Cyber Risk Trends: More Ways to Cause - and Prevent - Cyber Losses
December 11, 2019| By Eric Warbasse, CyberScout, Vice President of Business Development (guest contributor)
Region: North America
It’s in the news daily - data breaches cost American companies billions of dollars annually. Over the past 12 months, cybercriminals have moved away from selling stolen data on the dark web, to even quicker payouts via ransomware and email compromise.
Small businesses remain vulnerable to cyberattacks, and even a relatively minor cyber event can be costly. The median cost of a data breach to a small business is nearly $40,000 and the average costs more than triple to $134,000. As company size increases, the costs rise steeply.1 Knowing the types of attacks that occur is as important as knowing the right steps to prevent and mitigate them. Companies may be aware of the risk but have no idea what to do about it. Fortunately, many options exist to assist with preventing and responding to this evolving cybercrime landscape.
Following is a summary of a few of the cybercrime trends affecting Commercial lines of insurance as well as some steps to help prevent and mitigate them.
Personal Data Theft
Many types of scams exist to steal personal identifiers with the ultimate goal of financial fraud. Complicating the problem is that some forms of fraud can go undetected for many years, as criminals use victims’ Social Security numbers to take out loans, open new accounts, or fraudulently receive medical care.
The best offense against theft is a good technical defense:
- Confirm that your business software has built-in security options
- Implement a routine patch installation management plan
- Regularly run penetration testing and vulnerability assessments
- Ensure that you apply two-factor wire transfer verification procedures
Illicit Cryptomining or Cryptojacking
CyberScout predicts a shift from traditional cyber-attack methods to a new one called illicit cryptomining. This occurs when a device is being used to mine cryptocurrency by a hacker without the user’s consent. Using this sophisticated method, criminals hijack computer processing power from corporations or personal-use systems. The most common form of illicit cryptocurrency mining (or cryptojacking) makes use of malware - covert software which can be secretly run on a computer without the user’s knowledge. Unlike other types of malware, cryptojacking scripts do not steal the victims’ data which is stored on the computer. Instead, cryptojacking can drain computing power and damage computer systems from a business without them knowing, and most cryptomining targets don’t realize they’re affected unless their computers slow down - over time wasting productivity and resources.
- Evaluate organizational computing processes and performance weekly
- Install an ad-blocking or anti-cryptomining extension onto web browsers2
- Incorporate the cryptojacking threat into your security awareness training
- Keep your web filtering tools up to date
Improper Data Disposal
This type of cybercrime decreased in 2018. With increased regulatory scrutiny of data breaches, organizations have become more educated on the right way to dispose of unnecessary data. Also, a move toward virtual data storage in the cloud reduces the chance that paper records or hard drives will lose data through theft or improper disposal. If your company still uses hard drives and paper records, be sure to take data security precautions.
- Move as much data as possible to secure virtual storage
- Properly dispose of hard drives and paper records
When looking to safeguard systems and reduce cyber risk, companies must learn what “best in class” cyber risk prevention looks like. This means ranking security over convenience - doing things safely instead of doing things quickly. Businesses must offer ongoing education to all employees about security best practices as well as investing in preventative technology and procedures. Yes, cyber events will continue to be a challenge, but creating trusted partnerships with insurers and cybersecurity vendors can begin to shift the tide.
- NetDiligence 2018 Cyber Claims Study. Median and average costs are for a “nano” size company, defined as having under $50 million in annual revenue.
About the Author