How to protect business from the risk of a cyber attack
By Robert Woźniak, AIG, Financial Lines East Zone Product Leader, AIG Property Casualty, EMEA
In today’s day and age, cyber-attacks are just as much of a reality for business owners as physical attacks. All companies that store information on computers, servers, or the internet are prone to cyber-attacks.
That’s why all companies should use cyber-security services – not only to protect themselves from cyber risks, but also to take preventive measures.
The issue of cyber threats has in recent years gained global notoriety. The reason for this is the increase in detected cyber-attacks on businesses – according to a report prepared by PwC, The Global State of Information Security 2016, cyber-attacks increased by 46% in Poland and 38% globally in 2015. The principle lesson to be learned is that companies of all sizes are vulnerable to cyber-attacks. Many companies don’t view themselves as the potential target of the attacks because they believe they are too small to be targeted. But from a risk management perspective, that is exactly the wrong attitude to take. All companies are in danger and they have to realise that the cyber-attacks can have devastating impact on their businesses and cause damages and costs associated with the need to restore information, hiring additional public-relations services, and removing the malware. In the case of a cyber-attack, sensitive data could also fall in the hands of unauthorised individuals.
The three cyber-attacks you're most likely to face
There are ways to avoid some of the most common cyber-attacks that your business or workers could face. In the coming years, hackers will launch increasingly sophisticated attacks on everything from critical infrastructure to medical devices and other new technologies. Luckily, most cyber-threats do not target a specific company, and they may be stopped by the use of basic IT security measures, including up-to-date antivirus software and robust firewalls.
Here are the main threats that your company or workers can be faced with:
- Malware – If your companies’ computers are running slower than usual and the workers are getting lots of pop-ups, your PCs might have been infected with a virus, spyware, or other malware—even if you have an antivirus program installed. Malware is software used to disrupt computer operations, gather sensitive information, gain access to private computer systems, or display unwanted advertising (trojans, viruses and worms). Malware is most often introduced to a system through email attachments, software downloads or operating system vulnerabilities.
- Phishing – This is the attempt to obtain sensitive information such as usernames, passwords or other important data. Typically, a victim receives a message that appears to have been sent by a known contact or organisation. Phishing emails include a link that directs the user to a dummy site that will steal a user's information. In some cases, all a user has to do is click on the link. This kind of attack is becoming more and more popular with cyber-criminals, as it is far easier to trick someone into clicking a malicious link than trying to break through a computer’s defences.
- Advanced persistent threats – APT usually refers to a specific group, with both the capability and the intent to target, persistently and effectively, a specific entity. In other words, it is a specialised attack that is used to attack corporations. APT are a group of highly skilled individuals who have the knowledge and capability to hack into large corporations and government entities. A very popular method is for APT attackers to send a very specific phishing campaign known as spearphishing (multiplying employees’ email addresses).
It is often said that the best defence is a good offence – that is why your company should use firewalls, anti-virus or anti-spyware software programs that can detect threats like rogue software. But that is not all – protecting your company is not just about installing dedicated software, but also creating a new type of thinking. Vulnerability management, configuration management and other basic practices have to be priorities in organisations that have not yet implemented the new protection strategies in an effective way.
How to protect your business?
Building a cyber-resilience action plan is a step-by-step process that any company willing to commit the time and resources can accomplish. Regardless how safe a business feels it and its systems are, however, everyone must still be aware of and vigilant about online threats. To avoid similar attacks, businesses should take advantage of specialised insurance packages to prevent and protect themselves from cyber-attacks. In Poland, less businesses use cyber insurance than businesses abroad (although the number of Polish companies using cyber security is on the rise). This needs to change – fortunately, the benefits of using such insurance products have convinced more and more Polish businesses to use this type of policy.
Polish insurance companies – including AIG, which analyses cyber-risks and insures 22,000 firms of various sizes against cyber threats – report growing customer demand for cyber-security. To help businesses protect themselves from growing cyber threats, AIG has created CyberEdge – an innovative protective program that serves to prevent the effects of data leakage and other consequences of data attacks. The package provides insurance not only for cases of damage claims or losses due to disclosed data, but also for the cost of consultants – computer forensics, data recovery experts, lawyers and PR consultants who will advise and develop tailored action plans in the event of a cyber-attack.
Companies, regardless of their size, are in danger of cyber-attacks if they store information online. The key is to develop a personalised package for companies at risk of cyber-attacks, unique to their needs, size, and desired level of security. In assessing the potential risks and collaborating with a company, it is worth understanding how the business approaches data security and depending on the degree of protection needed, propose a series of tailored insurance solutions.
Find out more at www.aig.com
This article first appeared in Contact Online, the British Polish Chamber of Commerce online magazine. You can see it here.