MFA Archives - gettectonic.com

26Nov

Cyber Insurance

Navigating Cyber Insurance in an Evolving Threat Landscape The rapidly shifting cyberthreat landscape presents unique challenges for healthcare organizations and underwriters navigating cyber insurance coverage decisions. Cyber liability insurance plays a crucial role in shielding healthcare providers from the mounting costs associated with data breaches and cyberattacks, which now average $9.77 million per incident in the healthcare sector, according to IBM. The Challenges of Retaining Cyber Insurance Healthcare, among other heavily targeted sectors, faces difficulties in securing and maintaining affordable cyber insurance. The constantly evolving threat landscape impacts risk profiles, which drives up premiums and complicates coverage retention. Although year-over-year premium growth plateaued in the U.S. in 2023, 79% of respondents in a Delinea survey still reported increased insurance costs, with 67% experiencing premium hikes between 50% and 100%. As high-profile healthcare cyberattacks and increasing cyber risks persist, navigating the insurance landscape remains a significant challenge. Additionally, the lag in processing claims makes it difficult to anticipate how underwriters will respond to these changing threats. How the Evolving Threat Landscape Impacts Cyber Insurance Obtaining adequate cyber insurance coverage can be challenging in today’s risk-heavy environment. Unlike traditional insurance, where risks remain static, cyber risks constantly evolve to counteract security controls. “Cyber insurance risk adjusters face a unique challenge; unlike fires, which aren’t actively trying to burn you in new ways, cyberthreats are constantly adapting to bypass existing protections,” said Christopher Henderson, senior director of threat operations at Huntress. This continuous adaptation often means that by the time underwriting is complete, a risk assessment may already be outdated. Shifts in the threat landscape are driving changes in cyber insurance questionnaires. While in 2023 insurers focused on remote access tools, vulnerability management, and administrative access controls, the focus in 2024 shifted to include multifactor authentication (MFA) and identity-based attack prevention. This shift highlights the need for organizations to adapt to new requirements in cyber insurance as cybercriminals add new tactics to their playbooks. Adapting Insurance to Emerging Threats As cyberthreat tactics evolve, insurers may adjust policy terms to keep pace with the latest risks. Henderson suggests that insurers could move toward shorter underwriting cycles, possibly even six-month periods, to better align with the rapidly shifting cyber landscape. Mitigating Risk and Controlling Cyber Costs Several factors influence cyber insurance premiums, including organizational size and security posture. For healthcare providers, adhering to industry standards like SOC 2 and ISO 27001 can demonstrate compliance with best practices, improving coverage terms and potentially lowering premiums. Healthcare organizations using the NIST Cybersecurity Framework (CSF) as their primary security standard reported lower premium increases compared to those without this framework, according to a 2024 report by KLAS Research, Censinet, and the American Hospital Association. Henderson emphasizes the importance of layering new strategies with proven, traditional ones: “While staying vigilant against newer tactics like social engineering and identity-based attacks, maintaining consistent, auditable identity verification and MFA protocols remains crucial.” Despite upfront costs, cyber insurance can significantly reduce financial impact during cybersecurity incidents. For example, a 2024 Sophos report found that organizations with cyber insurance saw an average ransomware recovery cost of $2.94 million compared to $3.48 million for those without coverage. Navigating cyber insurance can be complex for healthcare organizations, but careful attention to risks and proactive security measures can help them secure the right coverage at sustainable rates. Like Related Posts Salesforce OEM AppExchange Expanding its reach beyond CRM, Salesforce.com has launched a new service called AppExchange OEM Edition, aimed at non-CRM service providers. Read more Salesforce Jigsaw Salesforce.com, a prominent figure in cloud computing, has finalized a deal to acquire Jigsaw, a wiki-style business contact database, for Read more Health Cloud Brings Healthcare Transformation Following swiftly after last week’s successful launch of Financial Services Cloud, Salesforce has announced the second installment in its series Read more Top Ten Reasons Why Tectonic Loves the Cloud The Cloud is Good for Everyone – Why Tectonic loves the cloud You don’t need to worry about tracking licenses. Read more

November 26, 2024in Data

09Sep

Should AI Bug Us?

Today marks the 77th anniversary of the first computer bug, which occurred when a moth became lodged in the 25-ton Harvard Mark II. The incident led programmer Grace Hopper to file what is now recognized as the first bug report. Wait, you weren’t even alive yet? Which begs the question. Should AI Bug Us? If asked what the most popular topic on the internet is today, one might confidently answer: AI. This year has seen a variety of perspectives on the subject. Data scientist Stephanie Kirmer reminded readers that generative AI still hasn’t become profitable. Margaret Efron highlighted words that give away AI-generated content (such as the overuse of “robust”). Meanwhile, Jim the AI Whisperer addressed a quirky tendency of ChatGPT to overuse the word “delve” due to its reliance on British English in its training data. Beyond these discussions, a deeper conversation is emerging about what AI means for humanity on an existential level. Writers are increasingly considering how AI impacts our perception of ourselves. Paul Siemers, PhD, who focuses on the philosophy of technology, explores this topic in his essay The Ontological Shock of AI. Ontology, the study of existence, traces how humans have categorized the world over millennia. Siemers notes that over the last two centuries, humanity has split existence into living and non-living categories. However, AI is starting to blur those lines. He argues that humanity needs to reconsider this dualistic view and accept new forms of existence. As unsettling as this may seem, it could explain part of society’s current discomfort with AI. Katharine Esty, PhD, who celebrated her 90th birthday this summer, published a guide for navigating life in your 80s. Her reflections on life and reinvention offer inspiration to readers of all ages. Practical Wisdom for Your Day: Live Life in Semesters A useful approach to structuring life is to think in “semesters”—15 to 17 weeks of focused work. This timeframe is long enough to accomplish something significant, but short enough to avoid burnout. Like Related Posts Salesforce OEM AppExchange Expanding its reach beyond CRM, Salesforce.com has launched a new service called AppExchange OEM Edition, aimed at non-CRM service providers. Read more Salesforce Jigsaw Salesforce.com, a prominent figure in cloud computing, has finalized a deal to acquire Jigsaw, a wiki-style business contact database, for Read more Health Cloud Brings Healthcare Transformation Following swiftly after last week’s successful launch of Financial Services Cloud, Salesforce has announced the second installment in its series Read more Top Ten Reasons Why Tectonic Loves the Cloud The Cloud is Good for Everyone – Why Tectonic loves the cloud You don’t need to worry about tracking licenses. Read more

September 9, 2024in Generative AI

27Jul

Standards in Healthcare Cybersecurity

The Change Healthcare cyberattack was a significant incident with widespread ramifications across the healthcare industry, with effects that are likely to persist for months or even longer. Standards in Healthcare Cybersecurity will change as a result. Since the ransomware attack on UnitedHealth Group’s (UHG) subsidiary, Change Healthcare, providers have faced financial and operational challenges due to disruptions in claims processing and other essential services. Change Healthcare, which processes 15 billion transactions annually and interacts with one in every three patient records in the U.S., is undergoing a complex and lengthy recovery process, with long-term implications for the industry. The attack was first reported on February 21st when Optum, another UHG subsidiary, alerted customers about the unavailability of some applications due to a cybersecurity issue. It was later confirmed that the BlackCat ransomware gang was responsible for the attack, which led to a $22 million ransom payment by UHG. The scale of the attack caused significant operational disruptions across the healthcare system, affecting entities ranging from large pharmacy chains to small, independently owned practices. In the weeks following the attack, UHG began restoring services, but the recovery process remains ongoing. UHG CEO Andrew Witty testified before Congress that the cybercriminals had gained access to Change Healthcare systems nine days before deploying the ransomware, using compromised credentials to access a Citrix portal without multi-factor authentication. The decision to pay the ransom was described as one of the hardest Witty has ever had to make. The incident has highlighted the vulnerabilities in healthcare cybersecurity, particularly for large organizations like UHG that handle vast amounts of sensitive data. It has also fueled the debate over whether ransomware payments should be made illegal, with arguments on both sides regarding the implications for victims and the broader cybersecurity landscape. The attack has prompted a strong response from industry groups and the federal government. The American Hospital Association (AHA) and the American Medical Association (AMA) have been vocal about the impact on providers, with the AHA calling it “the most significant and consequential cyberattack on the U.S. healthcare system in American history.” The federal government, through the Department of Health and Human Services (HHS), has provided guidance to Medicare providers and launched a formal investigation into the breach. As the healthcare industry continues to recover, the long-term impacts of the Change Healthcare cyberattack are expected to shape future cybersecurity strategies. The incident has underscored the importance of robust third-party risk management, the implementation of security measures like multi-factor authentication, and the potential need for more stringent regulatory standards in healthcare cybersecurity. The full extent of the breach, including the number of individuals affected, remains to be seen, but it is already clear that this event will have lasting repercussions for the industry. Like Related Posts Salesforce OEM AppExchange Expanding its reach beyond CRM, Salesforce.com has launched a new service called AppExchange OEM Edition, aimed at non-CRM service providers. Read more Salesforce Jigsaw Salesforce.com, a prominent figure in cloud computing, has finalized a deal to acquire Jigsaw, a wiki-style business contact database, for Read more Health Cloud Brings Healthcare Transformation Following swiftly after last week’s successful launch of Financial Services Cloud, Salesforce has announced the second installment in its series Read more Top Ten Reasons Why Tectonic Loves the Cloud The Cloud is Good for Everyone – Why Tectonic loves the cloud You don’t need to worry about tracking licenses. Read more

