The Dark Overlord hack stands at the intersection of a number of prominent issues in the modern world: terrorism, cyber warfare, confidentiality and privacy. On New Year’s Eve, 2018, a group of hackers calling themselves Dark Overlord stated they had hacked confidential legal files related to the insurance litigation that followed the 9/11 attacks. The hackers demanded a ransom from the law firm from whom the information was stolen. Apparently, the ransom was paid but the law firm breached the terms of the ransom by reporting the breach to law enforcement. Now the hackers have threatened to sell the information online through the dark web.
Social engineering attacks continue to represent a significant attack vector on U.S. businesses. The frequency and cost of these attacks keep increasing. Businesses need to protect themselves or they could be facing large losses. While people tend to view hackers as computer whizzes exploiting technical flaws in software code, the reality is that over 95% of attacks focus on exploiting human weaknesses, not technological ones.
Another major data breach at an American company worth billions of dollars has served to heighten cyber security concerns in businesses of many sizes in many countries. Equifax announced in September 2017 that a massive theft of data from their system had occurred. The failures of Equifax's cybersecurity team resulted in hackers obtaining the personal information of over one hundred and forty-five million of the people whose credit history Equifax tracked.
Equifax faced criticism after how the company reacted to a hack that was announced in September 2017. When dealing with a cybersecurity event, a quick response is necessary to minimize damages from the event. Delays can cause continued interruptions in day to day business processes the damage or loss of vital information; they can also make it harder to track down perpetrators and recover both data and money from them. To this end, most cybersecurity experts recommend that businesses put in place an incident response plan so that teams can act as quickly as possible after an incident instead reacting with a frantic, disorganized frenzy of activity.
A massive ransomware attack crippled thousands of businesses around the globe on May 12, 2017. Nicknamed WannaCry, the attack hit Britian’s National Health Services, FedEx, and ahost of major companies. Preliminary reports estimate the number of affected companies at over two hundred thousand. It is too early to put a number to the economic damage caused by the attack, but it serves a critical reminder of important cyber security principles.
As cyber security events make headline news, businesses have to examine their cyber practices to reduce their vulnerabilities. The damages and losses from cyber events continue to increase; this leaves many businesses asking what they can do to reduce their exposure. Cyber insurance can play a crucial role, but the relatively new nature of the coverage and gaps in coverage still mean that the best way to avoid losing money due to a breach is never suffering from a breach in the first place. One of those gaps could be your employee's personal devices.
An emerging area of cyber liability for small businesses centers around the concept of third party risk. Third party risk means damages resulting from the security breach of a connected party - normally vendors or customers. Small businesses can face third party cyber risk on a number of fronts. They can face liability from a breach of their own systems infecting a vendor; they can also face damages caused when the breach of a vendor causes a breach of their own systems. Franchisee relationships have also caused increasing concerns of cyber risk.
Hardly a day goes by in the current news cycle without some new cyber-security story breaking. The end of 2016 included a disclosure of 500 million hacked Yahoo! email accounts, concerns raised over the security of U.S. election systems, and a formal announcement by the U.S. government that Russians had hacked into the emails of the Democratic National Committee and the New York Times. A Report from industry experts this past month pegged the expected value of cybercrime in 2021 at $6 TRILLION a year.