Most importantly, have a social media policy that lays out what is and isn’t acceptable to post about the company. Then, train employees on how their personal use of social media can be detrimental to them and the company. Some general best practices include:

 

·         Use two-factor authentication.

·         Don’t connect with people you don’t know.

·         Don’t click on questionable links in social media posts. Instead, type the URL into your browser to view.

·         Don’t share information about yourself or the company that could be the answer to security questions used to identify you.

·         Don’t use the same password across platforms or for business purposes.

·         Utilize the privacy settings on each platform.

·         Don’t access your personal accounts or the company’s accounts over public Wi-Fi.

·         Report any suspicious activity immediately.

 

MONEY TALKS…

 

So, you know what walks, right? It’s understood that there’s a tradeoff between free social media and complete privacy and most are willing to make the exchange. However, the amount of privacy that’s relinquished tends to be more than people anticipate or understand. For social media companies, the business model is to generate revenue by selling your personal information to advertisers. So, it’s in the best interest of these companies (and their shareholders) to encourage you to provide plenty of identifiable data about yourself.  

 

It’s in the best interests of cyber-scammers too, who have created a $3+ billion social media crime industry using the data they collect from these sites.

 

November 14, 2019 by

eDiscovery: Bags of Money Not Required

“It’s unwise to pay too much, but it’s worse to pay too little.” John Ruskin

Being frugal is admirable. Believe me, I hate waste and I can make a dollar talk. But there are some expenses, such as medical care, insurance, financial and legal advice…even paint, where pinching pennies ends up being more expensive. The same is true for eDiscovery.

Having said that, there are simple ways to bring down the cost of eDiscovery and it involves:

·         Recognizing that a knowledge gap exists

·         Thorough planning ahead of time

 

·         Expert advice and guidance

THE KNOWLEDGE DISCONNECT

When it comes to eDiscovery, there is a knowledge gap for both clients and attorneys.

For clients, it’s hard to comprehend the unpredictable and opaque nature of eDiscovery costs and the wide fluctuation of these costs across individual cases. This is a justified frustration and a challenge that eDiscovery providers need to overcome.

For instance, a frequently-cited 2012 RAND study, identifies the average costs for eDiscovery production spanned a range of $17,000 to $27 million ($1.8 million median) for individual cases. That’s a meaningless estimate.

As for corporate eDiscovery, a 2018 survey by the Corporate Legal Operations Consortium (CLOC) found the average eDiscovery expense per year for companies was $2.8 million. (Mid-sized companies with annual revenue over $1B were 39.5% of respondents while large companies with $10B+ represented 46.5%).

Confusing cost structures is likewise an issue for litigators, but it’s the given process of eDiscovery that’s most burdensome. Attorneys need to have a level of knowledge about the available tools and technologies for a client’s specific eDiscovery needs, which is outside their area of expertise. For lawyers, it’s best to accept that your time is better spent on billable legal matters.

PLANNING AHEAD OF TIME IS KEY

Thoughtful planning with the goal of standardizing repeatable processes is the biggest initiative you can take toward reducing eDiscovery costs. While not everything can be standardized, think in terms of timelines and templates in keeping with best practices.

eDiscovery planning also includes collecting metrics to use as a reference for forecasting future costs and identifying any unnecessary outlays.

More than anything, planning eliminates the turmoil usually associated with eDiscovery. Getting started early and creating plans and protocols in advance is your best strategy for successfully navigating the process.

Create an ESI Protocol

Before a meet and confer, create a document with answers to frequently asked questions. Make sure you have extensive knowledge of your client’s data and the costs associated with the data you’re requesting from opposing.

Develop your ESI protocol so that it clearly addresses all necessary practices and procedures related to ESI in the case. This involves the technologies used, collection and culling methods, production specifications, and claw back provisions.

Cooperation between parties is essential because adversarial behavior makes eDiscovery very expensive. The earlier the terms of the ESI protocol are set and agreed upon, the lower the eDiscovery costs will be.

