A massive ransomware attack crippled thousands of businesses around the globe on May 12, 2017. Nicknamed WannaCry, the attack hit Britian’s National Health Services, FedEx, and ahost of major companies. Preliminary reports estimate the number of affected companies at over two hundred thousand. It is too early to put a number to the economic damage caused by the attack, but it serves a critical reminder of important cyber security principles.
As cyber security events make headline news, businesses have to examine their cyber practices to reduce their vulnerabilities. The damages and losses from cyber events continue to increase; this leaves many businesses asking what they can do to reduce their exposure. Cyber insurance can play a crucial role, but the relatively new nature of the coverage and gaps in coverage still mean that the best way to avoid losing money due to a breach is never suffering from a breach in the first place. One of those gaps could be your employee's personal devices.
An emerging area of cyber liability for small businesses centers around the concept of third party risk. Third party risk means damages resulting from the security breach of a connected party - normally vendors or customers. Small businesses can face third party cyber risk on a number of fronts. They can face liability from a breach of their own systems infecting a vendor; they can also face damages caused when the breach of a vendor causes a breach of their own systems. Franchisee relationships have also caused increasing concerns of cyber risk.
Hardly a day goes by in the current news cycle without some new cyber-security story breaking. The end of 2016 included a disclosure of 500 million hacked Yahoo! email accounts, concerns raised over the security of U.S. election systems, and a formal announcement by the U.S. government that Russians had hacked into the emails of the Democratic National Committee and the New York Times. A Report from industry experts this past month pegged the expected value of cybercrime in 2021 at $6 TRILLION a year.
Defining Social Engineering
Social Engineering is a type of psychological manipulation that tricks a target into sharing information or performing an action that they normally would not have done. These scams may promise one thing and deliver another, be a way to get information from you, steal something from you, or gain access to something that you have access to.
As Web Security continues to be an on-going issue, it is important to know just how and where to look for harmful attacks before they even begin. These harmful attacks will sprout not only in your personal email, but also on your favorite social media sites such as Facebook and Twitter. From a shortened article link on your home feed, to an event request being used to spam your contacts, Facebook has been labeled as a major target for web attacks. “Most major brands have a presence on Facebook and Twitter, and many are integrating social media into their actual products. As these web destinations draw massive audiences and are accepted into enterprise settings, more opportunities to deliver malware are also created.”
Five Takeaways from Recent Data Breaches
Target. Michaels. Neiman Marcus. University of Maryland. All victims of major data breaches in the past few months. While all of these organizations were breached in different ways, they can all offer business owners valuable lessons on how to proceed when a breach occurs. Here are five takeaways IT security expert Mark McCurley offers: