☰ Navigation

1-888-643-2217 Email ABEX
Keeping you updated

Tag Archives: cyber

5 Cyber Risk Questions Every Board Should Ask

Posted on by

When a data breach or other cyber event occurs, the damages can be significant, often resulting in lawsuits, fines and serious financial losses. In order for organizations to truly protect themselves from cyber risks, corporate boards must play an active role. Not only does involvement from leadership improve cyber security, it can also reduce liability for board members.

To help oversee their organization’s cyber risk management, boards should ask the following questions:

  1. Does the organization utilize technology to prevent data breaches? Boards should ensure that the management team reviews company technology at least annually, ensuring that cyber security tools are current and effective.
  2. Does the organization have a comprehensive cyber security program that includes specific policies and procedures? Boards should ensure that cyber security programs align with industry standards and are audited on a regular basis to ensure effectiveness and internal compliance.
  3. Has the management team provided adequate employee training to ensure sensitive data is handled correctly? Boards can help oversee the process of making training programs that foster cyber awareness.
  4. Has management taken appropriate steps to reduce cyber risks when working with third parties? Boards should work with the company’s management team to create a third-party agreement that identifies how the vendor will protect sensitive data, whether the vendor will subcontract services and how it will inform the organization of compromised data.
  5. Has the organization conducted a thorough risk assessment and considered purchasing cyber liability insurance? Boards, alongside the company’s management team, should conduct a cyber risk assessment and identify potential gaps. From there, organizations can work with their insurance broker to customize a policy that meets their specific needs.

Contact your insurance broker to learn more about cyber risk mitigation strategies that you can start using today to keep your business secure.

© Zywave, Inc. All rights reserved

3 Business Lessons from the HBO Hack

Posted on by

HBO, an American premium cable and satellite television network, was the victim of a data breach. On July 31, 2017, HBO revealed that a group of hackers had stolen 1.5 terabytes of data from the network. Following the breach, the cyber criminals were systematically leaking spoilers and unaired episodes of “Game of Thrones,” one of HBO’s flagship shows.

This hack demonstrates that intellectual property can be just as valuable to cyber criminals as personal identifiable information. To avoid falling victim to a similar cyber attack, organizations should keep in mind the following business lessons learned from the HBO hack:

  1. Having a communications plan in place is critical. Following the breach, HBO was quick to ease the concerns of stakeholders, assuring the public that no internal emails had been stolen. However, this turned out not to be the case, and HBO publicized misinformation. This can be damaging to a brand, as balancing transparency and authenticity following a cyber event is crucial. Having a formal communications strategy can help organizations map out what information is shared to the public and at what time.
  2. Cyber attacks can be damaging to an organization’s reputation. Even if the financial impact of the HBO breach ends up being minimal, the reputational damage has been done. The breach jeopardizes HBO’s image and undermines customer loyalty and trust that took years to build up.
  3. To protect your business from a cyber attack, you need to understand your vulnerabilities. It’s been reported that the HBO hackers used multiple points of entry to get into the company’s system and steal data. Organizations should understand their vulnerabilities to protect against attacks. Entry points can differ depending on the business, but often include employees connecting to networks, online printers and employees using a virtual private network while working remotely.

While you can never predict when a data breach will occur, keeping in mind the lessons above will ensure that your organization is adequately prepared.

© Zywave, Inc. All rights reserved

Manufacturing is a Top Target for Cyber Criminals

Posted on by

Cyber security is a top-of-mind risk for organizations of all sizes and across all industries. This is especially true for manufacturers, as it is an industry norm for organizations to quickly adopt new, more efficient technologies—technologies that are often a target of cyber criminals.

In fact, according to the Insurance Institute of Canada, manufacturing is one of the top industries targeted by cyber criminals. While specific cyber exposures for manufacturers vary, they typically relate to the categories outlined in this article.

Data and Intellectual Property Loss

Almost every business stores sensitive information. For manufacturers, this typically includes personally identifiable information of employees and customers. Items like names, addresses and credit card information are all at risk in the event of a data breach.

A data breach can occur as the result of a number of incidents, including hacking, the loss of a laptop and unauthorized employee access. Data breaches can be incredibly costly for manufacturers, and expenses related to forensics, notification costs, public relations, crisis management, and fines and penalties can add up quickly.

What’s more, the theft of intellectual property (IP) is a top concern among manufacturers. If IP is stolen during a data breach, organizations risk losing their competitive advantage. IP is often a manufacturer’s most valuable asset—an asset that needs constant protection.

Further complicating matters for manufacturers is that systems are becoming increasingly connected, and sophisticated spear phishing attacks, mobile device challenges and state-sponsored attacks have each elevated the risk of IP theft.

Employee Negligence

One of the most important aspects of any manufacturing operation is its people. However, due to constantly advancing technology and the frequency at which employees are permitted to bring their own devices to work, manufacturers are increasingly exposed to new and disruptive cyber threats.

Four of the top 10 cyber threats facing organizations can occur as the result of employee negligence. Phishing scams, the abuse of IT systems, errors and omissions, and the unsecure use of mobile devices can all occur if employees are improperly trained or wish to do an organization harm.

Industrial Control Systems and Connected Devices

​Industrial control systems are command network and system devices designed to monitor and control industrial processes. These systems are designed to promote efficiency and are often connected to the internet. While this connectivity is essential in modern manufacturing operations, it has created a new exposure for businesses to consider.