Proper Use of Legal Holds

According to Federal Rule of Civil Procedure Rule 26(b)(1), discovery in a civil case is available for “any nonprivileged matter that is relevant to any party’s claim or defense” and is proportional.

Therefore, when issuing a legal hold, it is helpful to have a process in place that lays out the specific data preservation expected and allows for negotiating cost-saving strategies such as phased discovery, sometimes referred to as data sweeps, and targeted data set collections.

Be specific about the data and documents that must be preserved and be sure to address automated IT functions so those operations can be stopped before data is unintentionally deleted, thereby hindering data acquisition.

Identify the Right People and Data Sources

Interviewing custodians is a quick way to identify the key people involved in the case, the relevant data, and where that data is located.

Ask custodians about devices, applications, and online accounts that might be tied to data sources, such as mobile and personal devices, and cloud-based storage. Recognize that archives, data backups or obsolete systems may contain important data and come into play when targeted data sources come up short or spoliation of the ESI has occurred.

This is also the time to inquire about data encryption, password controls and to request a data map of an organizations data and network structure. 

Data Collection

Simply reducing the volume of data involved in eDiscovery is a surefire way to significantly lower costs. Use collection tools that filter data by time frame and file type. Cull data for responsive, non-privileged, and non-duplicative documents.

Phased discovery is another cost-saving approach that focuses on the most relevant data first and could decrease or eliminate the need for further discovery. It sweeps data sources to see what results are produced using targeted search terms and is a good means to triage data sources (are these the drones your looking for?)..

Keep in mind, mobile devices may not be the best source of data and may only produce more data to search through, so be selective when requesting devices.

Storage

Once data is collected, it must be stored in a secure repository, so consider the cost benefits of a shared repository.

Data Production

Production specifications ought to be addressed in the ESI Protocol. For added cost savings at this stage, explore rolling production, which starts with a limited production set (usually of the most critical data) and continues in stages.

The benefits of a rolling production include:

·         Early identification of problems with production

·         Timely agreement between parties that production matches the ESI protocol

·         Access to critical data before all production is completed

Data Review

This is the costliest stage of the eDiscovery process with most estimates assigning 70-80% of discovery costs to document review.

The earlier stages of eDiscovery have focused on reducing the volume of data that gets to this stage. To realize additional cost savings, you need a clear and detailed review protocol in place, including a coding template.

Another option is Technology Assisted Review (TAR), which uses predictive coding to reduce costs. The caveat here is that TAR should only be done be someone with both legal and technical knowledge, or jointly with an expert in each discipline.   

 

HIRING AN EXPERT IS GAME CHANGING

It’s expensive to bring an eDiscovery expert into your case and even more expensive if the case requires digital forensics. Nonetheless, it will likely be the difference between winning and losing. Better yet, you can share a neutral third-party expert with opposing counsel as a way to reduce this cost.

eDiscovery and digital forensics are complex fields that require years of training, including persistent continuing education to develop and maintain skills and techniques in the evolving technologies.

Experts have extensive knowledge of the variety of available forensic software applications and when to use them. Because they understand the types of data existing on different devices and can work across the wide range of operating system versions, they can provide invaluable advice during meet and confers and in preparing the ESI protocol.

Depending on the types of ESI being requested, an expert can advise the attorney on the proper data sources and devices to target. Moreover, an expert knows which types of data and approaches will be prudent in searching for answers and finding relevant ESI.

 

In fact, an eDiscovery expert can assist you in every stage of the eDiscovery process, which can bring down the overall discovery expense while you focus on the legal strategy.

October 9, 2019 by

The ESI SmackDown

When Electronically Stored Information Reveals You’re a Horrible Human Being or a Halfwit

When my son was eight- and nine-years-old, our Friday nights were spent eating pizza and watching WWE SmackDown. By the grace of God, it was a relatively short-lived period for him and not a life’s calling.

