As if navigating the challenges that have arisen from the coronavirus pandemic wasn’t enough, businesses must also be wary of an increase in ransomware attacks and business email compromise (BEC), which were the two most impactful cyber threats in 2019 in terms of both business disruption and monetary loss.
The current crisis has offered new opportunities for cyber criminals to target businesses with COVID-19-related cyber scams, which in some cases involve hackers setting up fake websites that offer safety information about COVID-19 or criminals posing as government agencies in emails and social media posts to trick people into clicking on a link.
Within this environment, businesses must continue to be vigilant in training their employees about clicking on suspicious links and maintaining a strong cybersecurity posture. After all, according to Tokio Marine HCC’s “2020 Cyber Digest Analysis of 2019 Cyber Claims Data,” employee negligence is now the third-ranked cause of cyber loss for non-healthcare policyholders and continues to be the leading cause of cyber loss for healthcare insureds.
“There is always going to be a human element, and it is impossible to get to 100% compliance with various rules, regulations and best practices,” said Mike Palotay, chief underwriting officer at Tokio Marine HCC.
He pointed to the healthcare industry, which has a serious employee negligence risk because there are many people with access to private information that is being sent to different recipients.
“We get a lot of claims where someone faxed medical records to the wrong number, or released the medical records to a family member when they weren’t supposed to,” said Palotay, adding that these risks are inherent to the industry because of what healthcare staff must do every day.
Across all industries, phishing attacks also play a role in preying on the human element to expose businesses to cyber threats.
“Phishing attacks are a function of employee negligence. For the most part, it is relatively straightforward to make sure that you do not fall for a phishing email, but the statistics show that approximately 20% of these campaigns are successful,” noted Palotay.
As a result, business leaders need to keep in mind key risk mitigation steps to limit their exposure to these threats, especially since the risk of employee negligence can be exacerbated in networks at other remote locations, away from established networks.
“You can try to bring that number down with education and by doing a lot of training, phishing simulations, and other things to get people much more in tune with the risks,” said Palotay.
In addition to training, the Tokio Marine HCC report states that another important risk mitigation tool that businesses should implement is multi-factor authentication, which involves users being prompted to verify their identity with a second device when logging into a system. For example, when someone is trying to log into their bank account on their computer, they will receive a message containing a code on their phone for entry into that website.
Another critical piece of the cyber risk mitigation puzzle is the backing up of data, and, specifically, an offline backup data solution so that if a business’s system gets infected with ransomware, they can wipe that system clean and not rely on the cybercriminal to decrypt the files.
Email filtering is likewise an important risk management tool that businesses can use to defend against cyber threats. While many companies might already have sophisticated email systems in place, email filtering uses artificial intelligence to identify dangerous emails that may be coming in, which is oftentimes where malware gets its hooks into a network.
Finally, next generation antivirus software can also help keep businesses protected from cyberattacks. These tools today are behavior-based, so they learn how individuals use their computers and see what software is coming through to identify potential viruses.
There is positive news in all of this, which is that many businesses are already implementing cybersecurity measures to reduce their risk of getting hacked.
As noted in the Tokio Marine HCC report, “While the cybercriminals continue to increase the frequency and sophistication of their attacks, business owners are also becoming more knowledgeable and prepared to defend themselves and their organizations.”