by Matthew A. Struck, CPCU, ARM – November 23, 2017
Cyber Security Online reports a scary look into the future of cyber crime. By 2021, global cyber losses may top $6 trillion. Global ransomware damage costs are anticipated to exceed $5 billion in 2017. There are some statistics floating around that about 40% of email traffic includes some form of ransomware software/infection.
What are the major types of Cyber Attacks?
- Malware – traditionally though thought of as virus. It is malicious programming code that steals data or destroy some. Often introduced to a network via email, software downloads, or infiltrating a weakness in your operating system.
- Phishing (not the band) – communications like email, from a trusted, third party that ask for someone to click on a link and provide information such as personal identification, bank numbers, etc. Often the act of just clicking the link can cause this information to be compromised.
- Password Attacks – an outside party tries to “crack” or decipher a password to gain access. Just FYI – ‘password’ or 1234 aren’t an acceptable password. Hackers can try various combinations of characters using software. They can also use a piece of malware to install a key stroke monitor to catch the passwords entered.
- Denial-of-Service (DoS) Attacks – typically attack is when multiple computers are used to send a ton of data/traffic to your system to clog it up or cause it to crash. Often, the computers used to do this are an innocent third party’s that has been hijaked. This makes the attacker very difficult to identify. The attacks are typically committed as a means of political protest.
- Drive-By Downloads – an infected website is visited by a user on your network and the code is transferred simply by loading the website. Malvertising is another form of this attack and uses infected banner ads on websites. When clicked, the code is transferred.
- Ransomware – using one of the above methods, a hacker encrypts or locks your system. They provide a pop-up window that gives you instructions on how to pay a ransom to get the system unlocked. Typical ransoms have risen to around $679 but some larger networks weren’t unlocked until over $40,000 was paid to the hackers.
What types of losses can these attacks cause?
- Fraudulently transferred funds from a bank account or credit card
- Ransom paid to unlock your system
- Lost revenue because of network down-time (usually the largest cost)
- Loss of market share
- Bad publicity that hurts your brand or market opinion
- The cost to clean, restore, and secure your systems
- Notification and credit monitoring for individuals whose personal information may have been compromised
- Regulatory fines and penalties (differ by state, increasing in number and amount)
How can your organization protect against these attacks?
- Educate employees and outside vendors so they don’t click on links or downloads and don’t open emails from unknown senders
- Make sure your operating system/s are using the most current security updates
- Install and maintain a strong firewall to prevent infiltration
- Use anti-virus software and make sure the definitions are updated regularly
- Verify requests from outside financial institutions that request payment or financial information via email or a website. Call the customer service number you know to use, not the one included in the email.
- Use strong passwords that include capital and lower-case letters, symbols, and numbers. Refrain from using commonly used words and phrases. Change your passwords at common intervals and use a very different password from prior ones.
- Use encrypted wireless access whenever possible
- Preach common sense to your employees. If it seems strange, don’t touch it and call your IT director or consultant.
What should be done following a Cyber Attack?
- Notify your IT professional immediately
- Notify your Cyber Liability insurance carrier and/or broker immediately (this takes having insurance prior to an attack!)
- Halt any operations that may have been compromised by the attack to try and quarantine the attack
This is a free resource that we are sharing for the benefit of all that need it. Enjoy it, soak it in, subscribe, share, review and comment/ask.
Get this series delivered to your inbox by subscribing on Youtube or by entering your email into the signup box attached to this article.
*Treadstone Risk Management is an insurance broker and risk manager. We are not attorneys. Always seek legal counsel when changing/implementing any policies and procedures. Include your broker/risk manager in the process.
**If you have any questions regarding insurance program structures, coverage concerns, or alternate insurance options, please visit www.treadstonerisk.com, follow Treadstone Risk Management on LinkedIn, on Twitter @TreadstoneRisk, on Facebook, on Youtube, or email firstname.lastname@example.org.
Treadstone Risk Management LLC was founded by two experienced insurance professionals who share a vision of providing the highest level of service and professional expertise to public and private sector Property & Casualty insurance clientele. Treadstone has identified a need in the insurance brokerage and risk management industry for an agency whose personnel possess the highest level of industry education, training, and experience. We pride ourselves on our ability to deploy those skills collectively through premier customer service and attention.