Still hitting the snooze button?
8 motivating reasons to heed cyber security wake-up calls
(page 1 of 3)
From the pages of In Business magazine.
With all the press coverage about computer network system breaches and the associated damage to business finances and brands, one would think cyber security would have top-of-mind awareness in the boardroom. Yet that’s still not always the case, and it’s one of several reasons why cyber criminals are more active than ever.
Business boards and members of the C-suite are bombarded with conflicting messages from regulators and the marketplace, but the reality is there’s a cyber war going on and it’s serious. It’s gotten to the point where hackers hold business organizations for ransom, especially those who have left themselves vulnerable.
Bob Turner, chief security officer for the University of Wisconsin–Madison, has argued that people in his position must make their pitch for technology investments based on the need to manage risk. “A lot of it is due to the fact they [business boards] are just not informed,” Turner laments. “It’s hard to articulate it as an age thing or an experience thing, but a lot of them haven’t necessarily been that close to the IT operation in the last 15 or 20 years.”
If they had been, Turner suggests they would understand the threat posed by the constant volume of cyber attackers probing the enterprise to find a way in.
While technologists struggle to make the case, things are changing on the insurance side, where cyber liability coverage can help mitigate the damage.
Derek Laczniak, an account executive with M3 Insurance Solutions Inc. in Madison, not only sells cyber liability coverage but also blogs on the topic. “Cyber liability and cyber security is definitely a C-level problem and it hasn’t been as high a priority as it should have been, but I’ve actually seen that the [insurance] trend is moving in the right direction. You see executives taking a closer look.”
For the remaining holdouts, we offer eight motivations to take cyber liability seriously and consider insurance coverage tailored to the unique needs of their business and industry.
1. Barrage of breaches
Computer hackers are relentless. There are roughly 35,000 known computer penetration incidents per day, according to the annual Symantec Internet Security Threat report. While it’s not clear how many of them resulted in the theft of personal information, the sheer volume of known breaches should be enough to get the attention of individual consumers, businesses, and academic institutions.
The hackers go after big game and small beer. Ben Shortreed, executive vice president of AVID Risk Solutions, notes the National Security Agency data center in Utah experiences upwards of 300,000 hacking attempts per day for the nation’s most sensitive information. “I would imagine,” he adds, “that they have the best security protocols in place.”
2. Sophisticated swipers
Unfortunately hackers are getting better at their nefarious craft. Despite a relatively flat number of domestic data breaches reported in 2015, Laczniak notes the number of impacted records nearly doubled. Information available from cyber insurance carriers suggests that actual insurance claims reported to carriers increased 50% in 2015, and 2016 will bring even more activity “from a variety of threat sources,” he adds.
The growing threat is one of the reasons it’s common for insurance carriers to review a potential client’s information technology security before any underwriting is done. Insight into network security typically is obtained through an application that “gathers information and asks a lot of control questions,” Laczniak says. “Depending on what application you use, and there are many, and depending on what carrier you’re going with, and there are many, we can have a lot of different views of the strength of controls and the perceived risk that your company has.”
3. Proliferation perils
According to the research firm Gartner Inc., the number of connected devices is expected to increase from 4.9 billion in 2015 to 25 billion in 2020. Without strong password protection the explosion of mobile data traffic would provide a content-rich environment for cyber crooks.
It’s already happening in what cyber experts call a new frontier for criminals. Malicious software can be disguised as a photo or audio clip and once a consumer clicks on them the “mobile malware” is installed in their device, allowing hackers to remotely control it. “You can almost go anywhere and see mobile devices, which could be lost or compromised, that may contain sensitive emails, access to client management systems, health records — you name it,” Shortreed says. “The 128 gigabyte USB devices are available for $30, which could carry tens of thousands of sensitive documents to be leaked or lost.”
4. Ransom rascals
Typically, ransomware is deployed through phishing attacks and therefore can be activated by any employee of an organization. The convincing nature of phishing attacks is a key reason why Laczniak characterizes ransomware as “user-friendly.” On a variety of levels, these attacks are also very damaging to businesses — just ask Hollywood Presbyterian Medical Center. The Los Angeles hospital recently paid hackers $17,000 to regain control of its computers, which were hacked with a malicious code that’s capable of locking entire computer networks. The hospital was left with no choice after it was relegated to the untenable situation of using pencils, fax machines, and paper in an era where patient data is contained in electronic medical records.
Organizations that fail to frequently back up critical files (on an hourly basis, if possible), or fail to provide special employee training on how to spot a phishing email and use credible security technology to check the authenticity of all emails, including any embedded files or links, leave themselves vulnerable to having ransomware installed in their system.