Cyber Insurance is Better Than You Think Part 1

“I could tolerate any insurance seminar. For days, I could sit there and listen to them go on and on with a big smile on my face. They’d say, ‘How can you stand it?’ And I’d say, ‘Because I’ve been with Del Griffith. I can take anything!’” ~Steve Martin as Neal Page in Plains, Trains and Automobiles 

That’s one of the many memorable moments from one of my all-time favorite movies, “Planes, Trains and Automobiles.” While the scene is both funny and poignant as the camera moves back-and-forth from a ranting Neal (Steve Martin) to a crestfallen Del (John Candy), it also illustrates the pessimism we tend to associate with insurance. Not only is the subject matter tedious, but we’ve all either experienced first-hand or heard stories about insurance companies managing to pay out as little as possible – if at all – on a claim due to obscure or ambiguous exclusionary language in the policy.

Despite being a relative newcomer* to the industry, cybersecurity insurance is getting the same bad rap. High-profile pay out denials, such as Zurich’s refusal to cover the losses Mondelez suffered from 2017’s NotPetya ransomware attack (currently in litigation), have helped to support this negative view. In fact, a recent CPO Magazine article suggested that many cyber policies are “worthless.”

However, cyber policies pay claims at rates comparable to other types of insurance. But, it’s the big-dollar cyber claim disputes that get attention and skew perceptions. Many are the result of poorly negotiated policies, or even more to be claims that are filed against a non-cyber policy, such as claim against a general liability policy.

The financial fallout from a cyber event can be staggering, so relying on a non-cyber policy to cover losses related to a cyber-attack is perilous at best as these policies don’t address specific cyber-related losses. What’s more, loss exposure is hard enough to quantify in a cyber policy, because in the end many factors will be weighed regarding the company, the type of attack, the motivation for the attack, and the value of data and information.

Even historical cyber-attack data will factor in loss valuations that are all over the board (see Notes). The wide disparity in these loss calculations is attributable to the absence of a standard for assessing risk among insurers. Further, cyber-insurance models aren’t consistent across carriers and rely on limited actuarial data that has been insufficient for accurate premium pricing. This lack of transparency is another blemish for cyber insurers, which makes it difficult for companies to compare coverages and inherently exposes carriers to extreme losses and systemic risks that is nearly impossible to predict.

Fortunately, the industry is evolving. As more data is collected, insurers are discovering trends and learning what coverages are needed. Underwriters are going onsite to inspect a company’s infrastructure and network, as well as their security protocols to develop a risk profile from which a premium can be determined. While premium pricing challenges lessen for carriers, most companies remain unqualified to assess their own security posture and are not aware of the factors that impact premium pricing. Before contacting a cyber insurance company, it would be wise to engage a cybersecurity expert to perform a cyber risk assessment. The expert will identify threats and vulnerabilities and make detailed recommendations for improving the company’s cyber risk profile.

Insurance carriers award cheaper premiums to companies with the appropriate cyber tools in place, written plans for incident response and disaster recovery, least privilege policies and encrypting sensitive data, among other things.

But, don’t wait for a cyber incident to happen before exploring cyber insurance. That loss event, even if it’s small, already means a higher premium.

*Cybersecurity insurance has been around for about 20 years. Initially, it was mostly used by large companies in technology, financial services, and health care and only provided third-party coverage.

Notes:

The 2019 Hiscox Cyber Readiness Report indicates the average cyber incident loss over a 12-month period is $369,000 with large companies averaging $395,000 and small companies at $9,000 (globally). The per incident average is $34,000.

A survey by Kapersky’s Lab conducted with over 6,000 employees around the world from March 2017 to February 2018 found the average cost of a cyber incident was $1.23 million. The average for small and medium businesses (SMBs) was $120,000. In North America, the average cost of a data breach was $1.6M with SMBs averaging $149K.

With regard to data breaches, the 2018 Cost of a Data Breach Study by the Ponemon Institute, indicates that the average total cost of a breach in the United States is just shy of $9 million with an average cost per lost or stolen record of $233. Globally, the average total cost is $3.86 million and $148 per record.

Impact of Fake Messaging Applications on eDiscovery

By: Dave Proulx, Director Digital Forensics & Training, Traversed LLC

Technology today has made it unbelievably easy to create what appear to be real text messages between two parties through the use of fake text messaging applications and spoofing services.  And if you are relying on printed screenshots to “authenticate” those text conversations, you are doing a disservice to your client and your case because those screenshots can be faked just as easily.  You don’t have to be a computer whiz to find these applications, they are available to anyone capable of conducting a basic internet search or cruising smart phone marketplaces.

In my experience I’ve seen three common ways a person can produce fake text messages and conversations ranging from the most basic approaches and progressing to more advanced methods. The first and easiest to detect is when the actual text message conversation is photoshopped from a screen capture.  This is a rudimentary way to fake messages and is not difficult to detect. 

With advances in technology and the plethora of applications available to consumers, in recent years I’ve seen cases where a fake text screenshot application is used.  While these applications were initially created and marketed for novelty purposes, there are dozens of applications out there today that allow a user to create fake screen captures of fake messages.  They even take it one step further and come equipped with advanced formatting options to ensure the messages match the formatting of popular applications such as Facebook Messenger, Instagram,  and What’s App. The applications I’ve come across allow customization of the provider tags for ATT, Verizon, T-Mobile, battery and signal strength bars, and contact names to match real messages as they display on the phone.  

The last and most advanced method uses text message spoofing services.  These have been gaining in popularity and through the course of my work I’ve encountered spoofing applications which are highly complex and may even fool an unseasoned forensic examiner. One of the more sophisticated applications I’ve come across and use as an example during classes I teach, actually ingests fake messages in line with real messages. These messages are ingested into the phone’s message database by temporarily using a spoofing service.  The user enters the recipient phone number and the message they wish to send, and it will appear to have come from whatever number or contact they choose. 

During my time as a digital forensic investigator I’ve seen all three methods used to fake text messages and while authenticating the text message communication is the ultimate goal, there are additional steps a forensic examiner will take first to ensure the data is preserved in a forensically sound manner and will help to further validate any findings.  A digital image or copy of the phone will be made and all forensics will be conducted on the image; preserving the information and ensuring none of the data on the phone is disturbed or changed.  A forensic examiner will be able to verify text messages sent and/or received and substantiate these findings through multiple datasets found within the phone. If and when one of these fake messages are discovered, it may provide the forensic examiner the additional evidence needed to support a case of spoliation.

Many cases can move slowly or involve years’ worth of communication where evidence production could prove problematic due to sheer volume and/or accidental or deliberate loss of data.   In these situations, a forensic examiner’s expertise and tools will not only authenticate the data but facilitate the production of evidence that may not have been possible before.

 

With today’s technology, in order to truly authenticate a text message was sent from one phone to another you may need the actual device, a backup of the device, phone records but certainly an experienced digital forensic examiner.  Don’t put your case at risk, consult with a digital forensic expert at Traversed today. 

Apple Digital Forensic Experience Paves Way for Partnership

Here at Traversed, we are excited about our new partnership with BlackBag Technologies.  This new collaboration will enable both companies to address the growing challenges faced by digital forensic examiners in our ever-changing, technology-focused world.  We are confident that BlackBag Technologies’s innovative forensic acquisition and analysis tools, for Windows and Mac based computers, as well as iOS and Android mobile devices, will complement the work we do here at Traversed with digital forensics in the preservation, analysis and production of electronic data.

 

For over a decade, Traversed’s digital forensic experts have been utilizing BlackBag’s suite of tools and performing Apple Macintosh-based forensics.  While Apple forensics poses a number of unique challenges, Traversed is well equipped and able to provide the same level of expertise BlackBag has historically provided commercial customers.  Our experts have worked directly with BlackBag on cases involving encrypted devices, iCloud backups, as well as investigations that go beyond Apple forensics, working on both Windows and Android devices, to collect critical evidence in a forensically sound manner. Our eDiscovery and forensic investigations have aided in cases such as: intellectual property theft, corporate investigations, business disputes, family law matters, and spoliation of ESI. Our work has played a key role in not only uncovering digital truths, but directly impacting settlement agreements, loss valuations and monetary judgements.

 

Fostering this long relationship with BlackBag Technologies enables us to address hurdles in today’s technology including APFS, FileVault2 and the T2 chip encryption technologies.  Our years of experience and expertise in digital forensics coupled with BlackBag’s suite of tools will allow us to provide clients the best possible solutions to often complex matters.

 

Contact Traversed today to learn more or speak with one of our forensic and eDiscovery experts!

Traversed Announces Partnership with BlackBag Technologies

Traversed LLC has announced a new services partnership with BlackBag Technologies effective immediately. The partnership will enable both BlackBag and Traversed to address growing challenges faced by examiners in the digital forensics field.

 

Under this new partnership, BlackBag and Traversed will work together to provide examiners and investigators access to forensic services that can assist with unique cases and circumstances that require additional expertise. 

