Cyber threats are as prevalent and credible as any other threats we face. You would never leave your front door unlocked and the windows open when you go to sleep. Yet, these equivalents are being played out, online, every day for millions of people and businesses.
1. Social Engineering
The vast majority of cybercrimes contain an element of social engineering. It is a manipulation technique that exploits human error as cybercriminals attempt to evoke a feeling in that will spur targeted individuals into action, and the clever ones are extremely clever. In cybercrime, these “human hacking” scams tend to lure unsuspecting users into exposing data, spreading malware infections, or giving access to restricted systems. Examples of social engineering range from phishing attacks where victims are tricked into providing confidential information, vishing attacks where an urgent and official sounding voicemail convinces victims to act quickly or suffer severe consequences, or physical tailgating attacks that rely on trust to gain.
Ransomware is a form of malicious software that infiltrates a computer or network and limits or restricts access to critical data by encrypting files until a ransom is paid. Ransomware attacks are a major problem for UK businesses and have dramatically increased in terms of regularity and cost in 2021. In fact, due to the rise in remote work prompted by the pandemic, ransomware attacks are up 148% and malicious email traffic up 600%.1
Cybersecurity Ventures expects that a large to medium-sized business will fall victim to a ransomware attack every 11 seconds this year a potentially costly affair, since the expected total costs of ransomware attacks in 2021 are expected to exceed the dazzling number of 20 billion dollars worldwide.2
3. DDos (Distributed Denial-of-Service attack)
In computing, a Distributed Denial-of-Service attack is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet.
The primary way a DDoS is accomplished is through a network of remotely controlled hacked computers or bots. Botnets can range from thousands to millions of computers controlled by cybercriminals. Cybercriminals use botnets for a variety of purposes, including sending spam and forms of malware such as ransomware.
4. Third Party Software
Third party software is a computer program created or developed by a different company than the one that developed the computer's operating system. For example, any software running on a Microsoft computer that was not created by Microsoft is third party software.
5. Cloud Computing Vulnerabilities
It is also true that the COVID-19 pandemic caused many businesses to alter the way they work and switch to cloud-based solutions. Just as with remote working, moving to the cloud can actually be a major positive – however, doing it too quickly and not taking the time to get the details right can leave your business vulnerable to cyber-attacks.
Many organisations simply did not have the kind of IT expertise to manage this kind of migration effectively, and this leads to misconfigurations and other issues that can leave systems with security weaknesses.
6. Staff working from home
With most workers expected to continue to work from home at least some of the time3, this presents an increased risk levels, since on-premises IT networks are exchanged for home Wi-Fi and personal devices.
Whilst remote working has benefits for both employees and businesses it’s an issue for cyber security. Existing network security controls such as firewalls are unable to provide the same level of protection. These protections may be taken for granted by members of staff when they were at the company premises, and they may not take the required precautions to remain safe when working remotely.
Conditions and Limitations
This note is not intended to give legal or financial advice, and, accordingly, it should not be relied upon for such. It should not be regarded as a comprehensive statement of the law and/or market practice in this area. In preparing this note we have relied on information sourced from third parties and we make no claims as to the completeness or accuracy of the information contained herein. It reflects our understanding as at 20/05/2021, but you will recognise that matters concerning Covid-19 are fast changing across the world. You should not act upon information in this bulletin nor determine not to act, without first seeking specific legal and/ or specialist advice. Gallagher accepts no liability for any inaccuracy, omission or mistake in this note, nor will we be responsible for any loss which may be suffered as a result of any person relying on the information contained herein. No third party to whom this is passed can rely on it. Should you require advice about your specific insurance arrangements or specific claim circumstances, please get in touch with your usual contact at Gallagher.