Ferdinand
SpecialistForum Replies Created
-
Ferdinand
MemberJuly, 2024 at 1:58 pm in reply to: New cyber threats and how to inform your clientsHi everybody and sorry for my late reply. I was on business trip and my signal wasn´t sufficient.
From a carrier perspective it is very interesting to read the other posts regarding this topic. Of course, my feedback on this is not an official statement of my company, but it represents kind of our approach.
I would like to split threats in two parts:
1. critical failures in IT which can result in an cyber incident
We decided to not share each and every information about weakness in IT systems. We developed an process to rate critical weaknesses we become aware of. For example the CVSS rating must be 9 or 10. Furthermore we do only inform our costumers, if there is a hotfix available or any other mitigation action required. We want to avoid the situation, that the clients receive alerts from us without any benefit. That would lead to make them not reading our emails next time. We also don´t send alerts, if there have been official warnings by official institutions like BSI in Germany or NIST.
2. Threats to be considered in daily work
Our local underwriters are assessing and discussing the risk in detail. Based on that the coverage is designed. Our Risk assessment process is updated regulary by our dedicated risk engineering department. Ther are splitted to the tech team (technical assessment of the risk) and teh service team. Ther service team develops and offers services to improve the risk maturity of our clients. E.g. awareness trainings or implementation of MFA. The offered services are extended regulary if a new cyber thread is recognized.
As I´m not a native english speaker I hope the above comments make sense for you and maybe provide some ideas to adept.
I thomh the benefit of posting recent threats or weaknesses in the community makes only sense, if the information inclused also additional information. Like “why is it” or “how to avoid” or “how to close the gap”. Just sharing that there is a weakness or gap is no benefit im my eyes, because you have a huge overload of this information on hundreds of newsletters …
Kind regards to everyone
Ferdinand