From time to time, a good investigation into a cyber attack or data breach can help gives insurers and insureds alike inside details about how these attacks happen. It can help you prevent cyberattacks or even see what kind of coverage you may need for the future.
Here’s an example of an attack that happened at the beginning of 2022. About a year ago, a tech company, Okra, that provided online platforms for clients had one of their platforms hacked. This hack provided the cybercriminals with a lot of information. In the time since Okra has been very transparent about the details of how this happened. This level of transparency is good for their business in terms of reputation, but also good for the outside world to see how exactly an attack like this can take place.
In this case, they did a forensic report and they found that the threat actor the hacker took over a single workstation used by a support engineer with access to their resources. The control lasted for 25 minutes on January 21st, 2022 and during that limited window of time, the hacker accessed two active customers within the super user application. That’s key because super users have very extensive access to systems. But it does go on to say that the hacker was unable to perform any configuration changes password resets or customer support impersonation events. The threat actor was unable to authenticate directly to any Okta accounts.
Why is this important? Because they had strong internal controls within this company that prevented the hacker from getting much farther than they did. The hacker was able to get control of a support engineer’s workstation, but due to the strong internal blocks and best practices within the company, the hacker couldn’t get beyond that workstation. They poked around a few places but weren’t able to get into any sensitive information. So how did the hackers get in? According to the article, the company had a third-party platform that was connected to their system and the hacker was able to gain access via that third party.
This could happen to any business. Most companies at some point will have a breach or a cyber event. An employee may or vendor may accidentally give access to a hacker. The key is, how much damage can they do once they get in? If you have proper internal controls, like Okra, even if someone breaches your system, they won’t be able to do much damage. Imagine if Okra did not have these controls and the hacker was able to access customer information or billing information, or even went further and infected their other platforms. This would cause a significant increase in liability and damage expenses.
It’s unknown whether or not these best practices by Okta were put in place because they had a cyber liability insurance policy and it was required, or because they knew they were best practices. Regardless of the reason, the result was that their system was too resilient for a hacker to access fully. Following the incident, in our opinion, Okta did a great job handling their response. They even went a step further and talked about lessons learned from this event and how they plan to better their cybersecurity going forward to rebuild trust with their customers.
Whether or not you have a cyber liability insurance policy, being aware of how these hacks work is important because it can prevent you from having catastrophic damage rather than the minor inconvenience of rebuilding a system.