Your cyber insurance doesn’t want to pay for your hack

Start listening

This is a trend that’s happening around the globe, and the news we got from Lloyd’s of London Insurance in August is just the latest example. They’re looking to exclude payments for “catastropic” and “state-sponsored” attacks. We talk about what that means. We also discuss how a plaintiff lost a recent lawsuit against their insurance company, getting $100K when what they wanted was $600K. It was how their policy was written. We also talk about a new show (streaming on Peacock in the US) called “The Undeclared War” that is technically fictional but seems all too real. We finish up with a discussion of how we see the roll of cyber insurance in this scary world of ransomware. Saddle up and listen up!


[00:00:31] W. Curtis Preston: Hi, and welcome to Backup Central’s restored all podcast I’m your host w Curtis Preston, aka mr. Backup, and have with me my confusing mechanical situation, analyst,

[00:00:46] Prasanna Malaiyandi: Uh, Curtis. Yes. We’ve had quite a few conversations the last few days

or week I should say.

[00:00:55] W. Curtis Preston: We,

[00:00:56] Prasanna Malaiyandi: you should give an update for our listeners on your current saga.

You’re like, it might be too.

[00:01:02] W. Curtis Preston: For anybody that cares. Right. So I have a Prius with just shy of 200,000 miles and it started showing signs of maybe a head gasket, right? But it’s, But, but in a Prius, when the, the signs are really minor, it’s not, or at least in the beginning, the signs are really minor.

It throws an occasional, um, uh, misfire. Right? And so we, you know, we work on different things, different possib. And, and, and I decided that I didn’t wanna spend the money on a 200,000 mile car to do the head gasket. And so I decided to try what was considered to be the best of the sealing stuff, which happens to be steel seal.

Um, and everything worked out, but, well, it appeared that everything worked. But now, after that, my cooling system, Is malfunctioning and it’s specifically malfunctioning saying that my water pump isn’t working and I’m getting an actual code that essentially says either the control module or the wiring to the water pump or the water pump itself is not working.

And, uh, some of you that are anti seal stuff or like, Oh, a seal messed up the thing, and I don’t, I don’t know that. But anyway, it’s just, that’s, that’s where I’m at. So the car is fine if it’s idling, it runs. Not throwing the error, but the, But the water pump is saying it’s not running properly, right? I, I think it’s, I think it’s running somewhat.

Otherwise the car would overheat sooner, but, um,

[00:02:39] Prasanna Malaiyandi: and just looking at the code, uh, doing some research, it looks like if it’s not running at like 900 rpm, then it throws that code

[00:02:46] W. Curtis Preston: Yeah.

[00:02:47] Prasanna Malaiyandi: at least at 900 rpm.

[00:02:49] W. Curtis Preston: the easy this is, this is another one when you’re a do it yourself mechanic, like I could take it to my guy. I could take it to my guy, and $500 later we maybe know what’s wrong,

[00:03:02] Prasanna Malaiyandi: Yep.

[00:03:02] W. Curtis Preston: So for $200 I can replace my water pump.

[00:03:06] Prasanna Malaiyandi: So what are you gonna do, Curtis? Did you already order water pump?

[00:03:09] W. Curtis Preston: I ordered the water pump. It’ll be here

[00:03:11] Prasanna Malaiyandi: Yeah.

[00:03:12] W. Curtis Preston: Uh, and it’s actually the original, it’s a, it’s the, you know, it’s the AON water pump.

Yeah. It’s the same exact line.

[00:03:20] Prasanna Malaiyandi: P T one?

[00:03:22] W. Curtis Preston: What is that?

[00:03:23] Prasanna Malaiyandi: Is that the model number?

[00:03:25] W. Curtis Preston: Oh no, it’s, you know, it’s, it is, it is the same company that makes the Prius, um,

[00:03:32] Prasanna Malaiyandi: Yeah, for Toyota. It just doesn’t have the Toyota stamp on it.

[00:03:36] W. Curtis Preston: Well, it actually has the Toyota stamp on it, believe it or not. It has the Toyota stamp on it, but they grind it off when they sell it on Amazon.

[00:03:44] Prasanna Malaiyandi: Wow. That is interesting cuz I’ve heard like when you buy like OE parts for other companies, right? You just are missing the stamp. Like if you buy headlights for your BMW or whatever and you buy like the Bosh ones, which are the OE ones, right? You just are missing the uh, BMW badge. Right? Or stamp on the part.

But it’s interesting that they’ve actually built the part and then they spend the labor and the time


[00:04:05] W. Curtis Preston: I think what it is is they have one line, The line makes the, the Toyota stamped parts and it’s actually die stamped. Is what? Is what it is. And so then, then, and then somebody

[00:04:17] Prasanna Malaiyandi: Could you imagine being that person being like, What a waste of a job?

I just sit there. Yeah.

[00:04:23] W. Curtis Preston: And it’s very clearly manually done. It’s very

[00:04:25] Prasanna Malaiyandi: Yeah.

[00:04:26] W. Curtis Preston: you know, there’s a guy with a grinder

[00:04:28] Prasanna Malaiyandi: Well, someone’s employed at least, so.

[00:04:31] W. Curtis Preston: Yeah, I, that’s what it is. I’m all about giving people jobs. So

[00:04:36] Prasanna Malaiyandi: So hopefully next podcast we will have an update. Yeah.

[00:04:40] W. Curtis Preston: yeah, I decided, by the way, I decided to give my mechanic some money. I sent him some money for some verbal advice he’d given me, and I was like, Dude, thanks for, thanks for helping.

He’s been my mechanic for a long time and, and then lately I’ve been doing my own stuff, you know? Anyway. My constant, my constant companion through it all has been my Prasanna Malaiyandi. So let’s, uh, uh, I’ll throw out our disclaimer. Um, neither Prasanna and I or our mechanics or, uh, know what we’re doing. Uh, we also, are doing this independently.

He works for Zoom. I work for Druva. This is not a podcast of either company and the opinions that you hear are ours. And, uh, be sure to rate us. Go to your favorite, uh, podcatcher and scroll down to where they have the rating part. Click a. Um, and, uh, you know, and give us, give us five stars, uh, unless you don’t like us, in which case there’s really no need to read In which case I wanna know why are you listening? Do you just, I wonder, I wonder if there’s people who just listen to like the first five minutes, just wanna see

[00:05:47] Prasanna Malaiyandi: Of us, of us rambling,


[00:05:50] W. Curtis Preston: and then they’re like, Okay, he’s gonna talk about backups. Now I’m outta here. Um, wonder if we have this odd, That would be a

[00:05:57] Prasanna Malaiyandi: I wonder if you can find that stat though,

[00:06:01] W. Curtis Preston: Lord. Yeah, I, yeah, I don’t think my, I don’t think my host gives that, that stat, but it would be really funny if there’s a group of people that listen for five minutes and they go, Okay, he’s talking about tech now. I’m outta here. I just wanna know what’s going on with Prius or is flooring or, Uh,

[00:06:18] Prasanna Malaiyandi: like.

[00:06:19] W. Curtis Preston: Yeah.

I think we’ve been doing this long enough. Did we record when I was doing solar, I was trying to do my own solar.

[00:06:25] Prasanna Malaiyandi: Yeah. Yep. We did record cuz I do remember, I think Yep. Talking about that.

[00:06:31] W. Curtis Preston: yeah. Good terms. Anyway, uh, I

[00:06:34] Prasanna Malaiyandi: speaking of rating this, speaking of rating, if we get to 25 ratings, then Curtis will for Christmas, grow a Santa beard. So he’s already started, which is awesome, but for Christmas, he will grow the Santa beard. So please go on. I think it’s the Apple Podcast, right site.

[00:06:52] W. Curtis Preston: This is specifically Apple Podcast. We’re trying to get to, uh, the number of ratings

[00:06:57] Prasanna Malaiyandi: yeah. Trying to get to 25 because I really want to see Curtis with the Santa beard.

So please, please, please go give us a, like, give us a rating. Leave a comment, and let’s try to hit the 25 number.

[00:07:08] W. Curtis Preston: On there, there’s a comment on there about me doing the Santa thing, that would be pretty funny. like, I’m leaving this comment just so Curtis will do a Santa beard. Um, All right, well there you go. Uh, and you know, if you wanna join the party, if you want to come and talk to us about our topics, right?

Backup, security, uh, privacy, what else should we talk about? Don’t we talk about, Oh, you know, just, well, whatever. All of those things,

So if you wanna join the podcast, if you wanna join the conversation, reach out to me, uh, at WC Preston on Twitter, or w Curtis Preston at gmail. Um, so I thought that, This week we would talk about a trend that’s been happening.

I’m seeing it in a, in a couple of different places, and it’s this idea that, So, so, we’ll, we’ll back up. There was a trend that cyber attacks were becoming more common, Right? Especially ransomware attacks. And then another trend was everybody said, Well, we better get cyber insurance. We didn’t have cyber insurance, but we didn’t, you know, it’s sort of like, I don’t have flood insurance cuz I live on top of a hill and, you know, that sort of stuff, right?

Um, even then I, I, I’ve been watching the news lately and I’m like, I don’t know, you know, maybe I should get it.

[00:08:26] Prasanna Malaiyandi: Well, it’s like the Spectra Logic, right? Tony Mendoza, right. When we had a bond talking about when they got hit with ransomware, right? He’s like, Yeah, just a month before the board had bought and gone and got cyber insurance. Right?

[00:08:36] W. Curtis Preston: Yeah. Yeah, that was, that was really good. So it’s one of those things where it’s like, it’s really helpful to have somebody in your corner, even if they’re not gonna like, pay you a million dollars because you got hit. You know, it’s really helpful to have somebody in your corner, so it’s certainly something to think about if you’re not, if you don’t currently have cyber insurance.

I think it’s a solid idea. What I think was starting to happen, or the insurance companies felt was starting to happen was that they felt that there were. , um, certain types of attacks that they couldn’t ensure against, or certain types of payments they couldn’t ensure against. So one of the things I think we saw a little while ago was cyber companies saying, Listen, we’re not gonna pay the ransom, right?

We’re, you know, or, or it’s a severely limited amount that they’re gonna pay the ransom. So, We’ll help cover damages or whatever, but we’re not gonna pay the ransom. What I’m seeing now and um, there’s two articles that we can talk about the, Go ahead.

[00:09:39] Prasanna Malaiyandi: Was it that they’re not gonna pay the ransom? Or was there also concerns around paying the damages or the lawsuits or anything like, Because I think in case of when you get hit with ransomware, like there’s sort of three buckets I look at in terms of cost, right? One is, Paying the ransom. Right? Uh, the second is getting your infrastructure back up and running, whatever that is.

And then third is paying for any damages that happened because you got hit. Like this might

be having to deal Yeah. Loss of business or dealing with lawsuits, Right. Or other things like that. So do you know where cyber insurance, when you talk about the cost, were those

like, that they’re reducing?

[00:10:20] W. Curtis Preston: Yeah, I don’t, I don’t know. And that wasn’t the one, that wasn’t the thing I wanted to talk about this week, but, so I didn’t research it.

[00:10:26] Prasanna Malaiyandi: Okay. No, no,

that’s okay.

[00:10:27] W. Curtis Preston: but, but I, I am aware that that insurance companies had been pulling back on. Coverage of ransomware. Right. Um, that, that, that, that they’re not doing the same thing that they were doing before.

Um, you know, and again, it’s not across the board, it’s not every company, but, um, that’s what we’re seeing. And there’s two other, um, restrictions that I thought we’d cover. And the first, and it was an article that came out, um, just in the last week, and that was that, um, Lloyds of London is instructing its insurer groups, uh, globally to exclude the quote is catastrophic state backed hacks from standalone cyber insurance policy starting next year. So

[00:11:21] Prasanna Malaiyandi: Which is a lot to unpack. First is this article was dated August 24th because I’m not sure when this, uh, episode will air. Um, it’s interesting. Right. The two things that stood out to me was catastrophic,

[00:11:35] W. Curtis Preston: Mm-hmm.

[00:11:36] Prasanna Malaiyandi: right? And the definition of what catastrophic is. I always worry when people use that word, right? In terms of what it covers.

And then the second one, and maybe we could discuss this, is also nation state, right? Because there are lots. Yeah, because there are lots of hacking groups that are hard to tell. Are they sort of state backed or are they independent or what that relationship is. So maybe we could talk about those two.

[00:12:03] W. Curtis Preston: Yeah. And you know, we’ve talked about, obviously we’ve covered like ransomware attacks and, and that there’s groups like the CONTI ransomware group that are huge and there’s a lot of feeling that they are state backed. Right. Um, that they’re, they’re certainly state inc encouraged, um, the. I, I think, you know, this is one of those, like, you know, I am not a lawyer and I’m not even attempting to be a lawyer and I haven’t actually seen the contract, but I think what they’re trying to protect against is like what happened with the Solar Winds attack, but the solar winds attack, which, um, I believe we, I believe that we believe that it was a state backed attack that, um, The reason, the thing with state back to tax, you know, or state, State backed attacks, that’s

[00:13:01] Prasanna Malaiyandi: That’s a mouth full

[00:13:02] W. Curtis Preston: T.

Yeah. Or nation state attack is that they have essentially an unlimited budget and so they can do things that perhaps a smaller, smaller hacking group might not have or might not be able to do. And. I think the Solar Winds attack is an example of that because it required many, many months of, of, you

[00:13:25] Prasanna Malaiyandi: Careful planning Yep.

[00:13:27] W. Curtis Preston: and the. The result, and this is where I’m getting to the result was catastrophic. It took out, you know, it hacked many, many, many companies and I think the worry is that there could be worse, even more catastrophic attacks that make the Solarwinds attack look small.

