How a cyber attack can affect your business

Cyber attacks come in many different forms, and the type of attack on any particular company depends on the type of information the intruder is looking for. As an Insurance Broker who has been advising businesses on these risks for many years, I have found interest in cyber insurance coverage is at an all-time high. Those who previously thought it was too over the top, too expensive and not a necessity, are taking a much closer look at these exposures. The fact is, more businesses are seeing it as an important part of their management of these risks due to the potential interruption and income loss they could suffer in the future. This is because unfortunately there is actually no 100% effective protection provided against Cyber attacks. Cyber attacks affect all industries, but the type of attack deployed depends on the industry to which the company being targeted belongs. In 2015, the health care, financial services, retail and education sectors were those that saw the greatest number of cyber incidents. Cyber attacks come in many different forms, and the type of attack on any particular company depends on the type of information the intruder is looking for. 

Here are the five major types of attacks to which your organisation could be vulnerable:

Phishing is perhaps the most commonly reported type of cyber attack. Trying to keep up with the methods used for some phishing attacks is proving to be very difficult. There are various types of phishing attacks and the type that is used usually depends on the industry. Hackers send out hundreds of thousands of emails [with an attachment or link] hoping that someone will click on them. That is the way the hacker hopes to gain access to your system. Once you open it, you're giving them access to your computer system and the information in it.

Each of these types of attack has its own objectives. Any one of those is an attack on your software, your systems, your theft prevention software. Gaining access through any one of the malware type of attacks. Basically it is a malicious software with the intent to gain unauthorized access and that could include viruses, spyware, and more recently, we've seen ransomware where they'll lock down your system and essentially say 'we have your data, if you want it back you're going to pay a ransom and we'll let you gain access back to your information". One of the most utilised systems is Crypto Locker. You receive what looks like a legitimate email, but if you click on the link or attachment you can allow hackers immediate access to your system. It's as simple as that. As for spyware, hackers introduce a software into your system that looks for the simplest form to track keystrokes to get passwords or electronically spy on your network, whether to gain access to confidential information or spying in order to gain access to unidentifiable information. Those so called "Microsoft" technicians that call randomly are expert in introducing these. A "worm" is similar to a virus but it spreads differently. In order to affect your files, a worm eats into your system and runs on its own. If a worm is introduced into your system, it could replicate by resending itself from your system to everyone in your contacts list; so one person lets it in and then it just compounds itself; depending on how it's written, it could get back to every contact on your list.

Each of these types of attack has its own objectives. Any one of those is an attack on your software, your systems, your theft prevention software. Gaining access through any one of the malware type of attacks. Basically it is a malicious software with the intent to gain unauthorized access and that could include viruses, spyware, and more recently, we've seen ransomware where they'll lock down your system and essentially say 'we have your data, if you want it back you're going to pay a ransom and we'll let you gain access back to your information". One of the most utilised systems is Crypto Locker. You receive what looks like a legitimate email, but if you click on the link or attachment you can allow hackers immediate access to your system. It's as simple as that. As for spyware, hackers introduce a software into your system that looks for the simplest form to track keystrokes to get passwords or electronically spy on your network, whether to gain access to confidential information or spying in order to gain access to unidentifiable information. Those so called "Microsoft" technicians that call randomly are expert in introducing these. A "worm" is similar to a virus but it spreads differently. In order to affect your files, a worm eats into your system and runs on its own. If a worm is introduced into your system, it could replicate by resending itself from your system to everyone in your contacts list; so one person lets it in and then it just compounds itself; depending on how it's written, it could get back to every contact on your list.

This happens when a server is overloaded with connections, with a goal of ultimately shutting down your website or network system. Hackers are overloading your system, hoping it will shut down your network and you will not be able to operate your business.

A very sophisticated software or algorithm which is written to do whatever it can to attack your system by searching for vulnerabilities and in many cases, attacks a password-protection mechanism. The brute force attack will use a specially designed software to go through hundreds of thousands of different words, combinations of words and numbers to try to crack your password. They will even go through every word in the dictionary to see if they can access something like a password.

In this case they are not attacking your system, they're attacking individuals, and the obedient staff who have the authority to electronically transfer funds. This type of attack doesn't target your data, but instead your money and once it's transferred it's quite likely that you will not be able to retrieve that money back... I have seen a very good friend who is a CEO in a Risk Management company have his accounts department caught up in a scam. He was away on business but his financial controller received an email, that was from the CEO's own address requesting that funds be transferred urgently to a particular person along with the bank details to use. The email genuinely looked like it was from the CEO, so the financial controller did what he was asked. Upon the return of the CEO, he confirmed he had done what had been asked. When the CEO advised he had sent no such email, it was a quick call to the bank to stop the transaction being finalised.