Cyber risk: the threat is inside our company

Reading time: 8 minutes

Computer frauds, viruses, data and identity theft, misuse of credit cards, cyber attacks on our computers: these are some of the major threats that affect businesses all over the world on a daily basis, such as hospitals, multi-utilities, law and auditing firms.

Most of these intrusions are coming from within the company and could even be caused by unfaithful employees.

Preventive and control measures, IT experts, cyber insurance: are the three strategies that a business should invest in nowadays.

Control your digital behaviour! This is the main message sent to entrepreneurs and risk managers by Hacktivity, the International Forum on Digital Security that I recently attended in Budapest Hungary.

Numerous experts and IT engineers gathered from all over the world to discuss how to protect businesses from daily computer scams.

It has been agreed from the start, that European companies have proved to be very vulnerable to cyber intrusions.

The above statement is confirmed by this research of 2016.

What stands out from the research, is that nowadays some Central European countries are affected more by cyber crime than others such as Denmark, Luxembourg, Israel, Cyprus, Germany, Switzerland, Singapore, Vietnam.

Hungary has suffered the largest number of cyber attacks right after Turkey, closely followed by Czech Republic, Lithuania, Ukraine, Slovenia, Austria and Croatia.

In Romania, Dacia’s production has recently been compromised by a violation of computing systems, while in Poland the government has announced that dozens of companies and banks have been attacked by hackers whose identity is still unknown.

On the web, who can we really trust?

How often is it that in good faith and with imprudence, we download an update or anti-virus file from one of our favourite web-sites?

Have we never received a suspicious friendship request on our social network platform?

From all the emails received daily from well-know organisations (such as banks or web service portals, phone companies, online auctions portals, email providers and social networks) how many is sent by people that we actually know?

Cybercrime can affect our PC and mobile devices in various forms. Our good faith and inexperience can result in failure to identify suspicious emails, notifications or contact requests.

What is the common point of these attacks?

We can find plenty of detailed descriptions of today’s most common computer attacks on the web. The main problem with identifying a cyber attack is that we are often not aware where and/or who they come from.

These intrusions can be carried out by criminals who are hundreds or even thousands of miles away from our office.

However, we should also consider that most of these threats are perpetrated by the staff working in our company.

As confirmed during the Budapest International Forum and by an IBM research of 2015, the most affected sectors – Food, Manifacture, Financial – are exposed to threats from within the company.

How?

1.Unhappy and helpless human resources.

The lack of familiarity/experience in recognizing new web intrusions and how to react properly in the event of an attack to our IT systems means that employees, external collaborators and consultants are the most vulnerable groups within the business world.

Our Human resources, as Deloitte says, unknowingly leave themselves vulnerable to these cyber attacks, becoming the preferred target of unscrupulous hackers without them or their employer being aware of it in time.

2.Unfaithful employee.

The most surprising and alarming issue is that these attacks can also be voluntarily committed by the employees of the company.

This is the result of a recent study by the English Forensic Association.

Criminal behaviour of unsatisfied employees, often engaged by the competition, exposes the employer to very serious financial consequences, such as:

  • the violation of the legislation and rules on business data protection,
  • the damage to the computer system,
  • the transmission of passwords and other confidential business data, corporate copyright to our/the competition.
Hactivity Forum 2017, Budapest, Hungary.

In case of computer fraud, what are the most important questions we have to ask ourselves?

1.New European Obligations on Privacy Protection. In case of a theft, is my client’s data sufficiently protected? Do we know that from May 2018, in case of a breach of our IT system, we may be subjected to pricey sanctions for incorrect and improper data conservation and protection?

2.HR and unfaithful employee. What happens if our employees steal confidential business data? Do our employees and managers know how to detect threats from the web? Are computers and mobile devices sufficiently protected from these attacks?

3.Intellectual Property and Competition. What if patents and sensitive information about my company’s intellectual property fall into the wrong hands? What about the lists of our partners and the contractual agreements in place with suppliers? Is this information safe enough from web-based attacks?

4.Manufacturing Sector. Are we aware of the latest cyber attacks that have already affected the companies operating in our sector?

5.Business interruption. In case of a prolonged interruption of our IT systems, is my staff adequately prepared to resume to work quickly?

6.Legal expenses. In case our customer has suffered a damage by a breach of our computer system and takes us to court, how much would a lawyer specialized in this area cost us?

How can we protect ourselves from a computer attack?

The tools available today can be prevention, control and also insurance. The topic of prevention and control is a very complex one and deserves a separate discussion.

With regard, however, to the current Cyber ​​policies available on the European market, the insurance industry is reviewing the limits of coverage, due to the increase in requests of claims.

What financial risks does Cyber ​​Insurance cover?

1.Introduction. 

Almost 10 years ago, cyber insurance was not taken in considerable account, but now -due to the  enormous increase of the exchange of millions of data and informations, and due to the development of fast computers connections -the situation has rapidly changed.

This change has had both positive and negative impact on cyber security.

On one hand, businesses are increasingly interconnected: they are therefore more vulnerable to threats from the web.

On the other hand, insurance companies and risk managers have a clearer picture of how companies communicate with their business partners and consumers and how to customize a proper cyber coverage for our businesses and firms.

2.The main covers of the Cyber Policies.

“Physical” damage to hardware, resulting from a temporary or partial compromise of the operation of the computer system may be covered, in most cases, by the so called electronic insurance, which is fairly widespread among both manufacturing and consulting companies.

“Financial” damages may found coverage under the Cyber Policy, which allows us to be protected from some important cost matters such as the examples below:

  1. third party claims (suppliers, customers or partners to whom we are responsible),
  2. reputable damage,
  3. extortion,
  4. sanctions resulting from the failure to observe legal obligations regarding the retention of sensitive data,
  5. damages from theft of confidential information (see, for example, intellectual property),
  6. loss of turnover,
  7. costs of investigation and legal fees,
  8. production shutdown and cost recovery of the operation of the IT system.

Send this to a friend