Human error bigger threat than malicious attacks – Cyber Risks

Human error

Insider threats to cyber security may be under-reported

Statistics from the Office of the Australian Information Commissioner (OAIC) may be under-reporting the damage insider threats can cause to organisations’ cyber security.

IT expert Ahmed Khanji, CEO of Gridware Cybersecurity, told Emergence Insurance’s latest webinar for brokers that Gridware statistics suggested insider threats were a bigger risk than malicious or criminal attacks. The latest OAIC statistics found malicious attacks were responsible for 57% of notifiable data breaches (NDBs).

Gridware data showed malicious threats lagged behind insider threats. Contrary to what’s being reported to OAIC, Ahmed said Gridware found employees were the greatest threat. He urged all businesses to consider who had access to their customer lists and email contacts.

Untrained staff as the greatest cyber risk

He said a global survey found 87% of executives viewed untrained staff as the greatest cyber risk to their businesses, yet staff training was ranked high among categories to have made the least progress when measured against the US-developed, voluntary National Institute of Standards & Technology’s cyber security framework.

Ahmed said many insider threats came from “phishing” incidents where people were manipulated by emails that tricked them into disclosing or changing passwords.

Human error was responsible for 37% of NDBs

Emergence Head of Sales Gerry Power said OAIC’s latest report found human error was responsible for 37% of NDBs. “As humans, we keep finding new ways to make mistakes,” he said. “But, with sound risk management in place, many breaches can be prevented. Employees are the last line of defence, they must be educated to identify such things as dodgy emails and suspicious invoices.”

Medical data was particularly vulnerable because it sold for nine times more than financial data on the dark web.

Gerry said managing data breaches was critical to business survival. Ahmed agreed, saying reputation damage was the biggest loss. “About 85% of people won’t do business with companies that have had known data breaches. Facebook is now one of the least trusted companies in the world.”

Ahmed said organisations needed good firewalls to guard their networks; strong anti-virus software; endpoint protection for all devices; and intrusion detection and prevention systems that inspected all inbound and outbound activity and blocked suspicious activities.

“A hacker can be in your system for 200 days before being identified,” he said.

Protection methods include:

 

  • Strong passwords, long enough to prevent brute force attacks
  • Two-factor authentication
  • Not sharing passwords across multiple devices
  • Regular testing and auditing of company policies and procedures.

Emergence MD Troy Filipcevic distinguished cyber threats from social engineering, which used psychological manipulation to get people to divulge information using trickery, deception and impersonation.

He said social engineering was targeted, sophisticated fraud where trust was built and human weaknesses exploited.

Source: Emergence Insurance

Compare Cyber Insurance

Cyber Insurance Comparison

 

Please note Cyberliabilitycomparison.com.au Insurance News is an information service sometimes provided by third parties Insure 247 Australia doesn’t warrants the accuracy of any information contained there in, readers should make their own enquiry’s before relying on information in the stories Terms of Service

 

Please note that any advice given has been provided without taking into account your objectives, financial situation or needs. It is also based on information we have obtained from you. You must ensure the information is accurate and complete. Otherwise, this advice may be based on the inaccurate or incomplete information. You should consider whether the advice is appropriate in light of your objectives, financial situation and needs

Human error

Small Businesses Are Not Immune To Cyberthreats

Small Businesses Cyber Threat

Small business is not immune to cyberthreats

You might think that if you run a small business, you’re mostly safe from cybercrime or ransomware attacks. After all, why would a hacker bother to target you when there are bigger fish to fry?

These days, though, no one is safe. Cyber attacks are increasing among companies of all sizes. This doesn’t mean it’s time for your staff to panic. It is, however, worth taking a moment to think about your company’s security measures and consider your insurance needs.

 

Small businesses are vulnerable these days

If you still think cyber security is only a concern for larger corporations, you need to update your thinking. The latest data shows that small businesses are just as vulnerable to data breach incidents as larger ones.

The Australian Cyber Security Centre (ACSC) recently reported on this problem, noting that because so many are unprepared for the possibility of cybercrime against their small business, an attack can be particularly devastating. This has been a more serious issue in just the last couple of years.

The ACSC reported that about 90 percent of small organisations experienced a cyber threat or data breach in 2016 of which 58 percent were successful. This is a sharp increase from prior years’ data.

 

Knowing the risks you’re up against

Once you’re aware that small companies do indeed face cyberattacks, the next element to consider is how costly the cyber risks you’re facing might be. The damage can be significant if your SME is ever attacked.

 

There can be a variety of costs that can impact a business due to a cyber attack, including:

  • IT forensic costs
  • Customer notification costs
  • Increased costs of working
  • Legal defense costs

Some customers might abandon your business if they’re worried about security, and others might demand concessions from you that cost money. All this will impact the brand reputation of the company, which is difficult to recover from after an attack.

 

Getting protection against potential losses

Cyber exposures are significant for a business, and it’s only natural to think critically about protecting your company against hackers.

A new mandatory data breach reporting scheme takes effect in Australia in Feb 2018 which will require certain companies to notify customers and the Australian Privacy Commissioner of data breaches. As a result, not just big corporations but also mid-market and smaller companies will want to buy cyber coverage to assist in managing this new regulatory requirement. Companies are becoming increasingly aware of the need to protect themselves. This is why the cyber insurance market is expected to grow dramatically.

In addition, businesses should consider how a cyber insurance policy can complement the business risk management initiatives. As part of a cyber insurance policy, insurers provide an incident response solution to assist business to recover quickly from a cyber attack.

Source: Emergence

 

Please note Cyberinsurancecomparison.com.au Insurance News is an information service sometimes provided by third parties Insure 247 Australia doesn’t warrants the accuracy of any information contained there in, readers should make their own enquiry’s before relying on information in the stories Terms of Service

Please note that any advice given has been provided without taking into account your objectives, financial situation or needs. It is also based on information we have obtained from you. You must ensure the information is accurate and complete. Otherwise, this advice may be based on the inaccurate or incomplete information. You should consider whether the advice is appropriate in light of your objectives, financial situation and needs

Cyber Insurance Comparison