It can be difficult to comprehend the cyber risks your business is exposed to, particularly if you have never experienced a cyber-attack. Therefore, many choose to bear the consequences themselves without understanding how significant these can be. However, Cyber and Cyber-crime claims are now making up more than 50% of all claims in the insurance market, so managing this risk is no longer a task for the IT team, but a Board level consideration.
In this blog we explain some of the most common cyber-attacks, how they occur and how you can protect your business against them:
Funds Transfer Fraud / Social Engineering Fraud
Almost all companies invoice their clients for payment for their goods or services, as well as working with several suppliers who will in turn invoice for goods and services they provide to the company. When paying these invoices electronically it is all too easy to fall victim to cybercriminals who can intercept electronic payments and divert them to fraudulent accounts.
These attacks can be perpetrated in a number of ways including:
- Social Engineering – whereby a member of your accounts team might be tricked into paying funds into a fraudulent account, following an extremely convincing call from someone pretending to be the client/supplier and advising of a change of bank details.
- Invoice Fraud – whereby an invoice attached to an email can be intercepted along the way, with the details changed to that of a fraudulent account before being released, seemingly with no discernible changes.
These risks can be mitigated by training your employees to look out for the tell-tale signs that a fraudster may be involved, including the creation of high pressure/urgency, as well as implementing procedures such as call-backs to a known contact before accepting a change of bank details. 80% of Cyber claims involve employee error, so training your staff is a crucial element of your Cyber risk management.
Ransomware and Data Breaches
The most valuable asset that most companies hold is their data, rather than physical assets such as their property or plant/machinery. Whether a company relies on their systems to trade day to day or holds sensitive customer data, cyber criminals know all too well that the majority of companies cannot survive a ransomware attack for long.
Ransomware attacks can result from something as simple as an employee opening what appeared to be a ‘CV’ attached to an email that came from someone purporting to be on the hunt for a job. For a sophisticated cyber-criminal, this is enough for ransomware to be installed on your network, giving the hacker the ability to not only shut down your network but also to access and leak data you hold.
Cyber criminals have recently pivoted away from shutting down a network and demanding a few hundred pounds for the key to unlock; instead, they are sitting in the network for months on end, gathering data that can be sold on the dark web or leaked, and then using this knowledge to demand ransoms of up to tens or even hundreds of thousands of pounds.
How to mitigate your risk:
- Use reputable antivirus software and firewalls – this is your first line of defence, so maintaining a strong firewall and keeping your security software up to date is critical.
- Patching (updating) – Regular patching of vulnerable software is necessary to help prevent infection that takes advantage of out-of-date systems with known vulnerabilities.
- Strong passwords and multi-factor authentication – enforce a strong password policy and multi-factor authentication. This will also reduce your risk of Business Email Compromise (BEC), which is another prolific problem and can lead to downtime, reputational impact, and large financial loss.
The National Cyber Security Centre (NCSC) has provided further guidance with actions you can take to reduce the risk of falling victim to an attack whilst the threat level is heightened here.
We are here to help
To learn more about how to protect your business against cyber risks, contact our specialist, Jason Cohen:
JasonCohen@hamiltonleigh.com