Thursday, September 08, 2022

If I have a million dollars of ransomware insurance, am I a bigger target than someone with no insurance?

https://www.cpomagazine.com/cyber-security/cyber-insurance-gap-growing-as-80-of-business-coverage-below-median-ransomware-payment-demand/

Cyber Insurance Gap” Growing as 80% Of Business Coverage Below Median Ransomware Payment Demand

Cyber insurance cost and terms has been an issue for businesses of all types since 2021, when the soaring cost of ransomware payments and remediation caused insurance firms to re-evaluate their options. A new study from BlackBerry and Corvus Insurance finds that this new landscape is causing a chronic shortage of cyber coverage for businesses.

The survey included 450 IT and cybersecurity decision makers at firms located in the US and Canada. Organizations in this part of the world now face an average ransomware payment in the millions of dollars, and the median cost of investigation and recovery is $2.4 million.

However, only 55% of the organizations surveyed are carrying any cyber insurance at all. And of those that are insured, just under 20% have more than $600,000 in coverage; not enough to meet the usual ransomware payment, let alone the potential cleanup costs.





Not unexpected. Volume, gathering location, using systems, and hundreds of other factors influence gathering and storage. (Now find the erroneous data…)

https://www.bespacific.com/facebook-engineers-we-have-no-idea-where-we-keep-all-your-personal-data/

Facebook Engineers: We Have No Idea Where We Keep All Your Personal Data

Intercept: “In March, two veteran Facebook engineers found themselves grilled about the company’s sprawling data collection operations in a hearing for the ongoing lawsuit over the mishandling of private user information stemming from the Cambridge Analytica scandal. The hearing, a transcript of which was recently unsealed (PDF), was aimed at resolving one crucial issue: What information, precisely, does Facebook store about us, and where is it? The engineers’ response will come as little relief to those concerned with the company’s stewardship of billions of digitized lives: They don’t know. The admissions occurred during a hearing with special master Daniel Garrie, a court-appointed subject-matter expert tasked with resolving a disclosure impasse. Garrie was attempting to get the company to provide an exhaustive, definitive accounting of where personal data might be stored in some 55 Facebook subsystems. Both veteran Facebook engineers, with according to LinkedIn two decades of experience between them, struggled to even venture what may be stored in Facebook’s subsystems. “I’m just trying to understand at the most basic level from this list what we’re looking at,” Garrie asked. “I don’t believe there’s a single person that exists who could answer that question,” replied Eugene Zarashaw, a Facebook engineering director. “It would take a significant team effort to even be able to answer that question.” When asked about how Facebook might track down every bit of data associated with a given user account, Zarashaw was stumped again: “It would take multiple teams on the ad side to track down exactly the — where the data flows. I would be surprised if there’s even a single person that can answer that narrow question conclusively.”…





Late, but not too late to start thinking about this.

https://www.cio.com/article/405620/measuring-the-business-impact-of-ai.html

Measuring the business impact of AI

Artificial intelligence is in transition, both as a technology and in how it’s being used. Companies are increasingly bringing AI pilots out of the test labs and deploying them at scale, and some are seeing significant benefits as a result. Regardless of any uncertainty surrounding AI, ignoring its potential poses the risk that companies doing business the old way will go under.

For many organizations, however, deriving value from AI may be elusive. Their models might not be tuned. Their training data sets might not be big enough. Customers may be leery. There are also concerns about bias, ethics, and transparency. Pushing an AI initiative into production before it’s ready, or expanding an AI strategy beyond an initial phase before properly vetting its results can cost a company money, or worse, send it in a direction detrimental to the business.





Is any of this really new?

https://www.zdnet.com/article/20-it-trends-that-cios-must-be-aware-of/

20 IT trends that CIOs must be aware of and plan against

A survey of over 1,000 IT senior leaders shows that businesses are reevaluating their IT operating model and doubling down on automation as a result of the resignations across the IT function and widening skills gaps.





What’s in a name?”

https://dilbert.com/strip/2022-09-08



No comments: