The Expert Podcast

…From time to time there's a really good insight or investigation into a cyber attack or a hack. That gives us as insurers or even as clients. some details on how these attacks happen It can help. You prevent them or even see what kind of coverage you might need So this is an attack that happened. At the beginning of this year about one year ago. And it was a tech company that provided platforms for clients and they had one of their platforms hacked and it provided. Hackers with a lot of information So…to be very. this company. Provided details on how this happened…and it's good for business but also good for…the outside world to see how these attacks take place. So in this case they did a forensic report. And they found that the threat actor the hacker control a single workstation. Used by a support engineer with access to their resources. The control lasted for 25 minutes. On January 21st. And during that limited window of time did the actor access to active customers within the super user application That's key super users have very very, extensive access to systems. What did those go on to say that the threat actor the hacker was unable to perform any configuration changes password resets or customer support impersonation events. The threat actor was unable to authentic to authenticate directly to any Octa accounts. And this is important. Because they had internal controls within this company. That prevented the hacker from getting much farther than they did. So the hacker was able. to get control of somebody's workstation. But because…the company had. Controls and blocks and, best practices within their company. The hacker couldn't get beyond that workstation Basically they poked around a few places but didn't really get into anything sensitive. And this is key This is crucial. Most companies at some point you're going to get a breach You're going to get somebody. As an employee a vendor that will accidentally give access to a hacker. The key is what damage can they do? Right. So if you have…proper internal controls even if somebody gets into your system they can't do a lot of damage. Imagine if this company Okta did not have these controls and the hacker got into all kinds of…sensitive information customer information, vendors clients, and deleted things damaged things. even went farther than that company and went into other platforms. There'll be a lot more liability a lot more damages a lot more expense. So it's unknown whether or not these controls were put in place because Octa had cyber liability insurance and the insurance company required them, or they just put them in place because of best practices, either way it solves some problems but they, they took it a step further They talked about lessons learned…We recognize how vital it is to take steps to rebuild trust conclusions from the. forensic audit do not less than our determination to take actions. Committed to taking these actions Third-party risk management This is what happened. They had. A third-party platform that was connected to their system. The hacker got in through that third party. So having. Proper vetting and protections from third parties is important access to customer support systems. Octa will now direct. manage all devices of third-parties that access our customer support tools. So. This is something that's important If you just allow anybody to log into your system from the outside, you don't know their computer is safe. You might have all the protections on your own system your servers and your cloud. But if you allow somebody to log in from the outside, It's kind of like, not having the protections throughout your network. So they're going to look at having those kinds of protections on third parties that access our systems. Well this company talks in this…This disclosure. in ways that is apologetic but I think they did a great job, even though they had a breach. Their system was resilient It didn't allow too much, extensive access from the hacker and they're even using it to learn more lessons. To protect their system even more So whether or not you have a cyber insurance policy or not. Being aware of how these hacks work. Is important because it can help prevent you from having catastrophic damage rather than just a minor inconvenience of rebuilding a system.