Cyber Security Awareness Month 2021 Roundup #BeCyberSmart1st November 2021
While Cyber Security Awareness Month has now ended, it’s important to continue to develop your cyber security knowledge – not just during October, but all year round! With cyber risks multiplying rapidly and cyber crime the fastest growing type of crime, we’ve stepped up our efforts this year to #BeCyberSmart and ensure brokers are doing the same.
Throughout the last four weeks of Cyber Security Awareness Month, we’ve explored everything from phishing to Multi-Factor Authentication, gathering key insights from our Cyber & Financial Lines Underwriting Manager, Matt Drinkwater, which you can listen to in our podcast below.
Listen to our podcast
With this year’s Cyber Security Month being a particularly busy one, we’ve collated our key highlights below – with additional information regarding human error and dealing with a breach.
The issue of remote working
It should come as no surprise that cyber attacks have become more prominent since March 2020, with the key driving factor behind this increase being the rise of remote working. While working remotely offers a number of key benefits, more than 18 months later – the cracks in security are more evident than ever.
Recent data published by Tenable, found that 74% of cyber attacks that organisations have suffered, have been a result of remote work tech vulnerabilities. The report explains that cloud devices, apps, personal devices and remote access tools have essentially eliminated many businesses’ security perimeters and resulted in a stark increase of cyber attacks. The risk of remote working can be distilled down into three key factors: a lack of visibility into remote employee home networks, an expanding software supply chain and cloud migration.
Phishing is in no way a new threat to businesses. It has existed for many years and yet still continues to be one of the most popular types of scam employed by cyber criminals. For those unfamiliar with the term, phishing scams commonly involve sending fraudulent emails, or directing victims to fraudulent websites in order to obtain logins or other sensitive information. Looking at recent statistics, UK Government figures show that phishing was by far the most common form of attack faced by businesses over the last year, with 83% of businesses and 79% of charities experiencing a phishing scam.
Educating staff about how to detect phishing scams is one of the best lines of defence available to organisations, along with promoting vigilance and easy-to-follow guidelines. But unfortunately there is always a chance that a phishing attack will be successful, infiltrating an employee’s device or compromising a business’s website. In these instances, it’s vital that businesses have protection, which is where our CyberSafe solution can help.
The importance of Multi-Factor Authentication (MFA)
As online banking services first started to appear in the late 1990’s, banks initially used passwords and codes to protect their customers’ accounts. Within a few years the limitations of these security systems were soon realised, with banks instead introducing One Time generated codes instead.
Thankfully MFA technology is not just restricted to online banking but can be implemented across cloud applications so that businesses can increase access control. With passwords no longer an adequate defence against cyber criminals, it’s vital that businesses use MFA to make sure their networks are resilient.
PICNIC – Human Error
The acronym PICNIC which means ‘Problem In Chair Not In Computer’ is another way of referring to human error. Unfortunately, when it comes cyber claims, around 90% of these are a result of some type of human behaviour. In fact, human error is actually seven times more likely to cause a data breach than hackers.
Taking this into account, it’s vital that insureds take the time to educate their staff about common cyber risks, such as how to spot phishing emails and implement processes to limit the likelihood that their employees will be responsible for a breach in security.
Dealing with a breach
While cyber security software and staff education do help enormously to reduce the risk of a successful attack, unfortunately no system is impenetrable to cyber criminals. In the event of a successful attack, businesses may face extortion and other threats, often leading to severe financial and reputational damage. In these instances, it’s essential that insureds have cyber insurance that covers, cyber response, cyber restoration, cyber expense, cyber extortion and business interruption. Our CyberSafe product not only incorporates all of these features, but also includes 24/7 integrated breach response from ReSecure.
ReSecure is an integrated cyber incident response service, which has been created to provide a ‘one stop shop’ for the full range of services required to manage, investigate, resolve, and recover from a cyber security incident. In the event of a breach, the ReSecure team will advise, assist and guide you through a cyber incident to ensure that:
- the incident is contained
- any compromised data is identified
- notification obligations are assessed
- data subjects are notified promptly where appropriate
- call centre services are engaged as necessary
- credit monitoring and web monitoring are made available where required
- regulators are notified and kept informed
- systems are returned to normal operation
- reputational issues are addressed via the appropriate media
- any liability exposures are assessed and response strategies devised.
For those interested, you can learn more about ReSecure here.
For more information about CyberSafe Insurance or our e-trade solution, contact your NMU Development underwriter or our cyber team;