July 27, 2024in Salesforce Health and Life Sciences Solutions, Salesforce Health Cloud, Salesforce Optimization

13Apr

How AI is Raising the Stakes in Phishing Attacks

Cybercriminals are increasingly using advanced AI, including tools like ChatGPT, to execute highly convincing phishing campaigns that mimic legitimate communications with uncanny accuracy. As AI-powered phishing becomes more sophisticated, cybersecurity practitioners must adopt AI and machine learning defenses to stay ahead. What are AI-Powered Phishing Attacks? Phishing, a long-standing cybersecurity issue, has evolved from crude scams into refined attacks that can mimic trusted entities like Amazon, postal services, or colleagues. Leveraging social engineering, these scams trick people into clicking malicious links, downloading harmful files, or sharing sensitive information. However, AI is elevating this threat by making phishing attacks more convincing, timely, and challenging to detect. General Phishing Attacks Traditionally, phishing emails were often easy to spot due to grammatical errors or poor formatting. AI, however, eliminates these mistakes, creating messages that appear professionally written. Additionally, AI language models can gather real-time data from news and corporate sites, embedding relevant details that create urgency and heighten the attack’s credibility. AI chatbots can also generate business email compromise attacks or whaling campaigns at a massive scale, boosting both the volume and sophistication of these threats. Spear Phishing Spear phishing involves targeting specific individuals with highly customized messages based on data gathered from social media or data breaches. AI has supercharged this tactic, enabling attackers to craft convincing, personalized emails almost instantly. During a cybersecurity study, AI-generated phishing emails outperformed human-crafted ones in terms of convincing recipients to click on malicious links. With the help of large language models (LLMs), attackers can create hyper-personalized emails and even deepfake phone calls and videos. Vishing and Deepfakes Vishing, or voice phishing, is another tactic on the rise. Traditionally, attackers would impersonate someone like a company executive or trusted colleague over the phone. With AI, they can now create deepfake audio to mimic a specific person’s voice, making it even harder for victims to discern authenticity. For example, an employee may receive a voice message that sounds exactly like their CFO, urgently requesting a bank transfer. How to Defend Against AI-Driven Phishing Attacks As AI-driven phishing becomes more prevalent, organizations should adopt the following defense strategies: How AI Improves Phishing Defense AI can also bolster phishing defenses by analyzing threat patterns, personalizing training, and monitoring for suspicious activity. GenAI, for instance, can tailor training to individual users’ weaknesses, offer timely phishing simulations, and assess each person’s learning needs to enhance cybersecurity awareness. AI can also predict potential phishing trends based on data such as attack frequency across industries, geographical locations, and types of targets. These insights allow security teams to anticipate attacks and proactively adapt defenses. Preparing for AI-Enhanced Phishing Threats Businesses should evaluate their risk level and implement corresponding safeguards: AI, and particularly LLMs, are transforming phishing attacks, making them more dangerous and harder to detect. As digital footprints grow and personalized data becomes more accessible, phishing attacks will continue to evolve, including falsified voice and video messages that can trick even the most vigilant employees. By proactively integrating AI defenses, organizations can better protect against these advanced phishing threats. Like Related Posts Salesforce OEM AppExchange Expanding its reach beyond CRM, Salesforce.com has launched a new service called AppExchange OEM Edition, aimed at non-CRM service providers. Read more The Salesforce Story In Marc Benioff’s own words How did salesforce.com grow from a start up in a rented apartment into the world’s Read more Salesforce Jigsaw Salesforce.com, a prominent figure in cloud computing, has finalized a deal to acquire Jigsaw, a wiki-style business contact database, for Read more Health Cloud Brings Healthcare Transformation Following swiftly after last week’s successful launch of Financial Services Cloud, Salesforce has announced the second installment in its series Read more

