Hackers have a variety of ways to unleash cyber attacks on individuals and businesses, and they use their nefarious toolbox each and every day to steal sensitive information. According to Symantec’s 2011 Cybercrime Report, the daily cost of hacking in the US is a whopping $382 million.
Phishing for data
One common technique to trick employees into giving away sensitive information is called “phishing.” In a phishing attack, an official-looking email pretending to be from a bank or some other reputable company that your firm does business with is sent to one of your employees. The email usually gives a reason why the employee needs to click a link to log into the account with said company.
For example, a phishing email from a financial institution might tell the reader that contact information needs to be updated, and clicking the link in the email will take the user to the correct web page. The employee is fooled into believing the email, clicks the link, and is directed to a bogus web site that appears to be totally legitimate – the logos and style of the web site are nearly identical to the real thing. So, the user logs in, and immediately the bad guys have your firm’s username and password for the bank.
Other email scams
An article in Fast Company speculates that another kind of email attack is how a Pentagon contractor’s computer network might have been compromised last year, when it lost 24,000 files to hackers.
The potential scenario goes like this: A particular employee of the defense contractor was targeted, and the hackers did research to find out who this employee’s co-workers were. Then, the hackers send an email to the employee and make it appear that it is from a trusted co-worker. The email contains an attached file that the email says needs to be reviewed. So the employee is totally duped and opens the attachment. Doing so introduces malicious code into the network; at this point the possibilities are nearly endless for the criminals.
Bots and spiders
Exploiting known security holes in programs and operating systems is another method hackers use to destroy your digital defenses. Computer scripts called “spiders” are always searching networks connected to the Internet for vulnerabilities. When the spider finds one, the hacker has access to your system.
Then, another computer program called a “bot” takes over. The bot exploits the weakness the spider found, by infecting your system with code that will pass back to the criminal all sorts of files and other information stored on the network.
Internet insurance can help
Cyber criminals are smart, and they are highly motivated because there are billions of dollars out there for the taking. It’s tough, if not impossible, to stay a step ahead of them. Because your firm getting attacked is probably not a matter of if, but when, procuring a robust, tailor-made Internet or cyber liability policy is necessary.
Though Internet insurance doesn’t have to be expensive, it is money well spent. The premium cost for a cyber insurance policy can be as little as a few thousand dollars for a $1 million policy limit.
We at INSUREtrust have been cyber liability insurance experts for over 15 years. Over the past ten years, INSUREtrust has written more than $100 million in premiums and paid more than $30 million in claims. Insurers are looking for business and we can find competitive pricing and terms for any risk.