Common Cyber Exposures
What are the risks?
Cyber exposures are constantly evolving as technology becomes used for more and more purposes and cyber criminals fine-tune their methods. The cyber exposures for your organization will be unique to you and generally depend on the type of technology you are using, the functions for which you are using it and the type of data you collect, process and are responsible for. Some of the many risks to consider are:
Cyber incidents can not only be costly to your bottom line, but are also likely to impact your productivity, allocation of resources, and access to information. What impact would a network outage have on your operations? Could you still function without access to your computer systems? Could an interruption result in a loss of customers? Reduction in net income?
Ransomware / Malware Extortion
Ransomware has become the most common form of attack for cyber criminals. It is a type of malware that denies access to a system or data until a sum of money is paid. Ransomware tools can be obtained on the Dark Web and can be easily distributed to a large number of potential victims quickly and easily via email. Malware can have a negative impact on the operations of any business, regardless of their size and sophistication. It can lead to the corruption of your data and disable computer systems which can easily have an impact on your ability to service those that rely on you (e.g. customer, suppliers, etc.).
Cyber criminals are also using non-technical methods to attack vulnerabilities within your people as opposed to within your technology. Social Engineering is when a threat actor uses deception to persuade an individual or company to give up valuable information and/or divert from common security procedures. It can be in the form of email, phone calls or even in person. The most common forms of Social Engineering are Phishing, Baiting, and Masking. These can result in money and information being sent outside the organization and into the wrong hands.
If your business maintains a sizeable amount of sensitive personally identifiable information or non-public commercial information, there is the potential of privacy lawsuits, regulatory fines & penalties, and notification costs. Do you know what type of sensitive data / information you, or a third party on your behalf, is responsible for? Do you know where this data is stored and how it is protected? What would be the potential financial and/or emotional impact on your clients and business partners if any of this information was compromised
Managing the technology we rely on requires the coordination of many moving parts (e.g. hardware, software, data, etc.) and sometimes accidents happen. Have any of the following instances ever happened to you or to an organization you know of: Accidently deleted critical software/data while switching to a new server? Forgot to implement a security setting on a database that unintentionally made sensitive data available to the public? Had a critical patch that was scheduled to be implemented but that somehow fell through the cracks and enabled a malicious third party to access your networks? Had an employee accidently send sensitive information to the wrong person(s)?
Employees are generally trusted with access to sensitive company and customer information. Unfortunately, employees do not always act in the company’s best interest, particularly when they are disgruntled or facing personal stress. Employees with access to sensitive information can access, view, and release this information to the public or malicious 3rd parties in an effort to harm the company or obtain personal financial gain.
Each company and industry are unique in the exposures and cyber risks they face. The above constitute a number of common examples, but for a full understanding of the risks your business faces, please contact your insurance broker.