We all have an idea of what a hacker looks like. You have seen it in movies, perhaps in an episode of your favourite TV series — the Hollywood motif has remained consistent. In fact, right now, I bet you are picturing a sweaty man with thinning hair and a greasy neckbeard. As his salt-stained fingers strike each key, strange combinations of white letters and numbers appear on a black screen, the only source of light in his cold, dark basement. This image of the stereotypical hacker could not be further from the truth.
Today, cyber crime is more comparable to a business operation. The lone, anti-social hacker you love to hate is more often than not an organised crime syndicate, and they are much better at this than he ever was. Even with all of our work patching vulnerabilities in web applications and software, we are barely keeping our heads above water.
Phishing attacks are still the professional hacker’s bread and butter
Social engineering, in its most basic form, is to trick someone into doing something they shouldn’t. The most successful variety of this, for cyber criminals, is the phishing attack. Much like the name implies the goal of phishing is to bait the user into clicking a dangerous link, opening a malicious attachment or giving away their credentials. One wrong move can allow the hacker to install persistent malware and bypass security systems — it’s a lot easier to get in and make a mess of things when you have the keys to the front door and all of the windows are open.
We keep falling for it, over and over
The Verizon 2016 Data Breach Investigations Report combines the data from over 8 million sanctioned phishing tests in 2015 and found that an alarming 30% of those who received a simulated phishing message opened it. On top of that, 12% went on to click the malicious attachment.
This is an increase from last year, where 24% opened and 11% clicked through. If that’s not bad enough, only 3% of people alerted management or IT of the issue.
Luckily, there are preventative measures you can take to minimise your risk exposure:
• Email filtering is your friend
• Train employees to spot something ‘phishy’
• Don’t keep it all in one place, segment your network
• Learn from attacks
• Take out cyber liability insurance
Network security & privacy breaches: the lasting effects on business
As technology evolves, so do businesses practices. You would struggle to find a business that doesn’t rely on technology to run and to record critical information. Consequently, this makes us more susceptible to cyber attacks than ever before.
Imagine, for a second, that you fell victim to a phishing attack and lost control of your system. Your data is compromised and you can’t even send a simple email notification to warn your customers. This is only the beginning.
Breaches can happen in a matter of minutes and the damages can be felt for weeks, bringing even the most sophisticated business to a humbling halt.
Common losses resulting from security breaches include trade secrets, patent applications and sensitive customer data. This information fetches a significant amount on the black markets, while crippling the victim’s business with fines, penalties, legal fees and notification costs.
It is not all through online phishing attacks, however. Privacy violations can also result from lost physical records such as poorly discarded files, emailing the incorrect recipient or innocently misplaced or stolen laptops. The outcomes of these exposures are investigation, fines, defence costs and damages, which can all be transferred to insurers with the correct policy.
Summary: the modern approach to Cyber Liability Insurance
The modern cyber liability policy provides indemnity for both first party and third party losses. It is this breadth of cover which becomes particularly important when network security and/or privacy incidents occur.
Common third party costs include:
• Regulatory fines and penalties
• Costs to respond to regulatory bodies
• Legal defence fees
• Settlements, damages and judgements related to the action
Common first party costs include:
• Forensic investigation
• Legal advice to determine your notification and regulatory obligation
• Public relations expenses
• Damage and computer hardware
• Notification costs of communicating the breach
• Loss of profits and extra expense during the time your business in interrupted.
Honan Insurance Group Ptd Ltd (“Honan”) ABN 67 005 372 396, AFSL 246749. Honan is not the underwriter for any insurance product that you may decide upon and insurance is issued subject to the terms, conditions and exclusions as set by the particular underwriter.
Please note this information provided is for general advice only and does not factor in the objectives, needs or financial situation of the client. It is important for you to consider these matters and read the Product Disclosure Statement (PDS) and policy before deciding if this product is right for you. You can get a copy of the PDS by calling +61 3 9947 4333