Phishing, Cyber Insurance, and Being Vigilant
In a highly evolved digital era, cyber attacks are a sad reality. One of the common forms of cyber attacks are phishing, specifically email phishing. Email phishing is a fraudulent email designed to gain access your, your family’s, or your clients’ sensitive information.This information that is then used to obtain access to important accounts (banking, credit, health history, professional credentials, education, etc.) and ultimately cause significant financial and personal damages. A rising threat, email phishing is the most common way for cyber criminals to infiltrate and access the sensitive data of people, communities, and businesses everywhere. In fact, it’s been estimated that 135 million phishing attacks take place every day, resulting in billions of dollars in losses and damages each year – both corporate and personal.
Cyber criminals don’t discriminate
In 2015, the Chairman, president and CEO of IBM, Ginni Rometty said, “Cyber crime is the biggest threat to every company in the world.” Quite frankly, the numbers are staggering. According to an article posted on CSO Online, the annual related cost of cybercrime is expected to hit USD $6 trillion by the year 2021, up from $3 trillion in 2015 – that’s a 100% increase in just 6 years, representing what CSO calls “the greatest transfer of economic wealth in history.” According to the CEO, cybercrime “will be more profitable than the global trade of all illegal drugs combined.”That’s plenty of incentive for cyber criminals to play the game – and win.
If you’ve seen any of the headlines, you already know that hacking is big business, and every digital system out there is a potential target. There are various types of cyber terrorism, and all can have devastating effects. Targeted cyber attacks, attacks usually aimed at specific organizations, tend to have a laser-focused purpose when it comes to type of damage they do. Operation Ababil in 2012, for example, targeted American financial institutions, including the New York Stock Exchange and J.P. Morgan Chase, resulting in widespread disruption of their websites. Wiper, a different attack that took place in 2011, was a malware attack that disrupted the Oil Ministry’s headquarters, causing significant downtime, a disruption in productivity, and some overall major headaches.
So, what do cyber criminals do with your stolen identity?
In the digital world, the end goal of cyber attacks, specifically corporate and government espionage, is to steal information from organizations. The hack on Sony Pictures harvested significant personal information from Sony employees, including family data, personal emails, salaries and confidential information on unreleased films. The hackers then used this information as leverage to stop the release of a controversial film. Another example is the Titan Rain attack, which was series of coordinated attacks on American military contractors which gained access to incredibly sensitive homeland security information. Scary, right?
On a smaller scale, there are also more pedestrian (but every bit as serious) forms of cyber attack – such as identity theft. When it comes to identify theft, hackers find ways to access massive databases loaded with detailed personal information on thousands of individuals, including credit card and financial data, email addresses, login information – anything and everything that gives these criminals the ability to steal from you, cause you embarrassment, or generally make your life miserable.
And what happens to the information?
According to Trend Micro, what happens to information once it’s stolen largely depends on what type of information it is. However in most cases, any type of cyber hack will be used for one or a combination of the following purposes:
- Fraudulent tax returns
- Fraudulent insurance claims
- Fraudulent bank loan applications
- Fraudulent money transfers
- Applying for fake credit cards
- Purchasing prescription medicine for use or sale
- Fraudulent online purchases
How do cyber criminals get what they’re looking for? They Phish!
It sounds simple, but it’s effective and happens all to often: bogus emails sent out to huge swaths of unsuspecting people. These emails are often backloaded with malware or other viruses that wreak havoc on computer systems – which is exactly how hackers get in. You’d be astounded what a skilled hacker can do once they have remote access to your computer – or worse, your entire corporate computer system. Luckily, there are some tell tale signs to watch out for so you and your business can avoid a hack before it happens (and yes, you should share this with your staff).
If you spot any of the following on an incoming email message, consider it suspicious and do not open it:
- You do not recognize the senders’ address or it’s not someone you typically communicate with.
- It’s an unusual or unexpected email with an embedded hyperlink or attachment.
- If you hover over a hyperlink and the link-to address is for a different website.
- The hyperlink is misspelled, particularly if it’s claiming to be from a well known or popular website.
Other red flags to watch for include:
- Content that’s too good to be true. If the email has some outlandish claim or big reward attached to it (like you’ve won a trip to Europe or a big wad of money) be skeptical. The old saying definitely holds true with cyber attacks: if it seems too good to be true, it probably is.
- Pressure tactics. If there is time sensitivity or some kind of urgency involved (click now or else, essentially) it could be phish-y. Most reputable organizations will not pressure you into an immediate response.
What can you do to protect your business?
There are a number of ways for companies to beef up their system security, but in addition to improved security measures, there has been a rise in what is known as Cyber Insurance over the last decade or so. As you might expect, cyber insurance functions just like any insurance policy, and is designed to help companies offset losses should a security breach occur. According to PwC, about 1/3 of companies in the U.S. currently purchase cyber insurance.
The team at TWT can help your organization fend off cyber attacks from the outside. Our Managed IT service include monitors and protects your system with a layered approach to security that includes DNS protection for your devices, firewall, anti-malware, anti-ransomware, anti-virus, and anti-exploit safety measures. We’re also well versed in providing advice and recommendations for cyber insurance and training staff so they can spot these threats easier.
To learn more about how TWT can safeguard your sensitive information, get in touch.
About This Blog
We are constantly on the lookout for new things that have promise to make business or life better. These gems could be software, hardware or just an idea. Subscribe to find the ideas we hope will help you and your business succeed.