Cyber 101
20 Dec 2016
Cyber threats are rapidly becoming one of the largest growing risks in the insurance industry. But what exactly is a cyber attack and who is at risk?
A cyber attack can take on many forms, including the following:
• Data Breach: Any stored personal or secure data can become the victim of a privacy breach. By accessing personal information such as financial details, personal health information (PHI), personally identifiable information (PII), trade secrets or intellectual property, hackers can cause a substantial amount of damage leading to a major business interruption. Business operations could be halted or delayed whilst the affected information is identified, recovered and encrypted. This is also known as an ‘unintentional information disclosure’, a ‘data leak’ or ‘data spill’.
• Phishing Scam: Email accounts can be hacked or fall prey to scammers who trick users into giving our personal information such as addresses, telephone numbers, bank account details, passwords and credit card information. Spoof emails can cleverly disguise themselves as official emails from banking providers, retailers, social media or governmental bodies, tricking individuals into revealing confidential information. Once an email address has been hacked into may be difficult to regain control of the account, or stored data may wiped, corrupted or altered.
• Viruses: Malicious software can sometimes be accidentally or deliberately installed onto a computer, potentially causing a significant amount of damage. Spyware, malware, adware, trojan horses, keyloggers, rootkits and computer worms are all viruses or malicious software which can infect, corrupt and damage computer systems and networks. To identify, control and erase the virus can be very time consuming and expensive, especially if repairs are needed to recover contaminated data.
• Identity Theft: Personal information such as bank account or credit card details can be stolen or cloned, resulting in financial loss if funds are taken illegally. Personal information can also be used for other fraudulent activities such as benefit fraud, people trafficking, drug trafficking, money laundering and other cyber crimes. Identity theft can also cause potential difficulties in the future when applying for things such as loans, credit cards or a mortgage.
• Extortion: If a business falls victim to the malicious installation of ransomware then they may be prone to a business interruption until a ransom is paid in order for full control of business operations to be restored. Systems including CryptoLocker and Cryptowall are examples of ransomware that have penetrated businesses through emails which are then transferred onto mapped network drives, encoding and controlling important data until a ransom has been paid.
Recent notable cyber attacks include hackers withdrawing $951m via the Federal reserve Bank of NY, customer information stolen from 1025 branches of Wendy’s, over 60m Dropbox accounts were exposed to a data breach. Whilst large companies such as telephone providers, banks or retail stores make headlines in the news as victims of cyber crime, the truth is that anyone who has data electronically stored is at risk. Small businesses, healthcare providers and individuals are becoming popular targets as they are less likely to have taken the necessary precautions or secure enough controls to prevent such an attack.
Once a cyber attack has occurred it may cause a significant amount of damage to the reputation of the company concerned. Confidence may be lost if companies cannot be trusted to encode and store data securely enough, resulting in a loss of business or further lawsuits. Hackers may also cause other damage such as defamation by impersonating or hacking into social media accounts, giving out false information or defamatory information in order to deliberately compromise the reputation of a company.
As new types of cyber attack occur every day, it is important for insurance companies to keep their policies relevant and up to date. Many clients could miss out because not every eventuality has been considered or potential risks sufficiently covered when a new type of attack is reported. It is important for companies, both large and small to keep up with the demand and dangerous trends emerging through cyber attacks to ensure that everyone’s data is successfully protected and covered at all times.
Brokers also need to ensure that their clients are prepared sufficiently in the case of a cyber attack. Important questions to consider are: What sort of response is in place in the case of a data breach? Is the security software kept up to date? Are there large amounts of confidential information stored? What sort of back-up system is there and will it store the information using a separate server? Cyber attacks can happen to anyone at any time, so it is crucial to keep on top of things.
A cyber attack can take on many forms, including the following:
• Data Breach: Any stored personal or secure data can become the victim of a privacy breach. By accessing personal information such as financial details, personal health information (PHI), personally identifiable information (PII), trade secrets or intellectual property, hackers can cause a substantial amount of damage leading to a major business interruption. Business operations could be halted or delayed whilst the affected information is identified, recovered and encrypted. This is also known as an ‘unintentional information disclosure’, a ‘data leak’ or ‘data spill’.
• Phishing Scam: Email accounts can be hacked or fall prey to scammers who trick users into giving our personal information such as addresses, telephone numbers, bank account details, passwords and credit card information. Spoof emails can cleverly disguise themselves as official emails from banking providers, retailers, social media or governmental bodies, tricking individuals into revealing confidential information. Once an email address has been hacked into may be difficult to regain control of the account, or stored data may wiped, corrupted or altered.
• Viruses: Malicious software can sometimes be accidentally or deliberately installed onto a computer, potentially causing a significant amount of damage. Spyware, malware, adware, trojan horses, keyloggers, rootkits and computer worms are all viruses or malicious software which can infect, corrupt and damage computer systems and networks. To identify, control and erase the virus can be very time consuming and expensive, especially if repairs are needed to recover contaminated data.
• Identity Theft: Personal information such as bank account or credit card details can be stolen or cloned, resulting in financial loss if funds are taken illegally. Personal information can also be used for other fraudulent activities such as benefit fraud, people trafficking, drug trafficking, money laundering and other cyber crimes. Identity theft can also cause potential difficulties in the future when applying for things such as loans, credit cards or a mortgage.
• Extortion: If a business falls victim to the malicious installation of ransomware then they may be prone to a business interruption until a ransom is paid in order for full control of business operations to be restored. Systems including CryptoLocker and Cryptowall are examples of ransomware that have penetrated businesses through emails which are then transferred onto mapped network drives, encoding and controlling important data until a ransom has been paid.
Recent notable cyber attacks include hackers withdrawing $951m via the Federal reserve Bank of NY, customer information stolen from 1025 branches of Wendy’s, over 60m Dropbox accounts were exposed to a data breach. Whilst large companies such as telephone providers, banks or retail stores make headlines in the news as victims of cyber crime, the truth is that anyone who has data electronically stored is at risk. Small businesses, healthcare providers and individuals are becoming popular targets as they are less likely to have taken the necessary precautions or secure enough controls to prevent such an attack.
Once a cyber attack has occurred it may cause a significant amount of damage to the reputation of the company concerned. Confidence may be lost if companies cannot be trusted to encode and store data securely enough, resulting in a loss of business or further lawsuits. Hackers may also cause other damage such as defamation by impersonating or hacking into social media accounts, giving out false information or defamatory information in order to deliberately compromise the reputation of a company.
As new types of cyber attack occur every day, it is important for insurance companies to keep their policies relevant and up to date. Many clients could miss out because not every eventuality has been considered or potential risks sufficiently covered when a new type of attack is reported. It is important for companies, both large and small to keep up with the demand and dangerous trends emerging through cyber attacks to ensure that everyone’s data is successfully protected and covered at all times.
Brokers also need to ensure that their clients are prepared sufficiently in the case of a cyber attack. Important questions to consider are: What sort of response is in place in the case of a data breach? Is the security software kept up to date? Are there large amounts of confidential information stored? What sort of back-up system is there and will it store the information using a separate server? Cyber attacks can happen to anyone at any time, so it is crucial to keep on top of things.