The Biggest and Most Frequently Occurring Cyber Incidents

Posted 27/02/19

As we move further into the digital age, there are more and more 'breeds' of cyber attack creeping up on us.

Regardless of the industry you work in, you will use some form of technology that could be vulnerable to a cyber attack and/or data breach. Because of this, cyber criminals are rife in the number of ways that they can breach the data privacy of both individuals and organisations.

As well as bolstering your digital security systems, it’s important to have damage-control in place, in the form of cyber insurance. Should a cyber attack happen to you or your business, the repercussions and costs can be very significant.

 

The most common types of cyber incident

Malware

Malware in itself can take on many different forms, and so while this is a type of attack, there are several strains of a malware attack that you could be vulnerable to that fall under its umbrella.

Malware directly translates to malicious software. Criminals infiltrate your systems with a piece of this software through a vulnerability in your network. This typically happens when a user of the network “clicks” on something, such as a suspicious link in an email or a download of an attachment. The different types of malware include spyware, ransomware, viruses and worms. Again, these types of malware can be made differently, by different criminal ‘branding’.

In the past, it has been fairly easy to spot a suspicious malware email. However these attacks are becoming increasingly sophisticated. For example, it is not uncommon for a cyber criminal to adopt an email address that would be familiar to you (such as impersonating a colleague, utilities provider or a familiar brand) when attempting to infect your systems with malware. Thanks to the increased sophistication of these attacks, it’s no surprise that over half of all data breaches contain malware and 66% of malware is installed via malicious email attachments (Verizon).

 

Ransomware

Ransomware is a form of malware> This type of threat was particularly present in 2018 and set to increase in 2019. This type of malicious software is designed to infiltrate a network and hold all data ransom until a sum of money is paid. This type of attack is particularly dangerous, as not only do you have to shell out to retrieve your important assets but you will also suffer losses in the meantime while you’re restricted access to your own network. (should we not include the definition sent previously?) 

 

Phishing

Phishing refers to a form of fraudulent communication that appears as though it has come from a legitimate and reputable source. This imitation hack technique is most commonly seen via email communications, with the goal of getting the recipient to part with their details, such as banking details or login credentials. This can result in hackers stealing money or further compromising systems by installing malware.

 

Man-in-the-Middle Attack

A man-in-the-middle attack (MitM) is where a cyber criminal intercepts the communication between two parties who believe they are directly communicating with one another. As such, all information that is passed between the two parties first goes through the criminal’s network, who is able to filter and steal this data. This most commonly occurs on unsecure public Wi-Fi points or in the form of malware that processes all of the victim’s information.

 

Denial-of-Service Attack

This type of attack targets flood systems, servers or networks with a mass of traffic in order to take up the entirety of that system or machine’s bandwidth, which in turn makes it inaccessible to its intended users. This type of attack can disrupt the users access and services temporarily or indefinitely. As this attack compromises your systems and makes it unable to fulfill requests, you could suffer significant loss as those who wished to access your services may turn to others.

 

SQL Injection

A Structured Query Language (SQL) injection is where the attacker inputs a piece of malicious code into a server that utilises SQL, forcing the server to reveal information that would otherwise be inaccessible to anyone who should not have this data. This can be done as simply as the hacker adding an injection to a website’s search box if it is particularly vulnerable.

 

Zero-Day Exploit

A zero-day exploit attack is where the attacker exploits an identified vulnerability before a patch or solution is implemented to fix it. As the attacker targets the disclosed vulnerability during this time, it means that constant awareness is necessary to prevent it. This is most commonly carried out by malicious insiders within your business.

 

How can these incidents affect my business?

It’s evident that there are many ways that your business can become vicariously vulnerable in the cyber world, but all too often we choose to ignore the consequences that falling victim to one of these attacks could present.

We’ve seen so many incidents over the past few years demonstrating how crucially important it is in business to have cyber security and insurance measures in place to protect all aspects of a company.

In fact, following the infamous Morrisons case whereby they became liable for a maliciously driven staff data breach, the judge’s ruling indicates that all businesses should have some form of cyber insurance cover.

 

About the Morrisons Data Leak

The case saw over 100,000 employees’ sensitive data stolen by a former team member, including names, addresses, salaries and bank details. He then went on to publicly post this information online and to newspapers due to a personal grievance with Morrisons.

While initially Morrisons were awarded £170,000 in compensation, the employees whose data had been stolen received no compensation. This lead to over 5,000 of these staff members claiming against the company which following these claims, was held liable for the attack. (This case is still ongoing and is being appealed by Morrisons in the high court. Should the appeal fail, those affected will be able to claim compensation for “upset and distress”).

The Court of Appeal went on to uphold a verdict in which employers would be made vicariously liable for an employee’s actions, regardless if preventative measures had been taken and the company itself had not engaged in any criminal activity. This was the UK’s first data leak class action and has now set a precedent for businesses to do more when it comes to protecting their employees data, along with reassuring millions of people whose own data is held by their employer.

When reading about cases such as the Morrisons one above, it’s crucial that you don’t assume that smaller businesses are not priority targets for cyber criminals. In fact, 58% of data breach victims are categorised as small businesses (Verizon 2018) - this means SMEs are actually most at risk of suffering a data breach.

It is now more important than ever for your business to have cyber insurance. You could be held responsible for any breaches or attacks, even if they are at no fault of your own or your business - you will be footing the bill. Make sure you’re protected against this, as the potential losses could be catastrophic to the future of your business, both operationally and reputably.


Get in touch with us today to find out more about insuring your business against cyber attacks and breaches and receive your free no-obligation quote.  

 

Examples of Claims: The Impact of Cyber Attacks on Businesses

Below you can read about a handful of claim examples which illustrate just how prolific and damaging the above examples common types of cyber incidents can be to all kinds of businesses.

 

 


Posted 27/02/19

Latest News from Ashley Page

What is Cyber Insurance and Why Do Smaller Businesses Need It?

23rd April 2019

It’s common for smaller businesses to assume they don’t need cyber insurance. In this post we outline why these businesses are often most vulnerable.

Hotel Franchises & Cyber Attacks: Who is responsible for cyber security measures?

20th March 2019

In this post we outline everything you need to know about cyber attack liability as the owner of a hotel franchise.

The Biggest Risks to Hotel Cyber Security

27th February 2019

Each data collection point has its own unique vulnerabilities, meaning that there is a larger and more broad risk unique to the hospitality sector.

Data Breaches By Numbers: 3 Key Statistics Every SME in the Retail Industry Needs to Know

27th February 2019

Each data collection point has its own unique vulnerabilities, meaning that there is a larger and more broad risk unique to the hospitality sector.