Yet, for all the exaggerated theatrics and “Hero v. Villain” grudge matches, professional wrestling pales in comparison to the astounding performances that play out in some court cases – the one’s where you ask, “What were they thinking?!”

The following three examples are cases where electronically stored information (ESI) was used as evidence. These are simplified recounts and I’ve focused on the details of each case that describe the baffling conduct of the party that fell victim to the “ESI SmackDown.”

Now entering the ring…

Breach of Contract case: ComLab Corp. v. Kal Tire

In this case, ComLab claimed to have entered into an intranet service contract with Kal Tire.

As evidence, ComLab produced 20 printed invoices. However, Kal Tire denied ever entering into an agreement with ComLab or receiving any services from them. Kal Tire did acknowledge receipt of four invoices from ComLab, leaving 16 “Contested Invoices.”

Doubting the authenticity of the Contested Invoices, Kal Tire requested to receive the invoices in their digital native format. In response, ComLab produced 13 paper hard copies of the emails it used to send the invoices (essentially printouts, not the digital originals).

Why hard copies? Well, the original emails were destroyed when the computer they were stored on was wiped after allegedly becoming infected with a virus. Luckily, ComLab’s president had the good judgement to save the emails as PDFs before they were gone for good.

Kal Tire’s expert witness testified that the metadata from several of the invoices attached to the e-mails contained “Last modified” dates and times that followed their “Date last saved,” suggesting something shady was going on.

The Court determined ComLab “fabricated and spoliated evidence” and “that these acts were egregious, intentiona, and outrageous.” Ouch!

ComLab’s case was dismissed with prejudice and the company was ordered to pay all of Kal Tire’s fees and costs, which came to $313,138.67.

***

Next up…

Breach of Contract, Trade Secret Misappropriation and Unfair Competition: OmniGen Research v. Wang

In February 2016, OmniGen sued its former employee Dr. Yongqiang Wang, as well as his wife Ms. Yan Zheng and their company, Bioshen. OmniGen alleged that while still in its employ, Wang stole trade secrets and used them to secretly create two rival businesses.

Earlier in July 2015, OmniGen sent a cease-and-desist letter to Wang claiming breach of contract and misappropriation of trade secrets. OmniGen also demanded that Wang make available to them all electronically stored information contained on his devices and the Court agreed.

 Instead, he travelled to China without producing his laptop, as required, to present at a scientific conference sponsored by Bioshen, Mirigen (Wang’s other company) and others.

At the conference, Wang presented from an existing (and copyrighted) OmniGen slide deck on feed additive research, though he altered the slides to replace OmniGen’s logo with Mirigen’s. It would have been a clever deception, except Wang got sloppy and gave an electronic version of the slides to the conference organizers and attendees, which revealed OmniGen’s confidential notes that were not visible in the projected slides.

While Wang was in China, another hearing was held and the Court ordered him to make a copy of the contents of his computer and mail it to his counsel. He was also ordered to make available any computer and portable storage data within seven days.

When OmniGen finally received Wang’s laptop data and had it inspected, the expert discovered more than 4,000 files had been deleted. Likewise, emails were deleted on the iPad used by Wang’s wife.

Zheng’s iPad was carelessly left in airplane mode when delivered to OmniGen, with her downloaded Yahoo emails still visible. Attachments in download emails can only be opened with an internet connection, which then removes the emails. In one email from Zheng to Wang, the attachment was inconspicuously named “feed additive.docx.”

In his defense, Wang claimed that the deleted files were not relevant to the case. What’s more, he shamelessly asserted he was tricked by OmniGen into signing a much more restrictive employee agreement than what he initially reviewed. Wang’s proof was a version of the original agreement he saved to a thumb drive before deleting this significant document from his laptop.

You already know what comes next. The metadata for the “old” agreement on the thumb drive reveals it was modified after litigation started. What’s more, the alleged original agreement on the thumb drive was generated in the newer .docx Word format, where the agreement Wang signed in July 2009 was in the older .doc format.