[00:13:52] Prasanna Malaiyandi: but instead of calling out nation states and cat catastrophic, it almost seems better to think about it in terms of like the impact. Uh, another example could be like the CAA hack, right? That affected MSPs, right? Like how do they quantify that SolarWinds totally makes sense, right? Or someone going against like a Microsoft or the Okta hack that happened, right?

Because there are so many people who use Okta, right? It’s.

[00:14:18] W. Curtis Preston: Right.

[00:14:19] Prasanna Malaiyandi: It’s a little fuzzy

right? In terms of,

[00:14:22] W. Curtis Preston: I,

[00:14:23] Prasanna Malaiyandi: Yeah, I know we’re interpreting. Yeah.

[00:14:25] W. Curtis Preston: Uh, we are interpreting someone else’s words. Uh, I happen to be looking at a Wall Street Journal article. We’re interpreting someone else’s words. We haven’t seen the contract. Um, the, uh, actually, um, let me click on this. I haven’t seen this before, so I actually have a bulletin. Uh, so this is, I actually have the bulletin from Lloyd’s and I’m looking at it right now.

[00:14:52] Prasanna Malaiyandi: So while you’re pulling that up, one of the things, So I’m reading a register article from the 24th of August, and one of the things is that the policies must set out a robust basis on which to attribute state sponsored attacks. And the register article, they actually say that attribution is absolutely hard.

Because like we’ve talked about, saying that a particular group is responsible for an attack or a nation state with a hundred percent confidence is really, really difficult. Or the fact that like these ransomware groups right they’re as a service now. So what does it mean if say there’s a nation state sponsoring a ransomware group that’s offering it as a service and some other smaller groups starts using that exact same package?

[00:15:38] W. Curtis Preston: So I’m reading the actual memo here. Okay, so at a minimum, the state backed cyber attack exclusion must exclude losses arising from a war, whether declared or not, where the policy does not have a separate war exclusion, exclude losses arising from state backed cyber attacks that significantly impair the ability of a state to function or that significantly impair the security capabilities of a state.

So it’s a, it’s an attack on, on the state.

[00:16:10] Prasanna Malaiyandi: Gotcha. So not necess. So going back to our examples, Kaseya and Solar Winds. See, but that’s where it gets a little fuzzy still, right? Because.

[00:16:19] W. Curtis Preston: they’re say, they’re saying if the United States can’t function, if you’re part of, if you’re part of a hack that took out the us. Right.

[00:16:29] Prasanna Malaiyandi: To what extent though, Right. Could you claim that like an attack on I know. I know.

[00:16:35] W. Curtis Preston: Set out a robust basis by which the parties agree on how any state by cyber attack will be attributed to one or more states. Ensure all key terms are clearly defined

Okay? So they’re not saying what you gotta put in there. They’re just saying, Dude, you gotta, you gotta exclude the state backed stuff. You have to be very clear as to how we’re gonna attribute state backed stuff.

[00:16:57] Prasanna Malaiyandi: Yep.

[00:16:58] W. Curtis Preston: Um, yeah.

[00:17:00] Prasanna Malaiyandi: Which I think is gonna be a court challenge for sure. I could just imagine, cuz this goes into effect in 2023, I believe, right? End of March, 2023. Yeah. So I’m.

[00:17:09] W. Curtis Preston: saying a phased, A phased attach, but Yeah.

[00:17:12] Prasanna Malaiyandi: Okay. Yeah. So I’m guessing that there will probably be lots of court challenges in terms of this, right? So we shall see how Lloyd’s handle, I understand what they’re trying to do, right?

Because some of these, like you said, are very costly, right? It’s outside the scope. It’s just like today, most insurance policies don’t cover an act of war, right? And so

[00:17:31] W. Curtis Preston: yeah.

[00:17:32] Prasanna Malaiyandi: I can see why they’re doing this.

[00:17:34] W. Curtis Preston: Yeah, I think what they’re saying is this is an act of war. Uh, you know, declared or not, and that we don’t, we’re not gonna cover it.

[00:17:41] Prasanna Malaiyandi: Speaking of declared and not declared war, do you wanna talk about the show that you’ve been watching?

[00:17:46] W. Curtis Preston: yeah, I’ll talk about this show. So there’s a show on Peacock, I think it’s, it was a UK show that was popular in the UK and now they brought it to the US and it’s called The Undeclared War. And it’s, I, I thought it was a pretty good show. The, there was nothing that really made me, you know, it’s, it’s a show about cyber and, and, and other state backed attacks specifically on Russia or by Russia on the uk.

