Jump to content

Ransomware and Cyber Security Policies


Recommended Posts

https://www.theguardian.com/technology/2021/jun/14/ransomware-is-biggest-online-threat-to-people-in-uk-spy-agency-chief-to-warn

 

I recommending reading the full article but what might be on the horizon:
 

Quote

Cameron also called for insurance companies to stop paying out ransoms – currently legal because hackers are rarely members of banned terrorist groups - ...

 

Edited by GremlinIT
  • Like 1
Link to comment

Had a fun chat with OGI about Open Attach and Ransomware ...

 

Currently, OA uses SYSTEM to modify and create folders and files. However, it uses the User's permissions to read and open files.

 

This means that I can help prevent ransomware from encrypting the data but not prevent it from exfiltrating the client documents.

 

They decided that getting someone to finish the other half of the job was a bespoke contract. Told them we can wait, far more likely another broker is affected and kicks up a storm that affects OGI rather than us.

Link to comment

Tbf - I’d be interested in comparing how the competition / alternative OGI solution aka Virtual Cabinet, manages the same situation. That’s the real benchmark / leverage. 
 

If cyber is a concern - or a requirement of your BI - I’d suggest taking a serious look at those security functions in both. Then make your choice. 
 

#whosheadisontheblock

 

Link to comment
17 hours ago, Mark Sollis said:

If cyber is a concern - or a requirement of your BI - I’d suggest taking a serious look at those security functions in both. Then make your choice. 

 

Sorry - the above was a more generic prompt for ALL brokers - particularly those who need to review their risk appetite - not aimed at you guys per-se :blink:

 

17 hours ago, Mark Sollis said:

#whosheadisontheblock

 

Ditto for this - and to make sure everyone is aware they can't blame or claim from, their supplier for their own inadequate security analysis and prevention

 

I feel your pain with the horses - but at least you found the water - that's half the battle ;)

 

Link to comment
  • Mark Sollis featured, unfeatured, featured and unfeatured this topic
On 18/06/2021 at 17:07, Mark Sollis said:

 

Makes no difference if they're not thirsty :o

Oh, they are. They only want the yellow liquid someone else is giving them because they were convinced, somehow, that it is lemonade. 😼

  • Like 1
Link to comment
  • 3 weeks later...

Latest response from OGI:

Quote

I did discuss this with engineering and we are not sure with what they are asking whether it's even achievable with the software. But if it is Engineering advised it would be chargeable. I discussed this with [hardware technician's name redacted]. 

 

My response:

Quote

This needs to go to development. OA simply needs to change its Read & Execute permissions from Windows Authenticated User to SYSTEM the same as it already does for Write and Modify permissions.

 

I don't know why development did half a job of it in the first place and that getting this on their enhancement wishlist is such an uphill battle.

Anyone else want to log a similar request and join the chorus? :D 

  • Like 1
Link to comment
On 09/07/2021 at 10:59, Mark Sollis said:

Not 24 hrs before your post! A despairing mini-rant criticising the very response you received. Feel free to add a real life instance on there - Typical Standard Response Warning 

I don't use Linked In. Good post.

My colleague had that all the time, would ask OGI support, "How do I do this?" and would receive the answer, "It can't be done." A week later they would go back to OGI with, "This is how you do it."

 

Now they don't even bother to log tickets with OGI. If OGI cared and had enough staff to put more time into working these things out with my colleague, then they would have an over all better product and better service.

  • Like 1
Link to comment
  • 2 weeks later...

I was discussing measures to guard against ransomware with an OGI support member. 

Hosts of virtual machines are not safe.

 

They had a client a few weeks ago, where the ransomware managed to get into the hosts (plural) and it destroyed the vhdx files (what a virtual machine is stored in). In a lot of instances, with limited access, more ports closed on the host and so forth, you would be inclined to believe that they are safe and only the virtual, more "public access" machines would be affected to different degrees.

 

I am now looking into making a Linux host, so that backup snapshots of a virtual machine will be safe and can easily be fired up for emergency cases.

Link to comment
  • 3 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Posts

    • So #BIBA for Real is back! Anyone else going?    Handy Tip - "Speak to more people you don't know, than those you do know"   You can thank me later - with flowers 🌻 💖
    • "Warning re Sanctions Checks on #OpenGI"   This post is now available in the Public area of the Forum for review and comment 
    • Great to meet back up with the Open GI User Group Committee after soooooo many sessions on remote links   Breaking bread face to face is much more pleasant than a cup-of-soup in between video chats    Exciting times ahead for members and lot's of new stuff coming from Open GI
    • So - what is the point of this ..   Don't tell me even if you say "Yes" - it's actually being ignored?   Why would anyone restrict Sanctions Checks to specific Client / types - let alone specific Capture Page Layouts - SURELY a Yes/No per Client / Contact - and the existing global parameters - covers all the bases. Oh and where in the manual did it not explain this?   Either way - the Yes/No below is at best misleading for operators and at worst - a breach for the business!! Who's picking up that cost ...  
    • So, we find ourselves in modern day unprecedented time.  Governments around the world are applying strict sanctions against Russian companies and individuals and it's being made very clear that action will be taken if those sactions are ignored.   For most of us, this will not be an issue but what if you do have a sanctioned individual or company?  Are you checking?  Are you relying on Open GI Sanctions checking?   First of all, have you got Broker and Prospect Amendment completed under sanctions checking to review Commercial Risks?  Using the Level 1 Contacts on a Commercial master frame will also Sanction check whoever or whatever you put in for review.     However, what about your personal lines clients?  The client level is checked sure, but what about the contacts you've added??  Well, if you're not aware, be aware.  They don't get checked.  So, if you've corrected added a contact for a joint policyholder on a Home policy for example, just hope you've either got them insured in their own right somewhere or that they are not called Abramovich!     The point of Sanctions checking is that you have a record of the checks, in the event of something being highlighted.  Open GI have gone to the trouble of making this work for the Commercial risks but not Personal Lines.   However, your User Group Committee have raised this issue and will continue to apply pressure until something is done.
×
×
  • Create New...