Fifteen years ago if you were listening to the news you probably wouldn’t have been so wrong in thinking that if you were hearing the words ‘cyber attack’ and ‘hackers’ that the news reader may have been talking about the latest big screen action blockbuster. Fast forward to today and buzz words like ‘cyber criminals’ are no longer reserved for film villains – it’s a simple fact now – cyber threat has become a way of life.
Here are 3 fast facts you need to know about cyber attacks –
- In 2015, cyber incidents were up 64% worldwide from the previous year.
- 60% of all cyber attackers are ‘insiders’: employees, business partners or associates you know and trust.
- The five most attacked industries worldwide are Healthcare, Manufacturing, Financial Services, Government and Transportation.
So why are they doing it?
It’s easy to assume all cyber attackers are looking for financial gain. But last year we saw a major shift in the motivation behind these data breaches and cyber attacks. Whilst holding firms to financial ransom was and is still very prominent, cyber criminals are branching out; they’re inflicting physical damage, stealing intellectual property and lodging political protests.
Still thinking your business isn’t important enough to be targeted by hackers?
Then stop! Firstly, you need to break away from assuming hackers are random IT criminals in far away countries that may stumble upon your business online by chance. Yes, that is still a very real threat, but statistics show that you’re even more likely to be targeted by someone you know and trust.
Every business owner has had varying degrees of experience dealing with a disgruntled employee. That same business owner would also have let a countless number of IT contractors in and out of their workplace without even blinking an eye. Let’s not forget that more often than not, the people traditionally caught ‘stealing’ from their employer often have no real animosity towards their boss – they have personal issues of their own.
These are often people you know and trust and who can easily access your company’s electronic files and records. If they have a reason to try and hurt you, tarnish your business’s reputation or are just in desperate need of some quick cash, it’s not impossible to assume that they could try to do this via a cyber-attack.
This is a real life situation that happened to an Accountant.
A former IT contractor allegedly logged in to the Accountants systems remotely without authorisation and deleted files on the businesses server. This same former IT contractor also allegedly embedded spyware and downloaded viruses onto the firm’s server. Between the deletion of the files and damage caused to the server as a result of the virus, the Accountant was hit with an $7,959 bill to repair the damaged server and restore files.
This Accountant isn’t alone, take a quick look at these other real life stories…
A Landscaper with 3 staff experienced a Malware infection on their computer, which required all servers to be restored, causing $2,327 worth of damage.
A building materials wholesaler with nine staff had their system hacked by a CryptoLocker virus which prevented employees from opening files and accessing the public drives. Costs blew out to $19,897 in IT expenses and lost revenue.
A catering company with seven staff received an email to their general email address (found on their website) which contained a virus. It resulted in an immediate ransom demand being received and malware virus spreading through their network. The company’s servers were affected and they were unable to use their payroll system for two weeks; they had to resort to manual processes. Whilst they didn’t pay the ransom, the costs still escalated to $15,009 in IT expenses to have new software installed as well as lost revenue.
If you’re feeling a little paranoid – it’s with good reason.
The good news is that there are ways to protect yourself against a cyber attack.
Here are five steps you can take toward developing a strategic cyber security program for your business.
1. Prioritize your business objectives and set your risk tolerance
Striking a balance between protecting data assets and enabling productive, innovative workplaces has challenged security professionals for decades. The truth is, there’s no such thing as 100% secure. That means that as a business owner you need to make hard decisions about the different levels of protection required for different parts of the business.
2. Protect your business with a proactive security plan
Awareness is essential to security planning. Understanding the threat landscape, and actively working to protect your business against those threats requires both technology and policy.
3. Promote and support a culture of security awareness
All it takes is one careless employee to undo a chief security officer’s master plan. That’s why every employee must work in partnership with security professionals to help ensure that the safety of critical data is built into the culture of the organization.
4. Prepare your business for the inevitable
With the constant evolution of advanced persistent threats—and a growing presence of hackers intent on finding a vulnerability—it’s fairly certain that your business may eventually fall victim to a cyber attack. Having a coordinated and tested incident response plan is critical, as is access to the right resources and skills which brings us to our final step for you…
5. Take out a Cyber Liability & Privacy Protection policy
A Cyber Liability & Privacy Protection policy is designed to cover the financial risk you are exposed to as a result of your reliance on the internet, email, computer software as well as the storage of private and sensitive client data. It’s surprising and frightening to think that less than 1% of businesses take out a Cyber Liability policy – even though it’s possibly more likely your business will be affected by a cyber attack than a fire. And nearly everyone insures their business against fire.
A Cyber Liability & Privacy Protection policy purchased through Insurance House covers you in three ways:
- Third Party Claims - covers your liability to a third party for a failure to keep data secure – including investigations, defence costs and fines and penalties from breaching the Privacy Act. For example, the personal details of your clients’ including credit cards, bank accounts and sensitive personal information like health records. Imagine if this this sort of data was hacked and released – your clients would most likely sue plus you could bare the costs of any fines handed down by the courts under the Privacy Act.
- First Party Costs - reimburses you for the costs you incur in responding to a breach, such as IT Forensic Costs, Credit Monitoring Costs, Public Relations Expenses and Cyber Extortion Costs (including ransom payments to hackers). Your business is often the biggest victim in a cyber attack – how would you reclaim your businesses reputation or handle the overtime and extra costs involved in restoring damaged or lost data?
- Business Interruption - provides reimbursement for your loss of profits resulting from the breach, including any additional and necessary expenses incurred in continuing to trade. So a hacker holds your files to ransom – even if you decide to pay the ransom – you’ve lost valuable trading time and profits.
To learn more about Cyber Liability get in touch with a member of our broking team on 1300 305 834.