This type of exposure was demonstrated in late 2014, when hackers were able to take over the control systems at a German steel mill through the use of phishing emails. The hackers were then able to disrupt the control system to such a degree that a blast furnace could not be properly shut down, which, in turn, lead to an explosion and massive physical damage to the plant. This incident illustrates just how complex cyber exposures can be for manufacturers.

Additional Risks

In addition to the risks above, there are a number of cyber threats in the manufacturing industry that can negatively impact an organization’s bottom line without warning. The following are some risks to be aware of:

  1. Third-party damages. When connecting with customers and vendors online, third-party damages can occur. Third-party damages can take various forms, but often occur when a virus is transmitted to another company or customer. When this happens, your organization could be held liable for any damages.
  2. Business interruptions. Manufacturing businesses often require the use of computer systems, and a disaster can halt your ability to transmit data and lead to lost revenue. Time and resources that normally would have gone elsewhere will need to be directed toward the problem, which could result in further losses. This is especially important as denial-of-service attacks by hackers have been on the rise. Such attacks block access to certain websites by either rerouting traffic to a different site or overloading an organization’s server.
  3. Cyber extortion. Hackers can hijack websites, networks and stored data, denying access to you or your customers. They often demand money to restore your systems to working order. Because a variety of manufacturing projects are time sensitive, delays of any kind can wreak havoc on an organization’s bottom line.

Protecting Yourself with the Right Coverage

To protect your business, cyber liability insurance should be used as part of your overall risk management strategy so you can address a cyber breach quickly and reduce possible damages. The following are possible exposures that may be covered by a typical cyber liability policy:

  • Data breaches
  • Intellectual property rights
  • Damages to a third-party system
  • System failure
  • Cyber extortion
  • Business interruption

Cyber liability insurance is specifically designed to address the risks that come with using modern technology—risks that other types of business liability coverage simply won’t cover.

The level of coverage your business needs is based on your individual operations and your range of exposure. It is important to work with a broker who can identify your areas of risk so a policy can be tailored to fit your situation.

© Zywave, Inc. All rights reserved

1 in 4 Internet Users Don’t Know How to Respond to a Ransomware Attack

Posted on by

The 2017 Centre for International Governance Innovation (CIGI)-Ipsos Global Study on Internet Security and Trust, which surveyed 24,255 users across multiple countries, recently found that 1 in 4 internet users would have no idea how to respond to a ransomware attack. In addition, the study found that just 16 per cent of users would know how to retrieve data from a backup while another 13 per cent wouldn’t even attempt to recover data if vital information was compromised.

This survey comes on the heels of the recent WannaCry ransomware attacks, which impacted over 200,000 users in at least 150 countries. Initial reports indicated that the WannaCry attack used ransomware to hijack computer systems and demand money in the form of bitcoin, a type of digital payment system.

The ransomware initially requested around $300 and, if no payment was made, it threatened to double the amount after three days and delete files within seven days. This type of cyber attack is common and can impact businesses of any size, so it’s important to know what steps to take in order to protect your business.

The WannaCry attacks illustrate the importance of ensuring that any and all software patches are up to date. For further protection, consider training every employee on cyber security, and instruct them to never click on suspicious emails or attachments.

Other ransomware precautions include the following:

  • Update your network if you haven’t yet and implement the appropriate software patches.
  • Turn on auto-updaters, if available.
  • Don’t click on links that you don’t recognize.
  • Don’t download files from people you don’t know.
  • Back up your documents regularly.

Following this attack, organizations are likely to be more proactive in adjusting security measures so malware can’t spread automatically. Taking these precautions into mind, your organization can avoid potentially costly ransomware attacks. As an added benefit, a higher focus on in-network security measures can make your organization more attractive to potential customers and other third parties.

© Zywave, Inc. All rights reserved

88 Per cent of Employees Lack Knowledge to Prevent Cyber Incidents

Posted on by

According to a recent report, 88 per cent of employees lack the understanding necessary to prevent common cyber incidents.

That report was designed to test the level of knowledge and awareness of cyber security among employees by asking them to name proper behaviours in given circumstances. The survey covered eight risk domains and assigned three risk profiles—Risk, Novice and Hero—to indicate an employee’s privacy and security awareness IQ.

Key findings from the report include the following:

  • Only 12 per cent of respondents earned a “Hero” profile, while 72 per cent were given a “Novice” profile and 16 per cent were given a “Risk” profile.
  • Almost 40 per cent of respondents disposed of a password hint using unsecure means.
  • About 25 per cent of respondents failed to recognize a sample phishing email, even though it came from a questionable sender and included an attachment.

Educating Employees

This report highlights one of the key vulnerabilities of any organization—employees’ lack of basic cyber security knowledge. Regardless of other hardware or network protections, employees can and will allow cyber criminals into an organization, often without even realizing it.

Fortunately, employee cyber training can help reduce this risk to your organization.

© Zywave, Inc. All rights reserved.

Blog

FOLLOW OUR BLOG

Receive notifications of new posts automatically.

ABEX - AFFILIATED BROKERS EXCHANGE IS ON FACEBOOK.

Like us on Facebook
Connect with us on LinkedIn

CONNECT WITH US ON LINKEDIN