Today’s guest blogger is HUB International, an NPAworldwide partner. HUB International provides a wide range of business and personal insurance options including liability, health, life, and more. Read more about cyber security risks below.
Cyberattacks have massive negative business impact and were ranked as a top 5 priority by 79% of global organizations. The growth of cyber risk is also in large part associated to the expanding use of technology as a value driver. Businesses rely upon strategic initiatives like outsourcing, use of third-party vendors, cloud migration, mobile technologies, and remote access—all of which has proliferated during the COVID-19 pandemic—to augment growth and improve efficiency. However, this leading edge activity also increases cyber security risk exposure. As cyber risk has evolved from a technology issue to an organizational problem that exposes corporate leadership to liability arising from claims by shareholders, employees, and the public, cybercrime has grown exponentially. This surge in cybercrime has resulted in money damages reported to the FBI’s cybercrime reporting mechanism of $4.2 billion, up from $3 trillion in 2015.
What Is a Cyber Security Risk or Cyber Threat?
A cyberattack occurs when cybercriminals try to gain illegal access to electronic data stored on a company’s computer or network. The attacks target individuals, groups, organizations, or governments and can disrupt or control an entire computing infrastructure, interfere with data integrity, steal controlled information, inflict reputational damage, and even weaken another nation. Cyber security refers to the technologies, processes, and practices that are designed to protect your business’s intellectual property, customer data, and other sensitive information from unauthorized access by cyber criminals.
Why Is It Important to Protect Your Business From Cyber Security Risks?
It is essential that businesses invest in the technologies, processes, and practices that are designed to protect its intellectual property, customer data, and other sensitive information from unauthorized access by cyber criminals. The critical nature of this responsibility is underscored by recent statistics reported by IBM, McKinsey & Company, and others, which reveal that:
- Cybercrime is up 600% due to the COVID-19 pandemic
- Remote work has increased the average cost of a data breach by $137,000
- More than half a million Zoom user accounts were compromised and sold on the dark web
- Approximately 11,762 recorded data breaches occurred in the United States between January 2005 and May 2020
- During 2020 the average time to identify a data breach was 207 days -and-
With the average cost of a global data breach recovery approaching $3.86 million, it’s hardly difficult to recognize the cost benefits of protecting a business from cyber risks by properly training staff and enforcing up-to-date best practices for cybersecurity.
Companies must also secure appropriate and sufficient insurance to provide financial security against the risks associated with conducting business in a digitized world and evolving regulatory environment. Cyber and privacy liability coverage covers first-party expenses, third-party expenses, and cybercrime costs, such as:
- Liability settlements and defense costs
- Defense of regulatory actions and penalties
- Breach response costs such as
- Legal costs to comply with privacy regulations
- Credit monitoring, public relations and
- Requisite notificati8on costs and
- Cyber extortion expenses and extortion funds
Customized cyber insurance policies may also cover cyber extortion, social engineering, business interruption, and virus transmission.
Cyber insurance will not cover every possible risk and cost. Typically excluded are the cost of upgrades that take place after a data breach occurs, loss of potential future profits such as loss due to reputational damage, and decreased valuation of intellectual property
The 10 Most Common Cyber Security Risks and Threats for Businesses
Vulnerabilities in a company’s digital infrastructure can compromise its current financial position and endanger its future. When addressing concerns about your operation’s online safety, the first step is to acknowledge the existing cyber security risks that expose an organization to a hacker’s malicious attacks. The most common cyber risks and threats for businesses are:
1. Malware
Malware is malicious software that cybercriminals insert into a company’s web pages or web files after they’ve penetrated the business’s site. Bad actors then use malware to steal sensitive corporate data, including customers’ personal information. Malware can also redirect a company’s web pages to other sites and insert pop-up ads onto a company’s web pages or website. Common malware examples are:
- Viruses – malicious software attached to a document that supports macros to execute its code and spread from host to host, that lays dormant until the document is opened and in use and can cause significant operational issues and data loss
- Worms – rapidly replicating malicious software that spreads to any device within a network that does not need a host program to disseminate and which can severely disrupt the operations of a device and cause data loss
- Trojan viruses – malicious software disguised as helpful a program that can gain access to sensitive data and then modify, block, or delete it once downloaded
- Spyware – malicious software that runs secretly on a computer and reports back to a remote user, often about sensitive information such as stolen financial or personal data; spyware known as ‘keylogger’ records keystrokes to reveal passwords
- Adware – malicious software used to collect data on computer usage and provide appropriate advertisements to the user of the infected device, which can redirect browsers to unsafe sites and cause system slowdown
- Ransomware – a type of malicious software that infects a computer and restricts users’ access to it until a ransom is paid to unlock it
- Fileless malware – a type of memory-resident malware that operates from a computer’s memory rather than documents or files on a hard drive, which is harder to detect and makes forensics difficult because it disappears when the computer is rebooted
Recent malware attacks have exfiltrated data in mass amounts. Removing malware requires constant network scanning so hackers can be identified quickly and malware removed from the company’s network.
