CNA Insurance has undergone a cyberattack that has disrupted their network. The attack was determined on March 21 and CNA has since posted a statement on their website. Excerpt:

“On March 21, 2021, CNA determined that it sustained a sophisticated cybersecurity attack. The attack caused a network disruption and impacted certain CNA systems, including corporate email.”

“Upon learning of the incident, we immediately engaged a team of third-party forensic experts to investigate and determine the full scope of this incident, which is ongoing. We have alerted law enforcement and will be cooperating with them as they conduct their own investigation.”

Subscribe
Notify of
guest

1 Expert Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Saryu Nayyar
Saryu Nayyar , CEO
InfoSec Expert
March 25, 2021 12:12 pm

<p>There is little information about the attack against CNA insurance as yet, but insurance agencies are a tempting target for cybercriminals.  If an attacker can extract a list of clients who have cyber-attack insurance, those clients in turn become inviting targets themselves.  Since they have insurance they are seen as more likely to pay off a ransom. It\’s a win-win for the attackers and a lose-lose for everyone else.</p> <p> </p> <p>Organizations need to up their cybersecurity game if they don\’t want to become a victim themselves.  There is more to it than checking the boxes so they can get insurance.  They need to implement best practices and take cybersecurity seriously.  It needs to be ingrained in process, policy, and company culture.  And that needs to be backed up with best in breed security solutions, such as security analytics, that can blunt an attack when malicious actors get past the perimeter.</p>

Last edited 1 year ago by Saryu Nayyar
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x