The New Cyber Threats: What Every Business Must Know Now
Download MP3Unlike other types of risks for your business, cybersecurity and cyber prevention is something which changes on a very frequent basis. Look, the risk you have in your business for things like fire or theft or personal injury pretty much stays the same from year to year. Things having to do with cybersecurity change on a week-by-week or month-by-month basis. Here's a report from the Anti-Phishing Working Group which goes into one area of cybersecurity — which is phishing.
Phishing is described as a crime employing both social engineering and technical subterfuge. It basically steals consumers' identity and financial account credentials. So as a company, you may get a message sent to one of your employees that looks like it comes from somebody in authority. It may even look like it comes from somebody's boss or an executive. It may look like it comes from an accountant or an attorney, and it asks that employee to give them a login or give them access to something. And once they get that access, now they can get in.
And lock down your system or do ransomware. And the frequency of this type of crime has gone up dramatically. Look — in April of 2021 it was barely 200,000. In March of 2022 it was almost 400,000. So this is almost a doubling of the phishing attacks in a year. In fact, the last quarter was the first time, according to their research, that there were over a million total attacks. There had never been over a million attacks before.
Now here's an important factor: the number of sectors that have seen a decrease in overall ransomware attacks is lower, but the financial services industry is higher — and phishing is higher. Most sectors saw a decrease in ransomware. So for the last year or so, ransomware was the big thing to watch out for in cybersecurity. Even in the last few months, that trend has gone down. So these cyber risks are going to be changing on an ongoing basis.
So if you're a company and you have a cybersecurity or cyber insurance interest, you want to stay on the cutting edge of what the current trends are. Six months from now, the risk for cyberattacks or cyber losses may be completely different than what it is now. And that prevention factor is huge. So your cybersecurity efforts have to be dynamic. And if you have cyber insurance, you want to be with a carrier that's giving you constant updates. And that carrier is going to be exposed to the wider range of different industries outside of yours.
What are those industries? Well, look at the breakdown. These are the most targeted industries. It's not one large area. Certainly, financial companies are the biggest percentage, but that’s even only 23 percent. There are many industries that are in the double-digit range: social media, e-commerce, webmail, crypto, logistics — they're all significant factors. There’s no very small slices; everything is pretty much evenly distributed. So unless you're in all these industries, you're not going to know what the new emerging trends for cybersecurity are.
And in ransomware, it's even more broken up. Manufacturing is higher at 25 percent, but everything else is 12, 10, 8 percent. There's nothing that's significant other than manufacturing for ransomware. So as you're monitoring your company's risk profile and your loss footprint, you want to make sure that you're staying aware of what the common and emerging losses and attacks are. You're not going to be able to do that unless you hire full-time people to monitor the threat exposure.
A good cyber liability policy will connect you almost as a partner with an insurance company that is insuring all these industries. They have policies in all of these sectors, so they'll know what the emerging trends are, and they can give you a heads-up. Look — be aware that this type of router is being attacked, and you might want to lock down yours.
If you really want to scroll down deep into some other trends: registrars used to register attack domains. What this means is all of these hackers use a website that makes it look like they're a legitimate business. These websites are normally hosted on free registrars — Namecheap, GoDaddy, Google, these other registrars. So if you see a company that's trying to connect you with a login, you can look to see where their domain is registered to get a perspective on what's the probability that it's a hacker domain.
It’s not foolproof because there are some legitimate companies on Namecheap and GoDaddy, but you want to make sure that you're looking at the odds and percentages — if you're going to do this in-house and not outsource it to an I.T. company.