2. Ransomware
Ransomware is malicious software that gains access to sensitive information within a system, encrypts the information so the user cannot access it, and then demands a financial payout for the data before it is released. The first step in a ransomware attack is infection, which occurs when a user visits a security-compromised website. Ransomware is typically part of a phishing scam; by clicking a disguised link, the user downloads the ransomware. Ransomware infections are specifically focused on users with higher levels of permissions such as administrators, to inject malicious code. Once the code has been delivered and executed on a system, either locker ransomware shuts users out of a system or crypto ransomware encrypts data using advanced mathematical encryption keys. In almost every case the user or owner of a targeted system will receive instructions on how to regain access. A ransom is clearly presented, along with preferred denomination and payment method, and sometimes a deadline for payment. Negotiating and payment to criminal parties is a grey area. While this may be the only way to recover valuable information, payment creates ethical dilemmas, may actually cause instances of ransomware to increase, and could jeopardize coverage under a cyber insurance policy.
3. Phishing
Phishing is a cybercrime in which a target is contacted by email, telephone, or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords. The phished information is then used to access important accounts and can result in identity theft and financial information. Other forms of phishing include vishing or voice phishing, smishing or SMS phishing, and whaling or email purportedly from one of a company’s senior figures. Phishing scams are always ‘too good to be true,’ impose a sense of urgency, include intentionally misleading hyperlinks, are often accompanied by attachments that contain ransomware and virus payloads, and are generated by an unusual or suspicious sender.
4. Password attacks
Password attacks occur when a hacker tries to steal a password and are one of the most common forms of corporate data breach. Passwords can contain only so many letters and numbers, and are therefore becoming less safe. In addition, hackers are aware that many passwords are poorly designed, and will therefore use this cybercrime method as long as passwords continue being used. During 2020, 81% of data breaches were caused by compromised credentials.
There are different kinds of password attacks, including:
- Brute-force attacks – where hackers make numerous hit-or-miss attempts to gain access using automated methods for trying multiple letter-number variations
- Keylogger attacks – spyware that records a user’s activity by logging keyboard strokes
- Dictionary attacks – a kind of brute-force attack based on a list of commonly used words and phrases, as well as often-used passwords, narrowed down to a list of what are known as dictionary words that include names of pets, movie characters, and special character variations
- Credential stuffing – another trial-and-error method to gain access which works off the assumption that people reuse their passwords for multiple accounts across various platforms and verifies which stolen passwords are still valid or work on other platforms
5. Cryptojacking
Cryptojacking is a type of cybercrime that involves the unauthorized use of computers, smartphones, tablets, and even servers by cybercriminals to mine for cryptocurrency.
Cryptojacking is the criminal manifestation of cryptomining and offers an illegitimate yet effective and inexpensive way to mine valuable coins.
Cryptocurrency is digital or virtual money that takes the form of tokens or ‘coins’ (such as Bitcoin). To operate, cryptocurrencies use a distributed database known as Blockchain, which is regularly updated with information about all the transactions that took place on the blockchain since the last update. Each set of recent transactions is combined into a block using a complex mathematical process. To produce new blocks, cryptocurrencies rely on individuals to provide computing power and reward those suppliers with cryptocurrency. Those who trade computing resources for currency are called ‘miners.’ The larger cryptocurrencies use teams of miners running dedicated computer rigs to complete the necessary mathematical calculations, an activity that requires a significant amount of electricity.
This is where cryptojacking comes in . . . cryptojackers are people who want the benefits of cryptocurrency mining without incurring the huge costs. By not paying for expensive mining hardware or large electricity bills, cryptojacking allows hackers to mine for cryptocurrency without the large overheads. Hackers get to a victim’s device to secretly mine cryptocurrencies by getting the victim to click on a malicious link in an email that loads cryptomining code on the computer, or by infecting a website or online ad with JavaScript code that auto-executes once loaded in the victim’s browser.
The motive for cryptojacking is profit, but it is designed to stay completely hidden from victims. Cryptojacking scripts do not damage computers or data, but they do steal computer processing resources. Business organizations with cryptojacked systems incur real costs arising from the use of help desk and IT time spent tracking down performance issues and replacing components or systems in the hope of solving the problem, and increased electricity costs.
