The cyber security threats SMEs need to be aware of in 202030th January 2020
The start of a new decade is always time for reflection of failures and successes, of things we might have done differently and of events that we never even imagined occurring in the first place. Nowhere is this demonstrated more alarmingly in the insurance world than cyber.
Pictured: Matt Drinkwater, Cyber & Financial Lines Underwriting Manager.
There’s never been a class of business that changes so rapidly, with technology becoming increasingly inter-connected and new risks constantly emerging – insurance policies must invariably adapt to protect businesses, large and small.
Over the past decade, a new lexicon entered our consciousness, from Stuxnet to Shamoon and Adhaar – these major malware and data breach attacks caused considerable disruption and opened our eyes to the realities of the 21st Century cybercrime. With this in mind, we’re taking a look at some of the most prevalent cyber attacks that occurred in 2019 and outlining key cyber security trends to look out for in 2020.
Back in April 2019, Facebook suffered the first of several major data breaches – with 540 million records including usernames, account IDs etc. uploaded to the AWS server. Merely 5 months later, 400 million phone numbers of Facebook users were publicly leaked onto an unsecured database. It was in November, however, that Facebook suffered the most crippling attack, as it was revealed that 100 third-party app developers had unauthorised access to Facebook user information including member names and profile pictures.
With the launch of its new service ‘Disney+’ in November of 2019, Disney’s streaming platform became a major target for hackers. Fraudsters were able to infiltrate and hijack thousands of users’ accounts, attempting to sell login details on the black market and essentially locking paying customers out of their devices and accounts.
In July 2019, a single hacker exploited a vulnerability in a web application firewall and subsequently breached Capital One’s security systems. The individual attained unauthorised access to 100 million credit card customers’ personal and bank account details, payment history and more.
As one of the most popular video games in the world, Fortnite unsurprisingly has attracted a host of hackers and cyber criminals. In January of 2019, Epic Games discovered a bug on the login page of the app, which allowed hackers to log in to millions of player accounts and purchase in-game currency using registered credit cards.
All businesses are at risk
In the last year alone, brands including Instagram, Toyota, Hostinger and many more were affected either by data breach, ransomware, malware or theft by deceptive means. However, it’s not just large companies who face the risk of a data breach – many cyber-attackers do not differentiate based on a company’s size, location or industry as to when and where they will next strike. That is why all modern businesses must be aware of the key cyber threats they face in 2020 and beyond.
Key cyber threats to be aware of:
1) Advanced Phishing Scams
With the wealth of data available to online fraudsters, phishing emails continue to become more authentic-looking and increasingly difficult to detect. In 2020, increased personalisation and tactics such as HTTPS encryption are predicted to become the norm – making it harder for companies’ employees to differentiate between genuine and malicious communications.
2) Exposed Cloud Databases
With the vast majority of businesses now utilising cloud computing for data storage, this presents an opportunity for data exposure which can have severe consequences – potentially leading to a data breach.
As we outlined in our previous blog, the use of deepfakes in malicious activity has grown exponentially with recent advancements in technology and the relative ease with which individuals can now download software to create them. A new form of spyware known as “stalkerware” tracks smartphone data from victims to gather an understanding of their activities – this can then be used to create fake videos, voice recordings or text communications.
4) AI and Machine Learning
Whilst Artificial Intelligence (AI) and Machine Learning (ML) are increasingly being used to provide cybersecurity protection, attackers are now studying how networks utilise ML so they can figure out how to breach them. Both AI and ML are being used together to boost the effectiveness of deepfakes; by gathering and processing large amounts of data, fraudsters are able to better understand their victims and whether a deepfake attack will succeed.
5) Supply chain attacks
In these attacks, fraudsters inject malicious code onto a website (typically ecommerce); this then allows them to steal data, including customers’ personal details and credit card information. Only last year British Airways fell victim to a large-scale supply chain attack and were subsequently fined a record breaking £183 million. Experts predict we will continue to see such sophisticated cyberattacks continue.
6) Human Error and Social Engineering
“Every business has people working for it and people make mistakes. Research proves that about 90% of all cyber claims last year stemmed from some type of human error or behaviour”. – Matt Drinkwater, Cyber & Financial Lines Underwriting Manager.
Despite the growing number of cyber threats, human error is seven times more likely to cause data protection breaches than hackers are. Some common examples of human error include:
• Data sent to the wrong recipient
• Loss or theft of paperwork
• Failure to redact data
• Failure to use bcc when sending an email
• Unencrypted devices being lost or stolen
• Being socially engineered
In 2019, we launched our first Cyber Policy “CyberSafe”, designed to cater to the unique risks UK SMEs face. Post-launch, we worked closely with our customers, listening to their needs and revising our product to ensure it provides protection that’s fit for purpose. We expect CyberSafe will continue to develop as the world of cyber evolves and new risks become apparent.