Cyber Crime: Are You on the Hook?
Don’t click that link! How many times this year have you received a spam email or a notice from IT advising you not to click a link you just received? According to Symantec, 50 percent of email worldwide is spam.
Social attacks are tactics most commonly used by hackers in the information and professional services sectors. There have been 1,450 incidents and 381 with confirmed data disclosure that fell within the social attack category in the last year, according to Verizon’s Annual Data Breach Investigations Report. Generally speaking, the motivation for these types of attacks is financial.
Phishing is an attempt to get the recipient to click a link within an email. Once clicked, malware ends up downloading to the user’s computer or requests credentials that the user inputs, thinking it is a valid request for their password. Another type of social attack is pretexting. Pretexting requires more effort on the attacker’s end, as they are targeting specific individuals who usually transfer money in their day-to-day role. As an example, the attacker will spoof an email address posing as the CEO of the company and request money to be wired to a specific account. Since the employee performs these wires on a daily basis for the CEO, the employee thinks nothing of this request and wires the money to the requested account. Unbeknownst to the employee, the money is sent to the attacker’s bank account, which is closed upon receipt of the money.
Businesses can help prevent these social attacks by hosting employee training on phishing attempts and requiring dual authorization for all wire transfers. Additionally, Devon Park offers up to a $500,000 sublimit for social engineering coverage under our Errors and Omissions, Media and Privacy (EMP) product.
Another common way for breaches to occur, accounting for 41 percent within the Information and Professional Services sectors, is by using web applications. Web applications can be breached in a variety of ways. A hacker could get access by stealing credentials, or a company may not install a software patch that left the web application vulnerable. Additionally, the security of the web application could be misconfigured, and hackers have access to the full server holding all of the client’s data. Not only could this be considered a cyber claim, if a lawsuit was brought against the software provider by their client for failure to configure the software correctly, this could be considered an errors and omissions claim as well.
Local File Inclusion (LFI) is another way that hackers gain access to data within a web application. Under this type of attack, the intruder could trick the web application to upload files that they should not be able to access. Businesses can prevent web application hacks by utilizing two-factor authentication, regularly changing passwords and updating software when patches are available.
Miscellaneous and technology professionals can protect themselves from the financial burden these types of attacks bring under our EMP product. Advantages include:
- Limits up to $5,000,000
- Worldwide coverage territory including coverage for General Data Protection Regulation (GDPR)
- Cybercrime sublimit available up to $500,000
- Dependent business interruption sublimit available, up to $100,000
- System failure sublimit available, up to $100,000
- Full limit for reputation damage
- Carveback for cyber terrorism
- Full prior acts available on cyber coverages for first time buyers
As 2018 comes to an end, it is important that businesses start preparing for next year. According to Juniper Research, data breaches are expected to cost businesses $2.9 trillion globally in 2019. Contact your Devon Park Specialty underwriter today to learn how our EMP product can protect your clients.
As always, thank you for your support and business.
Contact Erik Tifft
Product Leader | 844-438-6775 Ext. 2354
Written by Samantha Hildebrand
December 6, 2018