ECBM's Blog: Information To Protect What You Grow

The clash between the stringent privacy requirements of HIPAA and the known vulnerability of most cyber systems creates a host of anxieties for most modern medical care providers. The Health Insurance Portability and Accountability Act requires that medical providers and insurers take reasonable precautions to ensure that the medical information of their patients remains private. At the same time, it is increasingly apparent that almost all cyber information systems have at least a few vulnerabilities, even if only through their users, and few systems can withstand a dedicated, concentrated cyber assault.

Wire transfer fraud claims resulting from cyber attacks have increased dramatically over recent years, and companies are losing millions of dollars in these attacks. As is common when a new business risk develops, organizations look to their insurance policies to help cover their losses. As we have shared in previous examples, the coverage is not always adequate.

The extent of coverage for a company that has been a victimized may be sparse, and the costs of any breach are ongoing. Consequences of a fraudulent wire transfer depend not just on the specific wording in the policies a business has purchased, but as seen in the following instances, also being upheld differently in different states.

Social engineering attacks continue to represent a significant attack vector on U.S. businesses.  The frequency and cost of these attacks keep increasing.  Businesses need to protect themselves or they could be facing large losses.  While people tend to view hackers as computer whizzes exploiting technical flaws in software code, the reality is that over 95% of attacks focus on exploiting human weaknesses, not technological ones.

 Social engineering scams continue to see reported increases in the number of claims filed and the damages suffered.  These scams, also known as “The President’s Letter”, involve clever impersonation over email to trick employees into wiring money to the wrong bank account.  A recent forecast estimated that damages suffered due to social engineering attacks would surpass $9 billion in 2018.  With losses that high, businesses need to review their procedures and exposures as it relates to protecting themselves from social engineering scams.

Lots of people these days are talking about cybersecurity.  To many people, this conjures images of hackers delving deep into computer code to unearth and exploit systematic weaknesses.  The reality is that many of the most successful cyberscams rely not on the weaknesses within a computer system but on the weaknesses of human beings. For example, the John Podesta email hack was a social engineered spear phishing attack.

Lots of people these days are talking about cybersecurity.  To many people, this conjures images of hackers delving deep into computer code to unearth and exploit systematic weaknesses.  The reality is that many of the most successful cyber scams rely not on the weaknesses within a computer system but on the weaknesses of human beings. 

WHAT HAPPENED?

The music artist Prince was found dead at his home in Minnesota Thursday morning. An autopsy will be done on Friday 4/22/2016.

Here’s why this is worth mentioning: usually when a musician passes away there is a bump in music downloads and people listen to streaming services to memorialize them. That’s usually all fine and good, album sales go up, there’s trending on twitter, and there is an overall virtual outpouring of support.

Unfortunately these sad times are the perfect opportunity for Social Engineering Scams. Celebrity Deaths (or even death rumors) are like natural disasters, holidays, and other major news stories. New websites are created, the high-demand content is scrubbed, dubious emails are drafted, and links to websites loaded with malware and viruses are circulated on social media.

What Happened?

It's the holidays for the criminals too, you know...

Social Engineering scams increase right around the holidays. With the increase of people shopping online and the odd-hours, hurried correspondence at work, it is getting harder to filter through which emails are legitimate and which ones could be a trap.