 

“I was originally introduced to BlackBag Technologies during my time as a law enforcement officer,” explained Dave Proulx, Director of Digital Forensic Services at Traversed.  “Our lab performed countless digital forensic examinations utilizing BlackBag’s suite of software tools that were instrumental during the course of an investigation.  After making the decision to leave law enforcement, I knew I would maintain the partnership I cultivated with BlackBag and take it with me to wherever I landed next, and I couldn’t have found a better home with Traversed.”

 

“Specializing in cyber training, digital forensics, private investigations, and the preservation, analysis, and production of electronic data, Traversed is looking forward to this new level of collaboration with BlackBag Technologies and what we can bring to the private sector together,” said Proulx.

 

BlackBag will work with customers to identify when cases can benefit from Traversed’s team of experts. Specialists who are formally trained and certified in computer, cell phone, and mobile forensics and advanced specialties such as vehicle infotainment and telematics, cloud system and Drone UAV (unmanned aerial vehicle) forensics will be brought in to help investigate.

 

“We’re excited to have a partner with the technical investigative capabilities Dave Proulx and the Traversed, LLC team possess,” BlackBag’s Chief Customer Officer, Ben Charnota explained.

 

“Having worked with Dave previously, I know firsthand how he’s embraced BlackBag’s mission with his extensive Law Enforcement career and has brought that knowledge and experience to Traversed”, Charnota said. “The digital investigation abilities of Dave and his team will enable a level of expertise not often found in a private service offering.  We’re looking forward to our partnership’s growth and revealing the truth in data to create a safer world.”

 

About BlackBag Technologies:

 

BlackBag® Technologies offers innovative forensic acquisition and analysis tools for both Windows and Mac OS X based computers, as well as iOS and Android mobile devices. Its forensic software is used by hundreds of federal, state, and local law enforcement agencies around the world, as well as by leading corporations and consultants, to investigate all types of digital evidence associated with both criminal, civil and internal investigations. BlackBag® Technologies also develops and delivers expert forensics training and certification programs, designed for both novice and experienced forensics professionals. To learn more, visit www.blackbagtech.com.

 

About Traversed, LLC:

 

Traversed specializes in digital forensics, incident response, and the preservation, analysis, and production of electronic data in matters involving civil litigation, regulatory matters, and corporate investigations. Traversed provides objective and comprehensive answers based upon expert analysis of electronic data while addressing challenges with simple solutions using the latest acquisition, search and forensic technologies. Learn more at www.Traversed.com .

 

To request services from BlackBag and Traversed, visit http://offers.blackbagtech.com/traversed.

 

 

Introducing the Traversed Team…

Jose A. Faura, Dave Proulx and a drone

 

 Over the past year, Traversed, LLC has been laying the groundwork for a Cyber Solutions company built on integrity and expertise, providing services in digital forensics, eDiscovery, and cyber training.

At the helm of Traversed are Jose A. Faura, our CTO, and Dave Proulx, our Director of Digital Forensics & Training. Together, they have over 40 years of experience training government, military, law enforcement, and providing legal and judicial services.

 Jose has been performing computer forensics and network security for the Intelligence Community for over two decades. He has investigated high-profile cyber security incidents, including a $2 billion credit card fraud case involving TJ Maxx. Jose also developed a program designed to extract emails and text messages which was pivotal in the recovery of emails tied to the White House.

Dave served 20 years in law enforcement, his last nine in Digital Forensics. Beyond his work on the Internet Crimes Against Children Task Force, he served as a vetted instructor for the US State Department’s ATA (Anti-Terrorism Assistance) Cyber Task Force, teaching digital forensics and online investigation to law enforcement throughout the nation, as well as abroad, in Europe, South America, and the Caribbean. An Apple Forensics expert, Dave led the forensic investigation in the Mall in Columbia shooting, and several high-profile crimes against children cases.  

As the demand for cyber and digital forensic services increases, Traversed believes in a professional obligation to share knowledge, experience, and expertise with the next generation of professionals. In addition to offering commercial services, we have built a state-of-the-art training facility, Traversed’s Cyber Learning Center at our Columbia, Maryland headquarters, to further this endeavor. The Cyber Learning Center will host a range of courses, from foundational classes for those getting started in their digital forensic career to advanced courses for those with previous experience in the field.

Furthermore, we are excited to announce our partnership with Spyder Forensics, a leader in digital forensic training. Courses offered in conjunction with Spyder Forensics will equip students with the skills not only to perform computer forensics, but also to identify and extract recoverable data from Unmanned Aircraft Systems (UAS), or Drones. Additionally, Traversed will host Security Onion, SCADA/ICS (Industrial Control Systems) and malware analysis training. 

 

For additional information on commercial services or upcoming courses offered, call us at (443) 832-4133 or visit www.traversed.com