CNA Ins. Cyber Attack- Expert Comments

CNA Insurance has undergone a cyberattack that has disrupted their network. The attack was determined on March 21 and CNA has since posted a statement on their website. Excerpt:

“On March 21, 2021, CNA determined that it sustained a sophisticated cybersecurity attack. The attack caused a network disruption and impacted certain CNA systems, including corporate email.”

“Upon learning of the incident, we immediately engaged a team of third-party forensic experts to investigate and determine the full scope of this incident, which is ongoing. We have alerted law enforcement and will be cooperating with them as they conduct their own investigation.”

Experts Comments

March 25, 2021
Saryu Nayyar
CEO
Gurucul

There is little information about the attack against CNA insurance as yet, but insurance agencies are a tempting target for cybercriminals.  If an attacker can extract a list of clients who have cyber-attack insurance, those clients in turn become inviting targets themselves.  Since they have insurance they are seen as more likely to pay off a ransom. It's a win-win for the attackers and a lose-lose for everyone else.

 

Organizations need to up their cybersecurity game if they don't want to

.....Read More

There is little information about the attack against CNA insurance as yet, but insurance agencies are a tempting target for cybercriminals.  If an attacker can extract a list of clients who have cyber-attack insurance, those clients in turn become inviting targets themselves.  Since they have insurance they are seen as more likely to pay off a ransom. It's a win-win for the attackers and a lose-lose for everyone else.

 

Organizations need to up their cybersecurity game if they don't want to become a victim themselves.  There is more to it than checking the boxes so they can get insurance.  They need to implement best practices and take cybersecurity seriously.  It needs to be ingrained in process, policy, and company culture.  And that needs to be backed up with best in breed security solutions, such as security analytics, that can blunt an attack when malicious actors get past the perimeter.

  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.