What is a Cyber Attack?
“I don’t know. But I will when one happens to me.”
Simply defining a cyber attack can be a challenge. It’s like trying to explain the shape of air, always changing. Crooks are incredibly creative these days and their operations are evolving. They are constantly inventing new ways of attacking your business. And cyber attacks are just that – an assault. They represent threats as real as a thief stealing from a cash register. Except the financial impact from a cyber loss is much greater.
So, let’s broaden our thinking on what a cyber attack may look like, because many of us hold an erroneously narrow view, founded upon a few high-profile stories prevalent in the news. However, a cyber attack can fall within any of the following broad categories:
- Loss of Customer Data: Hackers steal information and profit by selling it to other criminals.
- Loss of Employee Data: Even if you prudently guard customer data, most companies are required to maintain sensitive information on their employees as well. This can be social security numbers, payroll information, bank account numbers, health issues, and more.
- Breach of Company Secrets: Competition is fierce. Are your competitors engaging in corporate espionage and reading your email?
- Ransomware / Extortion: This occurs when a criminal gains access to your company’s server, website, or local computers, and blocks access. They then demand payment before releasing control. This is a common ploy and quite effective for a fast cash turn-around.
- Virus: In any one of their multitude of forms.
- Funds Transfer Fraud / Computer Fraud: This is a favorite among thieves due to the huge payouts possible. The ploy is to gain access to bank accounts utilizing one of several common strategies, and transferring money to an account they control. Strategies utilized to gain access information range from social engineering to good old-fashioned picking through your trash.
- Social Engineering: A broad category that is rocketing in popularity thanks to the creativity of the bad guys. They get an A+ for divergent thinking. At its core, this strategy is to use fraudulent email or other communications to trick an employee into taking a specific action. Popular schemes include monitoring network traffic, then mimicking legitimate emails and misleading employees to divulge sensitive information such as payment methods, bank account passwords, or to make a payment to a fraudulent vendor.
- Paper: Feeling nostalgic? Store your sensitive data in paper form? Any of the above can be accomplished by targeting important information on paper, many times with less effort.
It’s like trying to define the shape of air, always changing.”
Next we will explore what constitutes a loss of customer data, including who is responsible for the data’s safekeeping, whether the data owners or users or both. We will also address when a loss of data needs to be reported, and to whom.
David Merriman, CPCU
David Merriman is a 20-year veteran insurance underwriter and agent who specializes in insuring technology-based companies.
- IT Insurance
- Cyber Liability Insurance and Data Breach
- Cyber Insurance Frequently Asked Questions
- Social Engineering
- Real Estate Agent Cyber Liability Insurance
- Cyber Risk Management Program