Cyber Criminals Using Social Engineering to Defraud Businesses

Social Engineering to Defraud Businesses

Social Engineering to Defraud Businesses

New research from US-based cybersecurity company FireEye, which analysed 1.3 billion phishing emails in Q1 2019, has found three big emerging trends.

Cybercriminals are increasingly using impersonation in phishing attacks, with the rate up 17% from Q4 2018, primarily by imitating well-known brands. Microsoft spoofs accounted for almost a third of the Q1 attacks, plus OneDrive, PayPal, Apple, and Amazon were impersonated. Cyber crims also impersonate CEOs and other senior corporate officers to request changes to bank account information.

A second trend is using HTTPS (hypertext transfer protocol secure) for malicious phishing sites, which jumped 26% in Q1 2019. HTTPS can give a false sense of security because there’s a misconception the protocol is only identified with legitimate, safe sites.

A third trend is hosting malicious files on trusted, cloud-based, file-sharing sites, such as Dropbox, Google Drive, and OneDrive. That means links don’t look suspicious and can get through email filters.

Gerry Power, National Head of Sales at award-winning Emergence Insurance, says social engineering advice is one of the most frequent requests from brokers seeking information for their clients.

 

Cyber Criminals Using Social Engineering to Defraud Businesses

Socially engineered theft or ‘hacking the human’ is a trending exposure in Australia and globally today. Most breaches are caused by employees opening phishing emails that have already made it through existing technology defenses.

It can take hundreds of days to find out you’ve been compromised. Clicking on one phishing email can enable a criminal to infiltrate a company’s system, escalate their access and privileges, and steal the company’s crown jewels, clean out the bank accounts, or develop fake invoices.

Gerry says many people think they’re adept at spotting scams, but the task is getting harder as cybercriminals broaden their reach and methodologies.

Organisations need better training and education and heightened awareness to get a step ahead. They also need insurance as a last line of defence.

Emergence’s Criminal Financial Loss cover option has been designed to provide cyber insurance protection for financial loss, be it cash, accounts receivable or securities associated with a company’s business being hacked or a social engineering attack causing direct financial loss from an electronic funds transfer to an unintended third party.

A cyber insurance policy is part of every successful business’s risk management framework, but it’s not the first line of defence against Social Engineering to Defraud Businesses.

Cyber insurance is designed to protect a business when its IT security, policies and procedures fail to stop an attack. But no amount of risk management can get you out of the sights of a determined cyber attacker.

FireEye’s report says threat actors are “doing their homework” and developing new variants of impersonation attacks that target new contacts and departments within organisations.

 

 

Source: Emergence

 

Compare Cyber Insurance

Cyber Insurance Comparison

 

Please note Cyberliabilitycomparison.com.au Insurance News is an information service sometimes provided by third parties Insure 247 Australia doesn’t warrants the accuracy of any information contained there in, readers should make their own enquiry’s before relying on information in the stories Terms of Service

 

Please note that any advice given has been provided without taking into account your objectives, financial situation or needs. It is also based on information we have obtained from you. You must ensure the information is accurate and complete. Otherwise, this advice may be based on the inaccurate or incomplete information. You should consider whether the advice is appropriate in light of your objectives, financial situation and needs

 

Cyber criminals are getting smarter at using social engineering to defraud businesses

Cyber Claim Scenario – Denial of Service Attack

Cyber Claim Scenario – Denial of Service Attack (DoS attack)

In January 2012, Australia’s second-biggest online broking business, ANZ Bank’s ETrade, was forced to shut down over the New Year period by a denial of service attack launched from overseas. Following the attack, access to the site was unavailable for some customers for nearly two weeks

Former Woodside Petroleum CEO Don Voelte warned in 2011 that cyber attacks were a major concern and that the company had been attacked “from everywhere”, particularly Eastern Europe, Russia and China.

Cyber Insurance

What is a Denial of Service Attack?

A denial of service (DoS) attack is an incident in which a user or organization is deprived of the services of a resource they would normally expect to have. In a distributed denial-of-service, large numbers of compromised systems (sometimes called a botnet) attack a single target.

Although a DoS attack does not usually result in the theft of information or other security loss, it can cost the target person or company a great deal of time and money.

Typically, the loss of service is the inability of a particular network service, such as e-mail, to be available or the temporary loss of all network connectivity and services.

A denial of service attack can also destroy programming and files in affected computer systems.

