A crucial weakness in many companies’ cybersecurity defenses is their employees. With a sixfold increase in ransomware attacks over the past four years and the costs of responding to those ransomware attacks up almost tenfold over the last two years, reinforcing cybersecurity measures that fight against human error is key for businesses.
“Human error is inevitable and can cause all kinds of cybersecurity problems, but the most prevalent by far is falling for an email phishing attack,” said Michael Palotay, Chief Underwriting Officer for Tokio Marine HCC – Cyber & Professional Lines Group.
A 2019 study published in JAMA Network Open found that healthcare organizations are most susceptible to phishing attempts, with employees clicking one in seven simulated emails sent, and these findings were consistent with similar studies across other industries, where click rates can range from 13% to 49%.
“In many cases, training can significantly limit the success of phishing attacks. However, it doesn’t completely erase the risk of a few employees falling for the scheme,” said Palotay. “If you’re the CEO of a company with 70 employees and you know that if every single one of your employees was sent that email that approximately 10 of them would fall for it, you know that you don’t have an effective security strategy.”
To combat this risk, companies should implement dual-factor authentication, which is the easiest and most effective step an organization can take to fight off cyber criminals. When logging into an email account, the user must first provide log-in information before receiving a code on their mobile device that must then be input as well, adding an extra layer of protection.
In the midst of a pandemic, re-evaluating cybersecurity measures like this can be especially important, as cyber criminals have reportedly been taking advantage of heightened fears as well as remote work set-ups, which might not be as secure as networks in offices.
“There’s the potential of more hacking attacks because many businesses have enabled remote access, which they did not have previously, without properly safeguarding their network or email systems,” explained Palotay, adding, “We are also seeing a spike in phishing emails related to the coronavirus.”
Tokio Marine HCC – Cyber & Professional Lines Group has been providing its cyber policyholders with guidance on preventing phishing attacks to ensure that insureds are not only aware, but prepared.
“One of our services is a phishing simulation, which combines training with the simulation exercise to test their employees’ vulnerability,” said Palotay.
With many businesses already facing a myriad of challenges from employees working from home during the pandemic, training employees on how to recognize a phishing scam can keep that list of challenges shorter.
“Dual-factor authentication and phishing training are relatively cheap and simple measures to implement,” said Palotay. “And, much easier and less expensive than having to deal with a hacker that attacked your company’s network and caused havoc.”
Want to learn more about the issues shaping the cyber insurance market in the US? Make sure you sign-up for our new - and completely free - virtual event, Broker Connect taking place on June 09.