Complex Cyber Crimes Targeting Small Businesses
October 10, 2018
October is National Cyber Security Awareness Month, so it’s a good time to review your cyber security strategy. Many small businesses think they won’t be targeted by cyber criminals because the hackers will go after large companies instead. In reality, nearly half of small businesses have suffered a cyber attack in the past year. Hiscox claims data shows that a business is 40% more likely to be the victim of a cyber attack than a burglary. Attacks are becoming more sophisticated, more varied, and more difficult to detect.
Cryptojacking and Ransomware Related Cyber Crimes
Ransomware, payment diversion fraud, and targeted hacks are the most common types of cyber attacks. But more sophisticated crimes like cryptojacking (surreptitiously using a business’s network to mine for cryptocurrency) and Border Gateway Protocol (BGP) hijacking (taking over groups of computer IP addresses) are increasing.
Another trend that is increasing is the ‘man in the middle’ cyber attack, where an email in intercepted and altered. A hacker intercepts an email message from a vendor requesting payment, and changes the account number to which the payment should be sent. The recipient thinks they are paying a legitimate bill, but the money is actually going to the hacker.
Cyber Alert: Form Jacking is a Potential Threat for All Business
By infiltrating a third party service provider, the hacker gets access to that company’s customers, enabling the hackers to harvest large amounts of data, representing a significant risk to providers. In short, the service provider is inadvertently distributing the malware on behalf of the hacker. Symantec reports over 250,000 recorded attack attempts since August 13th. Often, the malware is specifically designed to work with the target company’s infrastructure, making it difficult to detect.
The Implications for Victims
In most cases, affected companies must pay to notify those whose information may have been compromised, and pay the cost to issue new credit cards. There may also be a business interruption cost while the threat is isolated and eradicated.
GDPR requires a response within 72 hours if personal information had been breached. In the US, businesses may be subject to different regulations.
Protect Your Business from Cyber Crime
To protect your business and your customers from these evolving threats, your company should have a cyber security plan in place. To learn how to prevent, detect, and mitigate a cyber attack, download the 2018 Hiscox Small Business Cyber Risk Report.
Cyber insurance can protect your business from the costs associated with a cyber attack, and Hiscox’s cyber coverage includes access to expert resources to help deal with an attack, minimizing the downtime and cost to your company.
October is a good time to look at what more you could be doing to protect your company from emerging cyber threats all year long.