In some cases, DoS attacks have forced Web sites accessed by millions of people to temporarily cease operation.

Can you insurer against a Denial of Service Attack?

Some insurers offer Cyber Insurance to cover Denial of Service Attack.

However it’s not a in all policies, if your unsure speak to one of Insure 247’s brokers on 1300 046 787

Source AIG

 

1300-Insure

Please note Cyberliabilitycomparison.com.au Insurance News is an information service sometimes provided by third parties Insure 247 Australia doesn’t warrants the accuracy of any information contained there in, readers should make their own enquiry’s before relying on information in the stories Terms of Service

Compare Australian Cyber Insurers

Please note that any advice given has been provided without taking into account your objectives, financial situation or needs. It is also based on information we have obtained from you. You must ensure the information is accurate and complete. Otherwise, this advice may be based on inaccurate or incomplete information. You should consider whether the advice is appropriate in light of your objectives, financial situation and needs

First ever OS X ransomware encrypts your data and asks for money

Safety concept

First ever OS X ransomware

Ransomware is a particularly nasty piece of malware: After your computer is infected, it encrypts your data and refuses to give you the key unless you pay its makers a sum of money. Save for any glaring mistakes in the malware’s implementation, paying up is usually the only feasible way to get your data back, especially if you don’t have a backup.

Now, according to security company Palo Alto Networks, the first functional ransomware that operates on Apple’s OS X has been discovered.

Read More

Source mashable.com

Compare Australian Cyber Insurers

Please note that any advice given has been provided without taking into account your objectives, financial situation or needs. It is also based on information we have obtained from you. You must ensure the information is accurate and complete. Otherwise, this advice may be based on inaccurate or incomplete information. You should consider whether the advice is appropriate in light of your objectives, financial situation and needs

Businesses must prepare for new generation of cyber risks

Prepare for a new generation of cyber risks

Businesses must prepare for a new generation of cyber risks which are fast evolving, moving beyond the established threats of data breaches, privacy issues and reputational damage to operational damage, business interruption and even potentially catastrophic losses.

In a new report – A Guide to Cyber Risk: Managing The Impact of Increasing Interconnectivity – specialist insurer Allianz Global Corporate & Specialty (AGCS) examines the latest trends in cyber risk and emerging perils around the globe. Cyber risk is a major and fast-increasing threat to businesses with cyber-crime alone costing the global economy approximately $445 billion a year, with the world’s largest 10 economies accounting for half this total. In Australia, cyber risk is estimated to cost the economy 0.08% of GDP per year, or approximately $1.3 billion.

“As recently as 15 years ago, cyber-attacks were fairly rudimentary and typically the work of hacktivists, but with increasing interconnectivity, globalization and the commercialization of cyber-crime there has been an explosion in both frequency and severity of cyber-attacks,” says AGCS CEO Chris Fischer Hirs.

“Cyber insurance is no replacement for robust IT security but it creates a second line of defence to mitigate cyber incidents. AGCS is seeing increasing demand for these services, and we are committed to working with our clients to better understand and respond to growing cyber risk exposures.”

Tougher regulatory regimes and new cyber perils

Increasing awareness of cyber exposures as well as regulatory change will propel the future rapid growth of cyber insurance. With fewer than 10% of companies currently purchasing cyber-specific policies, AGCS forecasts that cyber insurance premiums will grow globally from $2 billion per annum today to over $20 billion over the next decade, a compound annual growth rate of over 20%.

“Growth in the US is already underway as data protection regulations help focus minds, while legislative developments and increasing levels of liability will see growth accelerate in the rest of the world,” says Nigel Pearson, who is globally responsible for cyber insurance at AGCS.

“In Australia, the Federal Government has stated that it will introduce a mandatory data breach notification scheme by the end of 2015 or in early 2016, which is expected to drive interest in cyber insurance. Regional AGCS CEO, Holger Schaefer, stated “we have already seen a significant increase in cyber insurance inquiries as boards of directors become more aware of their regulatory and operational exposures to cyber risk.”

Previously, attention has largely been focused on the threat of corporate data breaches and privacy concerns, but the new generation of cyber risk is more complex: future threats will come from intellectual property theft, cyber extortion and the impact of business interruption (BI) following a cyber-attack or from operational or technical failure; a risk which is often underestimated.

