What could cause a cyber breach?

Cybercrime is constantly evolving and data breaches can happen in a number of ways – here are some pointers to help you and your staff stay ahead of the threat actors or hackers.

Watch our videos explaining different types of cyber attacks and common threat actors or read the full article below.

Phishing

Clicking on a link or opening a malicious attachment in a phishing email or SMS message (smishing) is one of the most common ways a data breach can happen. A phishing email or message is sent maliciously by a threat actor and usually contains a compelling reason to click or open a link or attachment.

Spearfishing is an adaption to this where individuals are more specifically targeted. The email looks like it’s genuinely from a friend or known contact of the recipient and will contain a link that will give that threat actor or hacker to your company’s network. Human resource and finance departments are also especially vulnerable to this type of attack.

Whaling is when specific individuals such as C-suite individuals and senior executives are identified and targeted because they have access to particularly sensitive information. The emails are highly personalised and crafted using appropriate business language in order to convince the recipient.

There’s also an offshoot of spearfishing known as “vishing” - or voice phishing - when someone impersonates someone else by phone to access confidential data. It’s usually done in conjunction with a spearfishing email to validate the request by providing a phone number to call.

Once the hackers have access to your systems, they typically bide their time. They’ll silently sit in your network, take a look around and watch who you correspond most with and where they might insert themselves. In other words, they’ll work out how they can cause the most disruption to support their cause, or simply for maximum financial gain.

When they decide to act, they might spoof an email from a client to look like it’s legitimate and say that banking details need to be updated. This is called a social engineering loss.
While it’s essential to have adequate cover in place if your organization is subject to an attack, training your employees to recognize a phishing email is one of the best ways to prevent an attack. All our cyber insurance clients have free access to phishing simulations via DataSafe, our cyber risk management platform.

Ransomware – one of the most popular attacks

Using ransomware – malicious software or malware – is another common type of cyberattack, and it usually happens in one of two ways.

This is where the hacker accesses your system and deploys ransomware to encrypt everything. Then they demand payment in return for the decryption key. The second method is where hackers exfiltrate data from your system and hold it hostage externally, while threatening to release it to the public.

Physical breach – the old-fashioned way

Data breaches can also happen because of good ol’ fashioned physical theft. Stolen paperwork can contain the same sensitive information as stolen electronic data. If this happens, our claims team can arrange credit monitoring for the individuals affected and notify the State Regulators.

Property damage caused by a cyber attack

Our cyberattack Plus product is designed specifically for large manufacturing, utilities or transport companies. It combines two elements of cover; property damage and cyberattack.

An example of a cyber-attack claim in this case could be a paint manufacturer where a hacker alters the chemical composition of the product. This could have huge implications for product safety as well as reputation. The result is a halted production line and potentially a large amount of unusable stock.

Find out more about the cyber gap for SME's breach response services and more on our Cyber Knowledge Hub.