And they, um, they, they got, I mean, there’s, there’s some tech stuff where I was like, I’m not sure if that’s, if that does what you’re saying it does. And, um, One thing I’m always interested is when you, when you see, it’s, when they’re looking at the code, like, I don’t know, is their ability to look at the code, if there’s code that has been compiled, is it possible to disassemble that and look at it?

[00:18:52] Prasanna Malaiyandi: Yeah.

[00:18:53] W. Curtis Preston: It is. Okay. All

[00:18:54] Prasanna Malaiyandi: well it, But it wouldn’t end up being code, right? You would ba

[00:18:59] W. Curtis Preston: It would,

[00:19:00] Prasanna Malaiyandi: like you might end, Yeah, it’d be assembly.

[00:19:03] W. Curtis Preston: Okay. So that, that part again, that, that was where I, I wasn’t sure that that was possible what they were doing. But then again, I think what I was looking at was Python , so maybe it wasn’t compiled code cuz it was actually a reference to Python in the, the thing and.

But then they also had her, Sorry, I’m focusing on the techy things that maybe they got wrong, but, but overall, the, the overall concepts that they got right where basically it was a, and again, if you don’t want to hear, uh, I’m gonna give some spoilers. I don’t care. Like, if you don’t wanna hear this stuff, then skip ahead in a few minutes.


[00:19:40] Prasanna Malaiyandi: About five minutes.

[00:19:42] W. Curtis Preston: Yeah, about five minutes. Don’t take me that well, man. I don’t know. Anyway, I can talk. I know how to talk. Um, it was a state sponsored, like Russia said, and, and what’s interesting about this show is that they show both sides. They show what’s going on in Russia at the time, you know, and Russia basically said, We want to provoke the UK to war and we’re gonna do a multi-pronged attack.

Um, social engineering, you know, social media engineering, uh, a cyber attack against their infrastructure and a news attack, essentially. Fake news

[00:20:24] Prasanna Malaiyandi: misinformation. campaign.

[00:20:26] W. Curtis Preston: Yeah. Misinformation campaign, right. Via their own state sponsored news channel. And, um, you know, it works right? Ultimately, um, the UK. Believes that they have no choice.

They believe that they have been, they have been, uh, that, that, that, that what Russia has done has been an act of war, although it’s all been cyber and, you know, under the covers and everything. So they respond with a cyber attack and Russia over, you know, uh, exaggerates the effect of the cyber attack.

It’s killing people. It’s killing people in hospitals, et cetera. And then they actually attack the uk. Um, it’s a. Too real,

[00:21:08] Prasanna Malaiyandi: But I was gonna say, yeah.

[00:21:09] W. Curtis Preston: in 2024. There’s references to current to people that are currently in politics. The, the actual Prime Minister is a fictional prime Minister. Uh, they actually said that he ous it, uh, uh, Boris,

[00:21:24] Prasanna Malaiyandi: Hmm.

[00:21:25] W. Curtis Preston: um, in, in a bitter contention,

[00:21:27] Prasanna Malaiyandi: Were they foretelling things? Yeah.

[00:21:29] W. Curtis Preston: I think they were, cuz you know, I think it must have been filmed before he resigned.


[00:21:34] Prasanna Malaiyandi: Yeah.

[00:21:35] W. Curtis Preston: um, but overall, the stuff was all just, there was this one scene that um, really, really, it hit home for me and it was where they were. Um, there’s this, there, there’s this new journalist that has moved from Russia to London. To be on the Russian sponsored channel, you know, that’s in London. And she gets, sent her very first assignment.

She gets sent to a place, to a date and time and place, and she’s told to put on riot gear, and then a, and then a riot happens. Right. You know, right behind her the moment she gets there and she’s like, Did, did, did we? Did we, um, Uh, arrange for the counter protestors to show up, and her boss is like, uh, we arrange both sides and she shows how she had, they have Facebook groups that they started and one is like pro Putin and one is against Putin, and they

[00:22:42] Prasanna Malaiyandi: but both controlled. Yeah.

[00:22:44] W. Curtis Preston: And they’re both controlled by them. And then they announced a, we’re gonna meet in protest at 10:00 AM at Lester Square, whatever it was, you know? And they just did it with both groups, not telling them the other groups are gonna be there. And so then they show up 10 o’clock with the camera. Oh look, there’s a riot in the middle of London over Russia.

Uh, and that all seemed really like, just a little too real,

[00:23:09] Prasanna Malaiyandi: It hits. Does, did it feel when you’re watching this, that it’s almost as if you’re watching like live news happening in another part of the world?