6. Trojan virus
A Trojan is a type of malware that conceals its true content to fool a user into thinking it’s a harmless file. Like the wooden horse used to sack the City of Troy, the payload that a Trojan carries is unknown to the user, but it can act as a delivery vehicle for a variety of threats. Common types of Trojans include:
- Backdoor Trojans – which allows hackers to remotely access and control a computer, often for the purpose of uploading, downloading, or executing files at will
- Exploit Trojans – which inject a machine with code deliberately designed to take advantage of a weakness inherent to a specific piece of software
- Rootkit Trojans – which are intended to prevent the discovery of malware already infecting a system so it can cause maximum damage
- Banker Trojans – which specifically target personal information used for banking and other online transactions
- Distributed Denial of Service (DDoS) Trojans – which are programmed to execute DDoS attacks, where a network or machine is disabled by a flood of requests originating from many different sources
- Downloader Trojans – which are files written to download additional malware, often including more Trojans, onto a device
- Trojan Mailfinder – which harvests email addresses from a computer
- Trojan Spy – which spies on how a computer is being used by tracking data entered via keyboard, taking screenshots, or getting a list of running applications
A Trojan should not be confused with a virus. While computer viruses reproduce independently, a Trojan is merely a door opener, but with potentially devastating consequences.
7. Cloud jacking
Cloud jacking occurs when a cloud account is taken over by a hacker who generally gets access through a compromised user credential that provides the same privileges the user enjoys. If a hacker cloud jacks an email account, he can send phishing and spam on the user’s email address to others inside or outside a company, access digital meeting conversations, infect cloud storage with ransomware, and more.
Cloud jacking is on the rise because hackers go to where the data is located. With less data being stored in online premises servers and more being stored in the cloud, an increase in cloud account takeovers can be expected. In fact, industry analysts report a 630% increase on cloud account attacks in 2020.
8. Data breaches
A data breach exposes confidential, sensitive, or protected information to an unauthorized person who then views or shares the files in the data breach without permission. Individuals, businesses, and governments can be at risk of a data breach and put others at risk if they are not protected. Data breaches happen most often because of weaknesses in technology or in user behavior and are not always caused by an outside hacker.
A data breach can occur in a number of different ways, including:
- An accidental insider –an employee using a co-worker’s computer and reading files without proper authorization; although unintentional and unshared, the data is considered breached because it was viewed by an authorized person
- A malicious insider – a person who purposely accesses or shares data with the intent of causing harm to an individual or company; the insider may have legitimate authorization to access the data, but the intent is to use it in nefarious ways
- Lost or stolen devices – an unencrypted and unlocked laptop or external hard drive that contains sensitive information and goes missing
- Malicious outside criminals – hackers who use various attack vectors to gather information from a network
Serious damage is possible if a hacker steals and sells Personally Identifiable Information or corporate intellectual data for financial gain or to cause harm. Common vulnerabilities targeted in data breaches include weak and stolen credentials, compromised assets, payment card fraud, third-party access, and the use of personal mobile devices in the workplace.
Best practices to avoid a data breach include patching and updating software, high-grade encryption for sensitive data, upgrading devices when a manufacturer no longer supports software, enforcing “bring your own device” security policies, enforcing strong credentials and multi-factor authentication, and educating employees on best security practices and ways to avoid socially engineered attacks.
9. Man-in-the-Middle Attacks
A man-in-the-middle attack occurs when a hacker or compromised system sits in between two uncompromised people or systems and deciphers the information they are passing to each other, including passwords. In a real-world example, Equifax in 2017 removed its apps from the App Store and Google Play store because they were passing sensitive data over insecure channels where hackers could have stolen customer information. To avoid this danger, companies must enable encryption on routers, implement procedures that encourage the use of strong credentials and two-factor authentication, and mandate the use of a VPN.
10. Insider threats
An insider threat is a malicious threat to an organization that comes from people within the business. These malicious insiders can be negligent workers, departing or former employees, contractors and third-party partners, or business associates who have inside information about the operation’s security practices, data, and computer systems.
Some of the main types of insider threats include:
- Sabotage – when the insider uses their legitimate access to damage or destroy company systems or data
- Fraud – where the insider steals, modifies, or destroys data in order to deceive
- Intellectual property theft – where the insider steals the company’s intellectual property for resale or to take with them to a new position -and-
- Espionage – where the insider steals information for another organization, such as a competitor or government
Insider threats can cause severe and costly damage to an organization, including the loss or theft of critical data, trade secrets, personal data, customer data, and other essential information, wiping out years of work in an instant.
How Can HUB Help Protect Your Business From Cyber Security Risks?
Businesses can trust HUB to help them create a customized cyber insurance policy that addresses the various types of cyber security risks that the company could be exposed to in its operations. HUB can help the company conduct a thorough examination of its systems, as well as its existing security policies and procedures, to identify weaknesses and potential threats, develop and implement comprehensive cyber security best practices, and navigate the complex array of legislative and regulatory cyber mandates. HUB will also guide businesses who can offer the most comprehensive and affordable coverage. Whether you’re a new business or an established enterprise seeking more wide ranging coverage at a better price, HUB will help you secure the most optimal coverage for your organization’s specific cyber insurance needs.