Financial Advice

Most companies rely on technology for their business activities and this leaves them vulnerable to cyber attacks.

New Year.....Old Threats!

January 2017


Whether from employees or outside elements, cyber attacks can interrupt operations, result in the theft of company information and the loss of customer data — with devastating effects on their reputation and profits. The threat of litigation and increased regulation have increased this risk and escalate potential losses.

The hackers behind the most cyber-attacks are not as well known. There are at least four broad categories of attackers: financially motivated, ‘hacktivists’, nation-state-supported actors and malicious insiders/employees. Some hackers can overlap into more than one category. The driving force behind financially motivated attackers is clear: to steal information or prevent systems from working correctly in order to extort ransom payments. 

‘Hacktivists’ commit cyberattacks in support of an ideological cause. You may have heard about the activities of ‘Anonymous’ or ‘LulzSec’.

Nation-state-supported actors are classed as foreign government agents or cybercriminals working on their behalf, whose agenda can range from stealing economic information to launching disruptive or destructive attacks. Malicious insiders who are often disgruntled employees, seek to take advantage of their privileged access in order to steal valuable information, disrupt or destroy their employer’s computer systems.

The means by which outside attackers gain unauthorised access to computer systems vary, from low-tech to the most sophisticated operations. Simple attacks like phishing emails which carry malware software code are often surprisingly effective and can provide a hacker with deep access to a target network. No matter the means of attack, a determined hacker will (usually) eventually be successful. Time is on the attacker’s side, whereas a company’s computer network needs to prevent attacks 100% of the time.

The technology which companies employ and their business activities are different, so there is no “one-stop solution” to keeping these hackers at bay. Speed is often important in dealing with a cyber attack and a ‘break glass’ incident response plan could increase the efficiency of a response and help with the preservation of data, which is important for expert forensic assessment and emergency assistance.

Prevention is always better than the cure so companies may also wish to consider their culture of security. Engagement by senior management coupled with regular training, which raises awareness among employees, may help to defend against low-tech attacks such as phishing emails and promote an overall emphasis on cyber security defence. Implementing IT security policies which employees sign for can help concentrate their minds on how important protecting their company’s assets are, from what potentially could be a threat to the survival of the company which they depend upon. Taking steps now will help prevent or reduce the frequency of hacking incidents and the associated financial loss and/or reputational damage. Cyber criminals are becoming more sophisticated so we would recommend reviewing your risks on a regular basis. Woodward Markwell Insurance Brokers can provide practical advice to help you and your business protect you against these ongoing and emerging risks.
 
Thomas Hallat - hallatt@wmibl.co.uk/01473 408498