[00:23:17] W. Curtis Preston: yeah. And, and, you know, and then there was this, this moment when the, the lady’s like, Well, well, this is fake news, like what we just did. She’s like, Okay, First off, it happened, right? We didn’t orchestra, you know, we didn’t, we didn’t.

[00:23:30] Prasanna Malaiyandi: Hire the people to

come. Yeah.

[00:23:32] W. Curtis Preston: these are real people that join our groups.

They, there’s a group that thinks Putin’s great, and there’s a group that thinks he’s bad. These are all real people. This is not fake news. This actually happened. And then she goes, Lady, it’s all fake news. Our goal is to get it so that everyone thinks everything’s a lie.

And then, uh, then the biggest liar wins. And again, I was like, this is just hitting a little too, too close to home. But yeah. But, but the cyber stuff was, was a core element. And what they had was this multi-pronged cyber attack where they had the, the one cyber attack that went off and then, The, again, they used social engineering against it.

There was something about a, a, a library that they did something with a library and they’re like, Well, nobody’s gonna look inside the library. Um, and so the, you know, the new girl, of course, looks inside the library and she

[00:24:32] Prasanna Malaiyandi: She’s like, Ooh.

[00:24:33] W. Curtis Preston: attack. And so she’s a hero except it turns out there’s a third attack and the third attack was the worst, right?

So they, they get this feeling of euphoria, of like, Oh,

[00:24:43] Prasanna Malaiyandi: Yeah. We caught it.

[00:24:45] W. Curtis Preston: Haha, yay. We caught it. There was a third attack that was much, much worse. And, um, that results in a severing of relationships between the US and the uk. And the show,

[00:24:56] Prasanna Malaiyandi: Hmm. Interesting.

[00:24:58] W. Curtis Preston: a 75 year information sharing agreement is over. It’s like you are on your own.

So now the UK is on their own at a moment when

[00:25:09] Prasanna Malaiyandi: When they need, Yeah. Oh, yeah,

[00:25:13] W. Curtis Preston: It was pretty, it was pretty good. You know, overall the tech was pretty good. You know, there was a moment where like, you know, they, they wanted to give the girls some busy work and, and they said, I don’t know, why don’t you just strings it? Right. You know, like strings the executable. And so she’s looking through the stuff that she sees.

Um, . And, um, oh, there, there was one little interesting thing that I picked up. So there was this, in that strings attack, she gets these three words.

[00:25:39] Prasanna Malaiyandi: Oh yeah. I remember.

[00:25:41] W. Curtis Preston: yeah. And then it turns out there is this thing called what? Three words. What number? Three They’ve divided the entire world into, uh, three meter segments, three meter squared segments, and you can identify any three meter squared segment in the world by three words.

and, and it’s a fascinating way to do like GPS coordinates and it’s a way to basically say like, I’m in a very, I’m in a big field and you can meet me at, you know, dog cat goofy. Right? And, and that would, that would.

[00:26:17] Prasanna Malaiyandi: Translate.


[00:26:18] W. Curtis Preston: what, Three words? Yeah. Uh, that was, I’d never heard of it. I was like, I’d done, you know, and I pull it up, I go, Look at that.

They use an actual app and they use the actual app, like the UI of the actual app in the movie. I was like, Well, that’s pretty cool cuz a lot of times you see, they don’t, they, they.

[00:26:33] Prasanna Malaiyandi: They just build their own.

[00:26:34] W. Curtis Preston: right? Yeah. Uh, but overall it was, uh, so back to the topic,

[00:26:39] Prasanna Malaiyandi: Yeah.

[00:26:40] W. Curtis Preston: I thought it was really, really real. The idea of state sponsored, you know, attacks is really, really real.

It’s happening. And so I can understand Lloyd’s wanting to exclude that stuff. I do believe it’s an undeclared war. Um, and then, uh, let’s move on to the second topic, which is perhaps more. Relevant to maybe the average company, I don’t know. And that is that there is a, another insurance company, it happens to be travelers, and they, they were, uh, suing, um, uh, their, so, so that Travelers is the insurance company.

The other company is called SJ Computers. They sued in November that travelers owed them far more money than they were, than they, than they were getting, They were getting a hundred thousand dollars and that they owed nearly $600,000 in a loss due to a successful, um, business email Compromise Attack. And by the way, the attack just sounds horrible.

I don’t know if you read through the

[00:27:48] Prasanna Malaiyandi: Yeah, I did. It’s, this was on the register as well, right? Um, social engineering.

Can’t find it.

[00:27:58] W. Curtis Preston: well, they basically get, they, they, they hack an, they get something to hack an account. They send an email to the CEO to authorize a payment, and the CEO makes a quick call to. Their, their company, like they used a real, they they knew a lot. They used the name of a real client of the company, or I guess that would be a vendor.

