Profile picture
Lesley Carhart @hacks4pancakes
, 7 tweets, 1 min read Read on Twitter
The Zurich / Mondelez case is going to have implications for cyber insurance sales and where CISOs spend money. Not only is Zurich’s claim apparently that nation state adversaries can’t be insured against, but it adds the ever tenuous question of attribution to insurance claims.
I mean, they’re not entirely wrong to be wary - if a dedicated state actor wants to compromise your organization, they probably will. That’s not really what happened in the case of NotPetya, though. By design, most of the victims were merely recon-less targets of opportunity...
I can see some really fuzzy semantic space there, even with a clause involving state-sponsored / wartime activities. What if codebase from a state adversary is reused in a commodity attack? Will insurers present their own reversers as expert witnesses?
Whose attribution will the insurer consider correct for the purpose of denying claims? Their own? The United States intel agencies? Commercial firms? The firm the victim hired to help with response and reporting?
Consider the common attribution of the major historic breaches of retail and medical organizations for the last decade - and thusly the implications of this becoming precedent. Very interesting, indeed.
Ah, and yes - there is kinetic legal precedent for this, certainly. The problem is that CTI attribution is a lot fuzzier typically, and there are almost always disputes about it between organizations. False flags and code reuse are a big problem, too.
(Zurich isn’t necessarily in the legal or ethical wrong. Just many questions and potential implications for how victims, insurers, and adversaries will behave in the future.)
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Lesley Carhart
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

More from @hacks4pancakes see all

Profile picture
This. THIS is the reason I have to carefully research and buy hundreds of dollars of new clothes before business travel to any new locale, before appearing on news outlets, before attending a formal event. This.

Because not even the most powerful woman in US politics is immune.
Have you heard about the 'weathergirl dress'?

It's a $25 dollar dress on Amazon, and one you have seen it you can't unsee it. Because tons of newscasters wear the same one in various colors - it fits some bizarre dress codes and on-camera requirements.

dailymail.co.uk/femail/article…
Okay so, there are only certain colors you can really wear on video. Red, white, black, and patterns like stripes don't show up on camera well. Green is no-go. So the majority of women's business attire is out, because it's all patterned crap, or colored suits.
Read 6 tweets
Profile picture
I know it seems silly to complain about something that benefits my research personally - but this latest Shamoon incident (and story) is another textbook case on training your analysts and IT teams to not upload potentially targeted malware to VirusTotal (etc) without approval...
Once it’s out there, it’s out there. And people start asking Questions. Researchers on a good day. Reporters on a bad day.
(Once the cat is totally out of the bag, of course, I highly encourage sharing samples and IOCs within policies.) 👍🏻
Read 3 tweets
Profile picture
Something that has served me incredibly well over years working incident response is willingness and capability to play devil’s advocate. When I’m told something is on fire, I take a moment to evaluate if it truly is. When I’m told something isn’t afire, I consider why it may be.
Which do I find myself doing more? To be honest, it’s often arguing against IT folks (and my better sales pitch) that things aren’t as catastrophic as they think. Panic is counterproductive to triage. I do plenty of arguing that conditions really do merit faster response, though.
Good science and investigation involves attempting to disprove hypotheses using quality evidence, methodology, and logic. To be a good investigator and responder, you need to be logical, collected, and always willing to challenge assertions (and have yours challenged as well).
Read 5 tweets

Related threads

Profile picture
INSURANCE BROKERAGE
This is a business you can do on either a part-time or full time basis, depending on your resources, social network and capability. For those, however, who do not have much capital to start with you can operate right from your house. #WednesdayWisdom
To do a good job, however, there are few important things that you must know.First you must be familiar with the various laws and regulations governing the insurance business. Secondly, you must be certain about the condition for claims.
#insurance
There are several insurance companies who will employ you and you don't necessary need to resume at their offices until you have clients who want to insure something with you.
One other important factor of success in this business is absolute honesty on your part.
Read 10 tweets
Profile picture
Agree with @wendynather that cyber security is not war. Nor is it a martial art. Remember that the vast majority of data breaches happen WITH NO ADVERSARY [Kroll, 2018]

Simple human error. Poor UX. Lack of training. Insufficient planning. These are your adversaries. Know them
The near fetishization of hackers and hacking leads to this singular fascination we have with APT groups and nation-state adversaries.

Thus, our industry focuses on boutique threats while the village burns.

We work on what fascinates us while ignoring the mundane threats.
Infosec doesn’t need “rock stars”, ninjas, or geniuses. We need LOTS of 9-5 professionals working on all aspects of this problem, not just technical.

Think public health, not war.

You can’t run a healthcare system with everyone running around thinking he’s Dr. House, M.D.
Read 9 tweets
Profile picture
1/n
 Far too much energy has been depleted in condemning how the rich and the famous spend their #money (legally inherited and/or legally earned) on weddings. In one straight piece @monikahalan makes mincemeat out of them – and forces an introspection livemint.com/Money/Tzr7GQyG…
2/n
 How many of those calling such high-decibel weddings “vulgar” opt for a simple registered wedding for their children, asks @monikahalan – scathing observation on #money!
3/n
 Rather than condemning those who spend their earned/inherited #money, we need to look at how taxpayers’ money is spent on the personal upkeep of ‘public servants’ in acres-large bungalows in prime locations, argues @monikahalan
[We don’t because so few of us pay income tax.]
Read 6 tweets
Profile picture
[Money Making Thread]

Top 5 Mistakes of Making Money Online
Mistake 1: Not Charging From Day 1

This is a confidence issue. When you haven't (yet!) made much or any money online, it's hard to imagine you ever will. Right? I mean, this is true of most new things in life.
When you've never solved a rubix cube or lifted your own bodyweight, it's easy to convince yourself that you may never will. However, once you do it once, you now have a benchmark upon which to improve on.
Read 17 tweets
Profile picture
0/ Thread: Fascinating discussion on Structuring your #Sales with @JonathanAngv, COO of @aircall last night at @_TheFamily. I love it when experienced founders pass on what they've learned so new generations can move faster & avoid traps. A few highlights from last night 👇✨
1/ Process beats talent: 🤖 There are no good or bad salespeople. What matters is how they respect the process, and how well defined it is. At @aircall, they have changed their process over 100 times #continuouslearning #optimization
2/ The importance of metrics: 📈 Only one thing matters - MRR. It is displayed on screens in every room and every single person at the company knows this number by heart. Every target is determined in accordance with this number. Full #transparency
Read 10 tweets
Profile picture
Thread: I've been thinking of recent discourse that pits cosmopolitan citizens from nowhere against real, authentic, deserving people.
This discourse is mainstream in left and right since Brexit vote.
What is less known is that it has its origin in anti-Semitic tropes 1/
A recent example is Gordon Brown who argued that the UK needs to take a tougher stance on migration, because that would address "concerns about stagnant wages, left-behind communities, migration pressures, sovereignty and the state of the NHS" 2/ theguardian.com/politics/2018/…
paradigm case is May's Conservative Party Conference speech in 2016 where she said "… today, too many people in positions of power behave as though they have more in common with international elites than with the people down the road,... the people they pass in the street. 3/
Read 25 tweets

Trending hashtags

#Futureofwork #shareholders #AdeccoGroup #humanrights #thepledge #Liberal #5G #ABCNews #SaudiKingdom #JeremyVineon5 #ChicagoTribune #twickenham #blockofwood #HBOS #Eastsheen #localauthority #Zurich #targetedindividuals #USA #channel4news #privateinvestigator #bailiff #JSA #mi5 #worldnews

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!