There’s a lot of focus on cyber crime and the implications that cyber attacks can cause to businesses and individuals. It isn’t just a topic that is the flavour of the month either, it’s unfortunately an increasing concern as we step further into technological advancements and relying more and more on computer and internet based convenience.
We have seen an increase in clients falling victim to social engineering fraud and phishing. An example of social engineering fraud is where criminals will pose as a trusted provider to their victim in order to trick them into processing payments or providing personal information. They don’t always pose as banks or the ATO either, as we are seeing an increase in criminals posing as service providers that you deal with on a regular basis. Social engineering is quite a confident attack by criminals who have been assessing their victims’ patterns before launching their attack. Similarly, phishing is where the criminal will pose as a trusted provider in order to obtain usernames, passwords and of course money; typically by tricking the victim to enter these details into an online form, email or messenger app. Phishing attacks are broader and less targeted to individuals. – It’s literally like dropping a large net in the ocean and catching whatever happens to get trapped.
Every day, over 1 million new pieces of malware are created, and according to IBM Security’s 2017 X-Force Threat Intelligence Index, security breaches increased by over 500% globally, totalling 4 billion record breaches. This really highlights the shift in today’s criminals, who are now mastering the skills they need to conduct their crimes from the comfort of a keyboard.
Recent state-sponsored cyber attacks from Russia which targeted users of Cisco branded routers are an example on how cyber criminals will do whatever is within their means to launch an attack. ie they discovered a way to hack those particular routers, and so rather than targeting particular industries, it was simply anyone that used a Cisco router to access networks.
What do they want?
There’s a range of different motives, from scamming and stealing money, identity theft, locking down your system access and requesting a ransom, mining for crypto-currency using your computers processing power and other political or malicious agendas.
The Australian Cyber Security Centre 2017 Threat Report, highlights the different motivations for being targeted based on whether you are a business or a home user, as follows:
Businesses are targets for:
- Commercially sensitive information
- Client information
- Bulk-data containing personal information about the public
- Sensitive legal advice
- Proposed negotiating positions
- Marketing strategies
- Work history
- Intellectual property
- Staff Information
Home users (individuals) are target for:
- Social Media accounts
- Email accounts
- Banking logins
- Personal information, including photos and personal files
What can you do?
Frequently back up your data: If you do get hacked and suffer an interruption, it will help with the recovery process.
Always install software updates: In addition to any software enhancements, they also provide the latest security patches.
Use antivirus software & firewalls: A good antivirus program will warn you of potentially malicious files or websites, and prevent programs from connecting to the internet without your permission.
Be alert of emails & websites that you don’t recognise: If you’re not expecting emails from certain businesses or organisations such as banks, the ATO etc then don’t open the attachments. If you’re ever in doubt, you can call the organisation to see if it’s legitimate.
Never pay the ransom: Apart from the fact that you don’t want to support cyber crime, there’s also the likely chance that the criminal will request a higher ransom once you have paid the first.
Get cyber insurance: With 60% of Australian cyber attacks targeting small to medium business enterprises, it’s important that cyber insurance is considered as part of your cyber security plan. Cyber insurance covers your business for exposures from third party claims due to privacy breaches, your own costs to respond to a breach and business interruption as a result of the attack. As with any insurance, it’s about getting you back on your feet after an unexpected event.
Unfortunately whether we like it or not, cyber incidents are here to stay and we do need to be vigilant with how we protect ourselves, our assets and any private information that forms part of our business.
If you would like to discuss cyber insurance further, contact your Safeguard Insurance broker to review your options and find the best product for you.