April 13, 2024in Data, Technology

24Apr

Salesforce Public Sector Solutions

Enhance public service efficiency with tailor-made solutions for government operations with Salesforce Public Sector Solutions. Streamline government digital service delivery, leveraging automation and AI for accelerated services. Deploy ready-to-use applications designed for government service, and expand your digital service capabilities with a flexible and scalable cloud platform. Automate workflows to deliver immediate value while preparing for future needs. Customer Experience Place your constituents at the core of your operations. Deliver customer-centric experiences across services and outreach using apps and digital tools crafted specifically for the public sector. Employee Engagement Revamp the employee experience from recruitment to collaboration and personnel action requests. Enable employees to succeed from any location with accessible resources and digital-first tools. IT Innovation Develop, integrate, and deploy government apps aligned with mission objectives. Connect legacy systems securely on a cloud platform, empowering IT teams, system integrators, partners, and program leads to transform technical challenges into opportunities for innovation. Government Health and Human Services Transform your system of record into a system of engagement to manage critical programs effectively. Incorporate apps connecting EHR data, treatment plans, and patient preferences for better long-term outcomes. Salesforce Government Cloud Scale and secure your applications on a compliant government cloud. Leverage commercial CRM capabilities meeting compliance standards like FedRAMP, DoD IL2/4, SOC, and more. Enable stakeholders to access critical information securely on any device, allowing IT to focus on innovation and employees to engage effectively. Empower public sector employees and agents to handle inquiries and provide superior service. A comprehensive view of customer data enables employees to deliver impactful and immediate services. Self-Service Portals and Communities Meet constituent expectations for easy-to-use, self-service experiences. Salesforce community portals enable customers to request services, track status, and collaborate with service providers on their preferred channel. Relationship Management Discover, track, and nurture relationships with employees, customers, and partners. Create a 360-degree view of constituent interactions for relevant communications and exceptional service. Emergency Response Management Prepare for the future with tools to report, track, and coordinate emergency communications. Reimagine emergency response with an agile platform for better response and recovery. License, Permit, and Inspection Management Digitally accelerate every step in the license and permit approval lifecycle. Empower constituents and employees to collaborate effectively and remove application approval bottlenecks. Employee Productivity and Collaboration Focus on creative problem-solving and improving core processes. Automate clerical tasks to reduce paperwork and maximize collaborative capabilities. Outreach and Engagement Reinforce your mission through timely and personalized messages. Use a multichannel marketing platform to engage with constituents and customize their experience. Digital Commerce Capture additional revenue with unified digital commerce channels. Provide a consistent ecommerce experience across web, store, mobile, and social transactions for your government organization. Advanced Analytics Enhance every interaction with customer-centric data and analytics. Examine engagement patterns to improve the experience for both citizens and employees. With improved resolution and service levels, caseworkers and employees can allocate time to other essential programs. Salesforce understands the significance of industry-leading security practices to protect customer data. Our security practices, embedded across technology, programs, and processes, ensure high levels of data integrity, confidentiality, and availability. For over two decades, we have partnered with organizations in highly regulated industries, such as government, financial services, healthcare, and utilities, earning their trust in securing their data. Salesforce Government Cloud Plus, built on AWS GovCloud (US), adheres to security and privacy controls for compliance with FedRAMP High, DoD IL4, and additional frameworks like IRS 1075, NIST SP 800-171, and DoD Privacy Overlays. Security Measures: Salesforce Government Cloud Plus is a dedicated instance of Salesforce’s industry-leading Platform as a Service (PaaS) and Software as a Service (SaaS) multi-tenant public cloud infrastructure. It is specifically isolated for use by U.S. federal, state, and local government customers, U.S. government contractors, and Federally Funded Research and Development Centers (FFRDCs). Hosted on infrastructure provided by Amazon Web Services, Inc. (“AWS”), Salesforce Government Cloud Plus ensures the security and separation of customer data through its innovative multi-tenant database architecture. Multi-tenancy: Salesforce’s multi-tenant database architecture delivers operational and cost efficiencies without compromising the security of each organization’s data. This architecture, coupled with secure logical controls, ensures the separation of customer data. Salesforce Public Sector Solutions: Transform public service delivery with flexible and secure e-government tools that support both online and in-person transactions. Public employees and administrators manage a vast number of transactions daily, enhancing service delivery for constituents. Content updated February 2024. Like1 Related Posts Salesforce OEM AppExchange Expanding its reach beyond CRM, Salesforce.com has launched a new service called AppExchange OEM Edition, aimed at non-CRM service providers. Read more The Salesforce Story In Marc Benioff’s own words How did salesforce.com grow from a start up in a rented apartment into the world’s Read more Salesforce Jigsaw Salesforce.com, a prominent figure in cloud computing, has finalized a deal to acquire Jigsaw, a wiki-style business contact database, for Read more Health Cloud Brings Healthcare Transformation Following swiftly after last week’s successful launch of Financial Services Cloud, Salesforce has announced the second installment in its series Read more

April 24, 2023in Salesforce Einstein, Salesforce Experience Cloud, Salesforce Marketing Cloud, Salesforce Marketing Cloud Account Engagement (Pardot), Salesforce Public Sector Solutions

MFA

Cyber Insurance

Should AI Bug Us?

Standards in Healthcare Cybersecurity

Recent Posts

Agentforce: Your Partner in Seamless Customer Experiences

On Premise Gen AI

Statement Accuracy Prediction based on Language Model Activations

Salesforce Marketing Cloud (SFMC) Connector

Agentforce Powered Marketing

Contact Us

Be in touch today — and start your business on a path to success.

Category

Archives

MFA

Recent Posts

Contact Us

Be in touch today — and start your business on a path to success.

Category

Tags

Archives

Subscribe to our mailing list. Join our mail list to receive our newsletter