They used the name of a real vendor of the company, but they just changed

[00:28:25] Prasanna Malaiyandi: Change the phone number.

[00:28:26] W. Curtis Preston: then they, they got them to authorize the, the thing, and he, he didn’t, he, he made a phone call. It didn’t answer. And so they paid like $600,000 to, uh, this other company. and what Travelers was saying is, Listen, we have social engineering coverage.

You paid for social engineering coverage. This is social engineering. It has a limit of a hundred thousand dollars. Uh, we’re not paying you $600,000. They sued, they lost. The court very clearly said, Look, this was so, so they, they differentiated between a social engineering attack and a cyber attack.

[00:29:06] Prasanna Malaiyandi: Which is interesting because I had never really considered that there are different categories, which makes sense now that you think about it, but that there are different categories of the types of crime and given insurance companies, they probably have different amounts of coverage, just like your normal house insurance or car insurance, right?

You have different amounts based on the different types and. It makes sense. And I’m guessing that someone probably did not read their contracts clearly to see what their coverage was.

[00:29:34] W. Curtis Preston: the story that I read, It looked like they did read the contract. They, they, and they filed it the way they filed because they did read their contract , meaning, meaning they wanted it to be covered on the other. And I, I know I, I, um, there was an insurance deal that I was involved with. I gotta speak, uh, what’s the word?

High level here. But there was an insurance deal that I was involved with where the insurance company, Wanted to pay far less that it, it was a company that, that suffered, um, a disaster recovery situation due to a flood of, uh, the River. The company actually did a really good job where they had essentially relocated their IT infrastructure to an alternate, like a, you know, a, what do we call those? Like a cola.

[00:30:31] Prasanna Malaiyandi: Yeah. Colo.

[00:30:32] W. Curtis Preston: And they had done it in such a way that there was like almost no downtime, but by doing it that way. And they basically, they knew this flood was coming and they. In advance, and it was essentially miraculous. The company had done a really great job of protecting their business, but the coverage that they had, basically it said, We will cover moving your computers, right? Like moving them to a high ground and then moving them back. There is no coverage for business continuation.

Right. And so they were, they were suing for, it was just like this, where they were suing for a much bigger amount. And they’re saying, You don’t, it’s not covered in this, in this, um, in this thing. Right. You know, So when, when insurance companies write insurance, they, they, you know, they, they write it so they don’t have to pay.


[00:31:27] Prasanna Malaiyandi: Or they understand the risks and the likelihood and all the rest of that and charge you accordingly, right?

[00:31:32] W. Curtis Preston: Right. And, uh, and, and you know, just like in this story, the company in my story, they lost because it was very clear what the difference between physically moving the computers and moving them the way they did. Uh, you know, and, and it was literally like this was, this made this look like peanuts.

It was like, it was millions of dollars. Uh, and they, they were gonna get, Like 200,000 or something. It was something really small. But, um, I, I think that the key here, if we go back to sort of the, the core element of our podcast is that you should be creating a cyber defense and a data defense mechanism that you shouldn’t have to be reaching out to your insurance company.

Right. If you, if you follow and, and I’m gonna go, I still think that the, the episode that, the episodes that we did with, um,

[00:32:36] Prasanna Malaiyandi: Snorkel 42,

[00:32:38] W. Curtis Preston: I still think that his multipronged, these are the things that you should be doing already. You know, that approach of, you know, Obviously, obviously monitoring for bad stuff happening, obviously having, you know, an intrusion detection system and all of that stuff, but then designing your infrastructure in such a way that if and when you get an attack, it, it can’t spread

[00:33:06] Prasanna Malaiyandi: Blast radius is reduced.

[00:33:07] W. Curtis Preston: Yeah, it reduces the blast radius and then you need to, uh, because if you, if a single system got infected and then it’s unable to infect the rest of the data center, that’s not that big of a recovery.

[00:33:20] Prasanna Malaiyandi: Yeah.

[00:33:21] W. Curtis Preston: Right. Even if it’s the most critical system in your enterprise, that’s still not that big of a recovery

[00:33:28] Prasanna Malaiyandi: Assuming you have backups,

[00:33:29] W. Curtis Preston: as well, Yes.

Well, any recovery is a bigger recovery if you don’t have backups and assuming you have, And then when we get to the part of the, the disaster, assuming that you have a disaster recovery system that is a modern day system that is able to bring your infrastructure. In a relatively short period of time. Um,

[00:33:54] Prasanna Malaiyandi: That you’ve


[00:33:56] W. Curtis Preston: What’s that?

[00:33:57] Prasanna Malaiyandi: That you’ve

[00:33:57] W. Curtis Preston: And it’s tested. That is, that is documented and you have tested, and I think it should be automated, right? There are, there are companies and yes, Druva is one of those companies that provides a fully automated disaster recovery system. We happen to use the cloud that you do, you know, you do a one-time setup upfront.

Then in the case of either testing or declaring a disaster, you literally push one button and then boom, you fail over to the, to the other data center, right? Well, it fail over to the cloud. um, you know, we’re not the only company. In fact, we don’t even have the best RTO there. There are companies that, you know, we, I mean, ours is 15 to 20 minutes.

That’s pretty dang good. But there are companies that do that in, in, you know, one minute or less than one minute. Um, and I, I think that. Um, if that’s what you need, then you should go to those companies, right? But if 15 to 20 minutes it’s good enough for you to say no to a ransomware company, then I would recommend you check out Druva.

Um, I, I think it’s the beauty of us running in the cloud, being a full SaaS service and all of that stuff. Right? So I just, I want you, That’s, I think the takeaway to get from this is to not, is to not focus on the. Two thirds of the podcast of like the details of what these wordings mean and ah, you know, are we gonna be covered and we’re not gonna be covered?

Do it so you don’t need to coverage.

[00:35:22] Prasanna Malaiyandi: Yeah. Well, I would say do it. So it’s kind of like, as I look at it, like medical insurance sometimes, right? Where you’re looking at it to protect you from catastrophic, Like something gets out for some reason and your blast radius is no longer just that one server, but everything. So it’s there just in case you need it, right, to provide you that coverage or whatever else it is.

But for the most part, you should try to not ever have to use it.

[00:35:51] W. Curtis Preston: Yeah.

[00:35:52] Prasanna Malaiyandi: it’s more like home insurance than medical insurance. Actually,

[00:35:55] W. Curtis Preston: say again,

[00:35:56] Prasanna Malaiyandi: I would say it’s more like home insurance than medical insurance.

[00:35:59] W. Curtis Preston: Yeah. It’s more like, yeah, it’s more like home insurance.

[00:36:01] Prasanna Malaiyandi: Protect yourself, right? Plan. Protect yourself.

[00:36:04] W. Curtis Preston: yeah. That, that’s the thing is, is to, is to plan for this.

I think that the main point of cyber insurance would be to have a person in your corner. When, uh, Tony from Special Logic talked about what they went through, they had a company, a cyber specialist in their corner to help them out of the scenario. That’s, um, that’s what I like about cyber insurance is to have, if there’s a clause in there that gives you access to

[00:36:34] Prasanna Malaiyandi: An expert.

[00:36:35] W. Curtis Preston: that have done this.

Yeah, an expert. Um, And, um, and then you do need that multi-pronged defense system to protect from on the front end and to protect it from being able to, you know, to limit the blast radius and protect it from being able, you know, like the idea of not using recently used domains and not using domains with these really long names.

And, um, by the way, in the

[00:37:01] Prasanna Malaiyandi: E dns. I like that one from, Did you remember the guy? Yeah.

[00:37:05] W. Curtis Preston: Yeah. Yeah. I like that at a lot the, in the movie, the, the command and control

[00:37:12] Prasanna Malaiyandi: Uhhuh.

[00:37:13] W. Curtis Preston: uh, it was a very simple, like, like the, like we’re in, That’s all I wanted to say. That’s all I wanted to say. And the way they did it was a, like on a Facebook page, which is interesting, Right?

And then they, and then some, and then somebody else is watching the likes on that Facebook page. So,

[00:37:30] Prasanna Malaiyandi: Well, if you think about it, right, most people are browsing Facebook and these common things, and now you have a domain that’s commonly used. How do you differentiate that traffic?

[00:37:38] W. Curtis Preston: And yet nobody should be going to Facebook from a server.

[00:37:41] Prasanna Malaiyandi: Yep.

[00:37:42] W. Curtis Preston: Right. So that, yeah, that, that’s the kind of stuff that, um, that, uh, Snorkel 42 talked about. All right. Well, thank you very much, uh, Prasanna for, you know, what, what did we do deciphering the latest news in cyber


[00:38:01] Prasanna Malaiyandi: Yeah, I think that seems accurate. Yeah. Thanks Curtis, and good luck with the car. We will have an update next week on the

[00:38:09] W. Curtis Preston: Yeah. Well, one way or the other, we will have an

[00:38:11] Prasanna Malaiyandi: Yeah.

[00:38:11] W. Curtis Preston: next week. All right. Thanks to our listeners, and remember to subscribe so that you can restore it all.

%d bloggers like this: