Insurance Regulator Breached, Security Firm Insider Scandal, CEOs Demand Hours-Not-Days Recovery

The group that holds the financial filings for the entire U.S. insurance industry just got cracked open, and 3.1 terabytes of its data landed on the dark web. The break-in came through a software bug nobody could have patched in time. If a central regulator can be hit this way, the vendors and partners holding your data can too. *The breach comes through trust. Survival comes through speed.* Bryan Hornung, Randy Bryan, and Reginald Andre break down this week’s stories for the executives, owners, and operators who don’t have time to keep up with cyber news but can’t afford to be blindsided by it either. First, the NAIC, the body where insurers in all fifty states file their financials, confirmed attackers got in, and a crew called ShinyHunters claims it stole 3.1 terabytes and dumped the whole haul when the ransom went unpaid. The way in was a zero-day, a flaw with no fix available, sitting inside Oracle’s PeopleSoft software that the NAIC ran. Here is the part that should worry every owner: after the breach, credit rating agencies cut their data feeds to the NAIC, which froze a routine industry function for everyone downstream. One vendor’s bug became hundreds of companies’ problem, and “we’re all patched” did nothing to stop it. Next, a story about the person already inside. A former analyst at Huntress, a security company that thousands of small businesses and their IT providers trust to catch hackers, claims a coworker fed information to a ransomware criminal, and that the company stayed quiet ahead of a planned IPO. The CEO calls it a teammate’s poor judgment, not a betrayal, and says no, this is not what it looks like. We are careful here, because this is an allegation and the evidence has not been made public, but the lesson lands either way: the threat your firewall cannot stop is a trusted person with access, including the outside provider holding the keys to your network. Finally, the demand from the corner office. A new survey from Cohesity found two-thirds of CEOs now want to hear about an attack within thirty minutes, and more than 80% say someone’s job is on the line if recovery drags. The reality check is humbling: only 19% of ransomware victims got back up within a day last year, and a typical attack still caused about 24 days of disruption. The good news is recovery is getting faster and cheaper for companies that actually plan and rehearse it. Recovery time is no longer an IT footnote. It is a board-level number with names attached. Three different doors, one pattern. A trusted vendor, a trusted insider, and your own readiness. The breach keeps arriving through something you already trusted, and the only thing that softens the blow is how fast you catch it and come back. • A zero-day in Oracle PeopleSoft let ShinyHunters claim 3.1 terabytes from the NAIC, and the fallout froze part of the insurance industry. • A former Huntress analyst alleges a coworker leaked information to a ransomware criminal, and the company disputes it. • Why insiders and outside IT providers are the risk your firewall was never built to catch. • A new survey shows CEOs now expect recovery in hours, with jobs on the line if it takes days. • The thread tying it together: the breach comes through trust, and survival comes through speed. • What owners should do this week: map who holds your data, vet your IT provider’s insider controls, and set a recovery-time target you actually test. Security Squawk is a weekly podcast and live stream for business owners and executives. Support the show: buymeacoffee.com/securitysquawk Subscribe | Like | Share #SecuritySquawk #CyberSecurity #DataBreach #Ransomware #InsiderThreat #Oracle #ShinyHunters #VendorRisk #MSP #CyberResilience #BusinessRisk #SMB