What could cause a cyber breach?
Cybercrime is constantly evolving and data breaches can happen in a number of ways – here are some pointers to help you and your staff stay ahead of the threat actors or hackers.
Clicking on a link or opening a malicious attachment in a phishing email or SMS message (smishing) is one of the most common ways a data breach can happen. A phishing email or message is sent maliciously by a threat actor and usually contains a compelling reason to click or open a link or attachment.
Spearfishing is an adaption to this where individuals are more specifically targeted. The email looks like it’s genuinely from a friend or known contact of the recipient and will contain a link that will give that threat actor or hacker to your company’s network. Human resource and finance departments are also especially vulnerable to this type of attack.
Whaling is when specific individuals such as C-suite individuals and senior executives are identified and targeted because they have access to particularly sensitive information. The emails are highly personalised and crafted using appropriate business language in order to convince the recipient.
There’s also an offshoot of spearfishing known as “vishing” - or voice phishing - when someone impersonates someone else by phone to access confidential data. It’s usually done in conjunction with a spearfishing email to validate the request by providing a phone number to call.
The most common types of Cyber Attack
Once the hackers have access to your systems, they typically bide their time. They’ll silently sit in your network, take a look around and watch who you correspond most with and where they might insert themselves. In other words, they’ll work out how they can cause the most disruption to support their cause, or simply for maximum financial gain.
When they decide to act, they might spoof an email from a client to look like it’s legitimate and say that banking details need to be updated. This is called a social engineering loss.
While it’s essential to have adequate cover in place if your organization is subject to an attack, training your employees to recognize a phishing email is one of the best ways to prevent an attack. All our cyber insurance clients have free access to phishing simulations via DataSafe, our cyber risk management platform.