Resources

Security ratings services have become a popular way for companies to assess their own cybersecurity posture, as well as that of their partners. And, while they are useful for establishing a data baseline of competence, they are often relied on as something more than that. For example, they’re used in boardrooms as “eye candy” to portray the state of company cyber-risk, with supply chain partners to manage third-party risk and, even more frightening, by insurance companies to create risk profiles for cyber-insurance policies.

Imagine, for a moment, that you own a small business -- say, a regional dairy farm producing milk, ice cream, yogurt, and other products. And, like so many companies in the food manufacturing sector, you get hit by ransomware. You can’t access any of the data you need to run your business -- so you don’t know which products to ship, where to ship them, what prices you’ve negotiated, who’s paid and who hasn’t… everything is locked up. And, the clock is ticking -- you can’t tolerate extended downtime or products will spoil and customers will defect to other vendors.

Threat actors have successfully targeted defense contractors over the years because they haven’t fully secured their networks, thus creating serious vulnerabilities in U.S. national security. To combat this challenge, the Department of Defense’s (DoD) Cybersecurity Maturity Model Certification (CMMC) framework was born.

First a pandemic, then a major economic crisis . . .why not throw in an epic cyber attack? GroupSense CEO Kurtis Minder breaks it down for #FedHeads Francis Rose and Robert Shea and throws in a few ransomware war stories, too. Chilling.

A regular user of underground forums and illicit online marketplaces with a track record of selling stolen credentials that can be used to access government, university and corporate networks is attempting to sell access to systems belonging to a large city in Arizona, the cybersecurity intelligence firm GroupSense told StateScoop.

The cybersecurity industry is often rife with hype around the topic of automation, with both IT security teams and malicious hacking groups steadily incorporating more tools and processes that can rapidly and automatically scan networks or process large datasets at speeds far faster than humans.

Kurtis Minder has spent the past year negotiating six-figure ransom demands from gangs of ruthless criminals. Not for the safe return of kidnap victims, but for the release of valuable data that is being held hostage by hackers. Ransomware attacks, which see hackers lock up data or computer systems until they are paid off, have been one of the biggest cyber security headaches for the private and public sectors in the past year.

Ransomware has been one of the most devastating malware threats that organizations have faced over the past few years, and there's no sign that attackers will stop anytime soon. It’s just too profitable for them. Ransom demands have grown from tens of thousands of dollars to millions and even tens of millions because attackers have learned that many organizations are willing to pay.

GroupSense, a digital risk protection services company, today announced several milestones from a successful 2020, including doubling its customers base, recording 60 percent year-over-year revenue growth and adding eight strategic partnerships, among many other accomplishments.

Ever thought of hiring a ransomware negotiator, or becoming one yourself? On today’s episode, Kurtis Minder of GroupSense tells us what makes a good ransomware negotiator, why setting the right tone is crucial in a successful negotiation, and why, in the right situation, you can get away with referring to a ransomer as “grasshopper.”