Since people seem somewhat interested in things I do and with all this “folding at home” computer talk, I thought I would share another aspect of insurance most people don’t consider.
As mentioned before, at times I engage with and work directly with Forensics of one type or another. My two prior posts (see bottom of post) were about physical forensic data. But what about digital or quasi-physical stuff?
One such matter I am currently dealing with is a large theft that took place via wire transfer. Often, due to the complexities and different geographic locations involved, the police are not involved in these matters.
What appears to have occurred is that through Spear-Phishing (targeted) or regular Phishing (broad-scale attacks) an email account at a company (our client’s supplier) was compromised. A malicious attacker then used a legitimate email account to send out falsified wire transfer information to purchasers and presto….easy money.
I basically act as a consultant on this type of matter and work with some of my existing contacts to retain a Digital Forensics Specialist to…..do what they do and determine the source/cause and possible identity of the malicious actors as well as any compromised data/accounts that may still exist.
The biggest users of Digital Forensics are actually HR deparments. They hire these guys to look at possible data exfiltration (unauthorized transfer of data outside a company network), internet policy violations and Intellectual Property theft. This is actually an insurance related aspect as it helps support “with cause” terminations and defend against wrongful termination lawsuits which, under certain policies is a covered claim.
Cyber Insurance and, by extension, cyber claims are a growing field and risk to nearly every company and private citizen. It’s still a relatively new thing and, to be honest, not as engaging as some of the physical forensic work I’ve posted about before.
Still, cool stuff.