The judge granted OmniGen’s Motion for Terminating Spoliation Sanctions and a default judgement was entered in favor of OmniGen. OmniGen was awarded $3.85 million.

***

And, last up…

Title VII Gender Discrimination and State Law Claims: Lee v. Trees, Inc.

In this last case, Lee sued her employer, Trees, as well as her supervisor and former suitor, Sims, after she was terminated from her job as a flagger.

Lee claimed she wanted to end her romance with Sims in June 2013, but was forced to continue in the relationship, on threats of losing her job (as a flagger, mind you). After four months of this alleged harassment, Lee ended the relationship for good and was terminated ten days later.

Lee filed two administrative complaints with the Bureau of Labor and Industries (BOLI) and the U.S. Equal Employment Opportunity Commission in December 2013 and March 2014 alleging sexual harassment by Sims and several other co-workers, a hostile work environment, and retaliation. She also claimed to have text messages to and from Sims as evidence that she “asked [Sims] to stop the relationship” and was fired for doing so.

Lee sent printouts of her text messages to her attorney, who forwarded them to BOLI, who issued Notices of Substantial Evidence Determinations and right to sue letters.

When Trees requested the text messages in their digital native format, Lee gave them the same printouts that were forwarded to BOLI. On a second request, Lee produced only one cell phone of the “three or four” or “maybe five” she had while employed by Trees. (Seriously, FIVE?! Who does that?).

When Trees’ forensic examiner inspected Lee’s phone, he found that many of texts from the printouts were fabricated, but at least 44 of the messages on the printouts really did exist. Trouble is, they were in the phone’s “unsent” folder and were time-stamped a year after the alleged harassing.

While Lee denied fabricating the texts, the judge was unconvinced, stating, “Lee carefully and intentionally manipulated and interspersed Sims’s actual text messages with strategically crafted false text messages to lend support for her claims. She also failed to preserve her phones and withheld the native, electronic versions of the text messages, in all likelihood to conceal her wrongdoing.”

Trees’ motion for terminating sanctions was granted and Lee’s claims were dismissed with prejudice.

***

Electronically stored information can serve to exonerate or demonstrate guilt. These were just three of many cases where the introduction of ESI as evidence exposed wrongdoing. But, ESI can also uncover character.

Circling back to the subtitle of this post, what do you think motivated the bad behavior in these cases? Are the ESI SmackDown victims morally bankrupt or just lacking common sense? Perhaps its some combination of both, with some arrogance and delusion thrown in mix.

September 6, 2019 by

Cyber Insurance is Better Than You Think Part 2

In Part 1, we addressed some of the negative perceptions that exist for cyber insurance, the need for a standalone cyber policy and the difficulty carriers have in pricing premiums. In Part 2, we will explore the premium pricing practices and what to look for in a cyber policy.

How Do Carriers Price Premiums?

According to Founder Shield, underwriters use the following information to price cyber insurance premiums.

  • Systems vulnerabilities
  • Security training protocols
  • Loss history
  • Types of data collected and stored

An Advisen whitepaper from 2014 indicates that cyber policy underwriters are also interested in the amount of data a company retains, where data is stored (company server or cloud), and vendor management controls. But, there is no mention of loss history or security training.

 

In 2016, Jeremiah Grossman, Chief of Security Strategy at SentinelOne said to ITSPmagazine that premiums were based on only two factors – the company’s industry and the number of records it’s stored. In 2017, he added revenue to the equation in an article with Insurance Business.

 

What’s more interesting is a study done by researchers at RAND. They reviewed policies on file with the insurance commissions in three states (CA, NY, and PA) between 2007 and 2017 to identify how carriers are assessing and pricing cyber risk. The researcher’s analysis revealed five pricing determinants.

 

1.      Outside advice or loss data from industry, academic, and government reports;

2.      Competitor’s pricing;

3.      The experience and knowledge of the company’s underwriters;

4.      Pricing from other insurance lines; and

5.      Guesswork.

 

“From our analysis, the first and most important firm characteristic used to compute insurance premiums was the firm’s asset value (or revenue) base rate, rather than specific technology or governance controls.”

