Cyber attack on Shirbit Insurance Company

First of all

This document has been written and updated until December 8, 2020 and refers to what is known about the cyber-attack on Shirbit insurance company, as of this point in time. Although this is a cyber-attack, this document will focus on the business, organizational and accountability angle of the company’s management. This responsibility is important and critical to understanding and managing the incident. It’s important to say, this is an event with a lot of technological failures and we will address them as well. …

One of my main claims to those who still respond to cyberattacks as a technological problem is the fact that they have not internalized the attackers' worldview.

When you continue to think and behave based on outdated defensive turns as defined in the various regulatory documents, you lose the game. Attackers are conducted differently and those who want to defend against them should understand their mindset that, other than the lust for money, also includes the lust for publicity, even if anonymous advertising seems to be meaningless, for them it is advertising within the professional guild and that is a lot.

These are the new rules of the game. If you've already been attacked in a cyberattack, don't think you know when and how it's going to end. I suggest you open your mind to new defensive perceptions.

A cyberattack targeted Ben-Gurion University resulting in a breach in a number of its servers, the university announced on Wednesday.

Cyber Resilience expert Einat Meyron: "it is not easy to manage an information security system in an academic institution, as academic freedom that can't be impacted by an invasion of privacy becomes a significant cyber risk.

"An information security manager is required to maneuver among a great many executives who each see things in their own unique way along with day-to-day dealing with challenges provided by the faculties that use state-of-the-art technologies and therefore are much more vulnerable along with…

I invite you to read an analysis of a cyber incident (still being conducted) in Israel, on the business page of Bröskamp consulting, a German partner I work with

Think you'll know the first business actions you'll need to do when you find out your company is under cyberattack?

Don't miss out our Black Friday sale of 40% off the Cyber Resilience Playbook. The sale is valid from today until Monday.

Please register here.

Image for post
Image for post

Think you'll know the first business actions you'll need to do when you find out your organization is under cyberattack?

Don't miss out our Black Friday sale of 40% off the Cyber Resilience Playbook. The sale is valid from today until Monday.

Please register here.

I'm no stranger to conversations in front of large participation of senior executives, but I admit, yesterday the intensity of the excitement was a surprise even for me. This was not the first joint meeting for Israelis and UAE residents, but it was the 1th meeting of cyber professionals between the 2 countries and the realization that we are making history, even though we are private individuals and the initiative is completely private, nowadays, even the smallest thing has huge exposure potential, this understanding, is exciting.

The webinar yesterday took about an hour and a half during which many interesting…

A little more on cyber and insurance. It's important to understand the economic ecosystem. What is the clear and direct significance of choosing cyber insurance before completing a wide range of organizational moves and processes and, of course, what are the implications. When there is knowledge and understanding of the risk, it is possible to begin managing the risk in realistic stages of adding more defense mechanisms.
From there, everyone chooses what suits them.

Thanks Yossef (Joseph) Levi for sharing with me.

#boardofdirectors #riskmanagement #cyberinsurance #cyberresilience #management

Last week I had a conversation with a #ciso , ahead of a #CEO forum that is scheduled to present the concept of information security for the coming year. In the materials he brought to our meeting there were no requests for another technology system or another external consulting service. Nor did he seek to deepen or perfect the deliverables he receives from his MSSPs. Really, zero budgetary supplement to what he's already got.

All the comments, but literally all the comments requested by the CISO to anchor in the work plan for 2021 can be defined as "information security…

If you have time to read just one article, this is the article you have to read. Whoever wants it, I have the full research and I'd be happy to send over.


However, not only does paying the bitcoin ransom just encourage ransomware gangs to continue campaigns because they know they're profitable, there's also no guarantee that the hackers will actually restore the network in full.


In addition to the cost of paying the ransom, it's also likely that an organisation that comes under a ransomware attack will lose revenue because of lost operations during downtime, making falling…

C-level consultant. Accompanies managers/ organizations through advanced assessments to attain more efficient and precise coping capacity with cyber incident.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store