Welcome to the third issue of Terms & Breaches. From 2FA bypasses turning MFA into a bad punchline to zero-trust models trying to mop up the digital mess we call the internet; the cybersecurity landscape isn’t slowing down. On the insurance front, innovation is speeding up with parametric coverage and brokers tackling the tough sell of cyber insurance. Here’s the scoop MSPs can’t afford to miss.
📰 Cyber Security
Australia & New Zealand
🚨 FortiOS & FortiProxy Vulnerability Exploited, 15 January 2025 🚨
The Australian Signals Directorate Australian Cyber Security Centre (ACSC) has issued a critical alert about a critical flaw in Fortinet‘s FortiOS and FortiProxy that allows unauthenticated attackers to gain super-admin privileges, with active exploitation already reported. Organisations using these products should upgrade immediately and investigate potential compromises.
Australian Tech Aims to Transform Cybersecurity, 19 January 2025
Australian researchers have unveiled a groundbreaking cybersecurity technology that combines machine learning, advanced encryption, and real-time threat detection. Designed to adapt with minimal human intervention, this innovation aims to make robust cybersecurity more accessible, particularly for small businesses.
Ransomware Targets New Zealand Law Firm, 16 January 2025
Bell & Graham, a New Zealand law firm, has confirmed a ransomware attack by the SafePay group, which claims to have stolen 15GB of sensitive data. With Russian-speaking hackers allegedly behind this and other ANZ incidents, MSPs should focus on bolstering defenses for professional services clients.
Rest of the world
🚨Microsoft 2FA Bypass Attack Warning, 19 January 2025 🚨
Hackers are exploiting a new phishing kit, dubbed Sneaky Log, to bypass Microsoft 365’s two-factor authentication by harvesting session cookies. This underscores the need for privileged access management and advanced password strategies to protect high-value accounts.
Geopolitical Tensions Reshape Cybersecurity Strategies, 19 January 2025
Nearly 60% of organisations are overhauling their cybersecurity strategies in response to rising geopolitical threats. Nation-state actors and ransomware remain top concerns, while generative AI exacerbates risks. MSPs must help clients embrace shiny new tech without leaving the backdoor wide open for cybercriminals.
Restoring Online Trust with Zero Trust Models , 18 January 2025
Zero-trust principles, already a cornerstone of cybersecurity, are being proposed to tackle misinformation online. Leveraging human moderation, blockchain, and AI, these models aim to validate digital information in the same way they secure networks. Believing everything online was a bad idea anyway.
📰 Cyber Insurance
Rest of the world
XS Brokers Launches Cyber Liability Division, 17 January 2025
XS Brokers has debuted a dedicated cyber liability division led by Scott Burns. With cyber risks escalating, this move reflects the growing demand for tailored coverage in the digital era.
Allianz Risk Barometer: Cyber Tops Business Risks Again, 15 January 2025
For the fourth year running, cyber incidents are ranked as the top global business risk in Allianz ’s 2025 Risk Barometer. Data breaches, critical infrastructure attacks, and business interruptions dominate concerns, with climate change and geopolitical instability rounding out the list.
Insurance Innovation for a Risk-Filled World, 15 January 2025
Parametric coverage for supply chains and expanded cyber policies are reshaping the insurance landscape. AI is streamlining claims processing, while insurers explore broader coverage to address accidental and malicious incidents alike.
Challenges in Selling Cyber Insurance, 15 January 2025
Brokers are navigating hurdles like complex policy wordings, lack of standardisation, and clients’ reluctance to disclose sensitive information. MSPs should partner with insurance brokers like Cyber Threat Insure to educate clients and address these challenges. What sets us apart is having one founder who is an insurance expert and another who is an MSP owner, combining their unique expertise to craft solutions that enable MSPs to enhance client protection without assuming an insurance advisory role or deviating from their core cybersecurity responsibilities.
The intersection of technology and risk management is complex, but that’s where MSPs and Cyber Threat Insure cross paths. From bolstering cybersecurity to aligning insurance with client needs, staying paranoid—but productive—is key. Partner with us to ensure you’re not just enhancing your clients’ protection but doing it without taking on unnecessary liabilities. See you next week.