 

Wait…what?! Cyber insurers don’t care about cyber resilience or best practices?

 

To be fair, most policies analyzed in the RAND study required self-assessment questionnaires that asked for varying levels of detail related to a company’s security posture. However, questions were mostly focused on data type and volume and not on the security infrastructure.

To address the need for more sophisticated cyber risk assessments, insurers are increasingly turning to technology companies to provide analytics to develop coverage and pricing models. These companies are usually referred to as AppSec or InsurTech providers.

According to The World Insurance Report 2019, over 50% of insurers interviewed indicated partnerships with InsurTech firms or other risk analytics companies. By providing machine learning, aritificial intelligence-based products or advanced analytics, these companies enable underwriters to price risk on limited data.

What to Look For in a Cyber Policy

Before you start to evaluate cyber policies, be sure to select a broker and/or carrier that solely focuses on cyber insurance. Most companies look to buy insurance based on a budget rather than their actual risk exposure. A cyber-experienced broker can guide you to the appropriate coverage specific to your business.

 

So, what factors are important to consider when reviewing a cyber insurance policy?

 

First, all policies list losses that are covered and those that are not. The RAND study compiled lists of the 10 most covered losses and the top 10 exclusions.

 

Most common covered losses

Source: Content analysis of cyber insurance policies: how do carriers price cyber risk? By Sasha Romanosky, Lillian Ablon, Andreas Kuehn, Therese Jones, Journal of Cybersecurity, Volume 5, Issue 1, 2019, tyz002, https://doi.org/10.1093/cybsec/tyz002

Most common exclusions

Source: Content analysis of cyber insurance policies: how do carriers price cyber risk? By Sasha Romanosky, Lillian Ablon, Andreas Kuehn, Therese Jones, Journal of Cybersecurity, Volume 5, Issue 1, 2019, tyz002, https://doi.org/10.1093/cybsec/tyz002

Next, don’t assume the common policy exclusions listed above are written in stone. Most exclusions can be negotiated.

 

·         Be careful if you see a War and Terrorism Exclusion clause since 23% of cyber attacks are committed by nation states, according to Verizon.

·         Look for indirect cost coverage, such as potential bankruptcy costs when a cyber attack compromises Intellectual Property.

·         Investigate coverage for claims against you for breaches caused by you or your vendors on an outside network. As such, require cyber insurance for your vendors.

·         Expect the policy to include Full Prior Acts coverage, which will cover any event that occurred in the past. This is vital considering many cyber events occur long before they are discovered.

·         Be sure cybercrime events that utilize social engineering are covered. This includes Funds Transfer Fraud, Corporate Identity Theft and Phishing. According to the Willis Towers Watson 2017-2018 Reported Cyber Claims Index, the human element continues to be the leading cause of cyber loss, representing 61% of claims.

·         Examine coverage for cyber-related property damage. Most cyber policies want to exclude it as a redundant coverage with General Liability policies. However, many General Liability policies exclude damage related to cyber event.

 

Take note of when coverage is triggered. For example, under the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), which goes into effect in January 2020, privacy violations can occur in the absence of a breach. This wording is not likely in your policy.

 

Lastly, companies who can demonstrate a comprehensive cybersecurity plan with proven levels of security and internal controls receive better premium pricing. A cybersecurity services firm can prepare you by assessing your security infrastructure and making recommendations to lower your risk of a cyber event. They also can help with developing incident response plans and documenting security best practices.

 

The time to buy cyber insurance is now! Given the industry’s growth and profitablity, new carriers are entering the market and pressuring premium pricing. In fact, analysis of cyber incidents relative to their cyber premiums conducted by AIR indicates, “it’s likely that premiums being charged in the market are less than adequate to fully cover all sources of insured loss.”

 

 

 

July 24, 2019 by

Cyber Insurance is Better Than You Think Part 1

“I could tolerate any insurance seminar. For days, I could sit there and listen to them go on and on with a big smile on my face. They’d say, ‘How can you stand it?’ And I’d say, ‘Because I’ve been with Del Griffith. I can take anything!’” ~Steve Martin as Neal Page in Plains, Trains and Automobiles 

That’s one of the many memorable moments from one of my all-time favorite movies, “Planes, Trains and Automobiles.” While the scene is both funny and poignant as the camera moves back-and-forth from a ranting Neal (Steve Martin) to a crestfallen Del (John Candy), it also illustrates the pessimism we tend to associate with insurance. Not only is the subject matter tedious, but we’ve all either experienced first-hand or heard stories about insurance companies managing to pay out as little as possible – if at all – on a claim due to obscure or ambiguous exclusionary language in the policy.

Despite being a relative newcomer* to the industry, cybersecurity insurance is getting the same bad rap. High-profile pay out denials, such as Zurich’s refusal to cover the losses Mondelez suffered from 2017’s NotPetya ransomware attack (currently in litigation), have helped to support this negative view. In fact, a recent CPO Magazine article suggested that many cyber policies are “worthless.”

However, cyber policies pay claims at rates comparable to other types of insurance. But, it’s the big-dollar cyber claim disputes that get attention and skew perceptions. Many are the result of poorly negotiated policies, or even more to be claims that are filed against a non-cyber policy, such as claim against a general liability policy.

The financial fallout from a cyber event can be staggering, so relying on a non-cyber policy to cover losses related to a cyber-attack is perilous at best as these policies don’t address specific cyber-related losses. What’s more, loss exposure is hard enough to quantify in a cyber policy, because in the end many factors will be weighed regarding the company, the type of attack, the motivation for the attack, and the value of data and information.

Even historical cyber-attack data will factor in loss valuations that are all over the board (see Notes). The wide disparity in these loss calculations is attributable to the absence of a standard for assessing risk among insurers. Further, cyber-insurance models aren’t consistent across carriers and rely on limited actuarial data that has been insufficient for accurate premium pricing. This lack of transparency is another blemish for cyber insurers, which makes it difficult for companies to compare coverages and inherently exposes carriers to extreme losses and systemic risks that is nearly impossible to predict.

Fortunately, the industry is evolving. As more data is collected, insurers are discovering trends and learning what coverages are needed. Underwriters are going onsite to inspect a company’s infrastructure and network, as well as their security protocols to develop a risk profile from which a premium can be determined. While premium pricing challenges lessen for carriers, most companies remain unqualified to assess their own security posture and are not aware of the factors that impact premium pricing. Before contacting a cyber insurance company, it would be wise to engage a cybersecurity expert to perform a cyber risk assessment. The expert will identify threats and vulnerabilities and make detailed recommendations for improving the company’s cyber risk profile.

Insurance carriers award cheaper premiums to companies with the appropriate cyber tools in place, written plans for incident response and disaster recovery, least privilege policies and encrypting sensitive data, among other things.

But, don’t wait for a cyber incident to happen before exploring cyber insurance. That loss event, even if it’s small, already means a higher premium.

*Cybersecurity insurance has been around for about 20 years. Initially, it was mostly used by large companies in technology, financial services, and health care and only provided third-party coverage.

Notes:

The 2019 Hiscox Cyber Readiness Report indicates the average cyber incident loss over a 12-month period is $369,000 with large companies averaging $395,000 and small companies at $9,000 (globally). The per incident average is $34,000.

A survey by Kapersky’s Lab conducted with over 6,000 employees around the world from March 2017 to February 2018 found the average cost of a cyber incident was $1.23 million. The average for small and medium businesses (SMBs) was $120,000. In North America, the average cost of a data breach was $1.6M with SMBs averaging $149K.

With regard to data breaches, the 2018 Cost of a Data Breach Study by the Ponemon Institute, indicates that the average total cost of a breach in the United States is just shy of $9 million with an average cost per lost or stolen record of $233. Globally, the average total cost is $3.86 million and $148 per record.

July 17, 2019 by

Impact of Fake Messaging Applications on eDiscovery

By: Dave Proulx, Director Digital Forensics & Training, Traversed LLC

Technology today has made it unbelievably easy to create what appear to be real text messages between two parties through the use of fake text messaging applications and spoofing services.  And if you are relying on printed screenshots to “authenticate” those text conversations, you are doing a disservice to your client and your case because those screenshots can be faked just as easily.  You don’t have to be a computer whiz to find these applications, they are available to anyone capable of conducting a basic internet search or cruising smart phone marketplaces.

In my experience I’ve seen three common ways a person can produce fake text messages and conversations ranging from the most basic approaches and progressing to more advanced methods. The first and easiest to detect is when the actual text message conversation is photoshopped from a screen capture.  This is a rudimentary way to fake messages and is not difficult to detect. 

With advances in technology and the plethora of applications available to consumers, in recent years I’ve seen cases where a fake text screenshot application is used.  While these applications were initially created and marketed for novelty purposes, there are dozens of applications out there today that allow a user to create fake screen captures of fake messages.  They even take it one step further and come equipped with advanced formatting options to ensure the messages match the formatting of popular applications such as Facebook Messenger, Instagram,  and What’s App. The applications I’ve come across allow customization of the provider tags for ATT, Verizon, T-Mobile, battery and signal strength bars, and contact names to match real messages as they display on the phone.  

The last and most advanced method uses text message spoofing services.  These have been gaining in popularity and through the course of my work I’ve encountered spoofing applications which are highly complex and may even fool an unseasoned forensic examiner. One of the more sophisticated applications I’ve come across and use as an example during classes I teach, actually ingests fake messages in line with real messages. These messages are ingested into the phone’s message database by temporarily using a spoofing service.  The user enters the recipient phone number and the message they wish to send, and it will appear to have come from whatever number or contact they choose. 

During my time as a digital forensic investigator I’ve seen all three methods used to fake text messages and while authenticating the text message communication is the ultimate goal, there are additional steps a forensic examiner will take first to ensure the data is preserved in a forensically sound manner and will help to further validate any findings.  A digital image or copy of the phone will be made and all forensics will be conducted on the image; preserving the information and ensuring none of the data on the phone is disturbed or changed.  A forensic examiner will be able to verify text messages sent and/or received and substantiate these findings through multiple datasets found within the phone. If and when one of these fake messages are discovered, it may provide the forensic examiner the additional evidence needed to support a case of spoliation.

Many cases can move slowly or involve years’ worth of communication where evidence production could prove problematic due to sheer volume and/or accidental or deliberate loss of data.   In these situations, a forensic examiner’s expertise and tools will not only authenticate the data but facilitate the production of evidence that may not have been possible before.

 

With today’s technology, in order to truly authenticate a text message was sent from one phone to another you may need the actual device, a backup of the device, phone records but certainly an experienced digital forensic examiner.  Don’t put your case at risk, consult with a digital forensic expert at Traversed today. 

June 3, 2019 by

Apple Digital Forensic Experience Paves Way for Partnership

Here at Traversed, we are excited about our new partnership with BlackBag Technologies.  This new collaboration will enable both companies to address the growing challenges faced by digital forensic examiners in our ever-changing, technology-focused world.  We are confident that BlackBag Technologies’s innovative forensic acquisition and analysis tools, for Windows and Mac based computers, as well as iOS and Android mobile devices, will complement the work we do here at Traversed with digital forensics in the preservation, analysis and production of electronic data.

 

For over a decade, Traversed’s digital forensic experts have been utilizing BlackBag’s suite of tools and performing Apple Macintosh-based forensics.  While Apple forensics poses a number of unique challenges, Traversed is well equipped and able to provide the same level of expertise BlackBag has historically provided commercial customers.  Our experts have worked directly with BlackBag on cases involving encrypted devices, iCloud backups, as well as investigations that go beyond Apple forensics, working on both Windows and Android devices, to collect critical evidence in a forensically sound manner. Our eDiscovery and forensic investigations have aided in cases such as: intellectual property theft, corporate investigations, business disputes, family law matters, and spoliation of ESI. Our work has played a key role in not only uncovering digital truths, but directly impacting settlement agreements, loss valuations and monetary judgements.

 

Fostering this long relationship with BlackBag Technologies enables us to address hurdles in today’s technology including APFS, FileVault2 and the T2 chip encryption technologies.  Our years of experience and expertise in digital forensics coupled with BlackBag’s suite of tools will allow us to provide clients the best possible solutions to often complex matters.

 

Contact Traversed today to learn more or speak with one of our forensic and eDiscovery experts!

May 15, 2019 by

Traversed Announces Partnership with BlackBag Technologies

Traversed LLC has announced a new services partnership with BlackBag Technologies effective immediately. The partnership will enable both BlackBag and Traversed to address growing challenges faced by examiners in the digital forensics field.

 

Under this new partnership, BlackBag and Traversed will work together to provide examiners and investigators access to forensic services that can assist with unique cases and circumstances that require additional expertise. 

 

“I was originally introduced to BlackBag Technologies during my time as a law enforcement officer,” explained Dave Proulx, Director of Digital Forensic Services at Traversed.  “Our lab performed countless digital forensic examinations utilizing BlackBag’s suite of software tools that were instrumental during the course of an investigation.  After making the decision to leave law enforcement, I knew I would maintain the partnership I cultivated with BlackBag and take it with me to wherever I landed next, and I couldn’t have found a better home with Traversed.”

 

“Specializing in cyber training, digital forensics, private investigations, and the preservation, analysis, and production of electronic data, Traversed is looking forward to this new level of collaboration with BlackBag Technologies and what we can bring to the private sector together,” said Proulx.

 

BlackBag will work with customers to identify when cases can benefit from Traversed’s team of experts. Specialists who are formally trained and certified in computer, cell phone, and mobile forensics and advanced specialties such as vehicle infotainment and telematics, cloud system and Drone UAV (unmanned aerial vehicle) forensics will be brought in to help investigate.

 

“We’re excited to have a partner with the technical investigative capabilities Dave Proulx and the Traversed, LLC team possess,” BlackBag’s Chief Customer Officer, Ben Charnota explained.

 

“Having worked with Dave previously, I know firsthand how he’s embraced BlackBag’s mission with his extensive Law Enforcement career and has brought that knowledge and experience to Traversed”, Charnota said. “The digital investigation abilities of Dave and his team will enable a level of expertise not often found in a private service offering.  We’re looking forward to our partnership’s growth and revealing the truth in data to create a safer world.”

 

About BlackBag Technologies:

 

BlackBag® Technologies offers innovative forensic acquisition and analysis tools for both Windows and Mac OS X based computers, as well as iOS and Android mobile devices. Its forensic software is used by hundreds of federal, state, and local law enforcement agencies around the world, as well as by leading corporations and consultants, to investigate all types of digital evidence associated with both criminal, civil and internal investigations. BlackBag® Technologies also develops and delivers expert forensics training and certification programs, designed for both novice and experienced forensics professionals. To learn more, visit www.blackbagtech.com.

 

About Traversed, LLC:

 

Traversed specializes in digital forensics, incident response, and the preservation, analysis, and production of electronic data in matters involving civil litigation, regulatory matters, and corporate investigations. Traversed provides objective and comprehensive answers based upon expert analysis of electronic data while addressing challenges with simple solutions using the latest acquisition, search and forensic technologies. Learn more at www.Traversed.com .

 

To request services from BlackBag and Traversed, visit http://offers.blackbagtech.com/traversed.

 

 

May 2, 2019 by

6950 Columbia Gateway Dr., Suite 450A • Columbia, MD 21046 • phone: 443-832-4133 • fax: 410-290-0234

© Copyright - Traversed