“Awareness of BI risks and insurance related to cyber and technology is increasing. Within the next five to 10 years BI will be seen as a key risk and a major element of the cyber insurance landscape,” says Georgi Pachov, cyber expert in AGCS’s global property underwriting team.

In the context of cyber and IT risks, BI cover can be very broad including business IT computer systems, but also extending to industrial control systems (ICS) used by energy companies or robots used in manufacturing.

Connectivity creates risk

Increasing interconnectivity of everyday devices and growing reliance on technology and real-time data at personal and corporate levels, known as the ‘Internet of Things’, creates further vulnerabilities. Some estimates suggest that a trillion devices could be connected by 2020, while it is also forecast that as many as 50 billion machines could be exchanging data daily. ICS are another area of concern as a number of these still in use today were designed before cyber security became a priority issue. An attack against an ICS could result in physical damage such as fire or explosion, as well as BI.

Catastrophic event

While there have been some very large data breaches, the prospect of a catastrophic loss is becoming more likely, but exactly what it will look like is difficult to predict. Scenarios include a successful attack on the core infrastructure of the internet, a major data breach or a network outage for a cloud service provider, while a major cyber-attack involving an energy or utility company could result in significant outage of services, physical damage or even loss of life in future.

Stand-alone cover

Allianz also predicts that the scope of cyber insurance must evolve to provide broader and deeper coverage, addressing business interruption and closing gaps between traditional coverage and cyber policies. While cyber exclusions in property and casualty policies are likely to become commonplace, standalone cyber insurance will continue to evolve as the main source of comprehensive cover. There is growing interest among the telecommunications, retail, energy, utilities and transport sectors, as well as from financial institutions.

Education – both in terms of businesses’ understanding of exposures and underwriting knowledge – must improve if insurers are to meet growing demand. In addition, as with any other emerging risk, insurers also face challenges around pricing, untested policy wordings, modelling and risk accumulation.

Responding to cyber risk

The AGCS report highlights steps companies can take to address cyber risk. Insurance can only be part of the solution, with a comprehensive risk management approach being the foundation for cyber defence.

“Once you have purchased cyber insurance it does not mean that you can ignore IT security. The technological, operational and insurance aspects of risk management go hand in hand,” explains Max Broodryk, expert for cyber at AGCS Pacific.

Cyber risk management is too complex to be the preserve of a single individual or department, so AGCS recommends a ‘think-tank’ approach to tackling risk whereby different stakeholders from across the business collaborate to share knowledge.

In this way, different perspectives can be challenged and alternative scenarios considered: for example, these might include the risks posed by corporate developments such as mergers and acquisitions or by the use of cloud-based or outsourced services. In addition, cross-company involvement is essential to identify key assets at risk and, most importantly, to develop and test robust crisis response plans.

For more information and to download the full report please go here.

Source Allianz

[pardot-form id=”489″ title=”Cyber Insurance”]

Is Cyber Insurance Compulsory?

Is Cyber Insurance Compulsory?

Cyber Insurance is not compulsory in Australia

The importance of cyber insurance

Cyber-attacks or data breaches can take many forms, from deliberate attacks to technology issues or simple negligence. As modern business is reliant on computer systems and networks, a breach of data or a shut-down of service can have a major impact on your business with many small businesses unable to operate afterwards.
Cyber Insurance can help in the event of a breach
Small businesses are particularly vulnerable to cyber-attacks of all kinds and it can be very costly. Aside from the cost of notifying your customers, you may also face costs for PR, credit monitoring, investigations response and compliance related activity, compensation for affected customers and engaging experts.

Mandatory breach reporting creates cyber-insurance imperative

[pardot-form id=”489″ title=”Cyber Insurance”]

Compulsory

If you are still unsure whether your policy covers this scenario speak to one of Insure 247’s brokers on 1300 046 787

1300-Insure

Please note Cyberliabilitycomparison.com.au Insurance News is an information service sometimes provided by third parties Insure 247 Australia doesn’t warrants the accuracy of any information contained there in, readers should make their own enquiry’s before relying on information in the stories Terms of Service

Compare Australian Cyber Insurers

Please note that any advice given has been provided without taking into account your objectives, financial situation or needs. It is also based on information we have obtained from you. You must ensure the information is accurate and complete. Otherwise, this advice may be based on inaccurate or incomplete information. You should consider whether the advice is appropriate in light of your objectives, financial situation and needs