Author: Roger Grimes

Comment on Lloyds Of London Ends Insurance Coverage For State Cyber Attacks, Expert Weighs In by Roger Grimes

My best guess is that Lloyds doesn’t want to be held accountable for very large ransomware/wiperware/malware attacks like NotPetya, which targeted Ukraine in 2017. It causes hundreds of millions to billions of dollars in damages. Just one of these events can bankrupt even the largest of insurance companies if they get caught with too much risk. NotPetya threatened the entire of system of insurance and reinsurance, so I understand the concern and wanting to limit risk. Still, it’s tough to prove what is and isn’t “nation-state” in the cybersecurity world. We do have a fairly good understanding of various nation-state groups in the loose sense that we are fairly confident that it is either nation-state led or intentionally tolerated, or even encouraged. But proving that in a court of law is going to be far more difficult. Unless you can directly trace something, using solid forensic evidence that ties an attack to a known IP address tied to a confirmed nation-state program, I’m not sure how you prove or disprove in a court of law. I don’t think it’s enough to say that we “think” or are pretty sure it’s a nation-state led attack. I can just see attorneys salivating to start arguing one way or another about this point.

Comment on Cyberattack Blocks Albania’s Public Online Services by Roger Grimes

“History has shown over and over that country governments are not immune to cyberattacks. And it’s not like Albania is likely to be unusual in their cybersecurity posture.Whatever holes were used to gain access and disrupt Albania are likely widely present throughout the world. The world in general does not do the basic things (e.g., fight social engineering, patch vulnerabilities, etc.) with the correct amount of focus. It is the inability for most of the world to correctly, appropriately, focus resources on the most common ways we are attacked that allows hackers and malware to be so successful.For most businesses and countries to fall all it takes is some hacker somewhere deciding to focus on exploit holes which have likely been there for months to years. That’s the sad state of things today. Albania isn’t the first country to fall and they will not be the last.”