In what seems now to be a prophetic move, on May 11th Kansas Insurance Commissioner Ken Selzer put out a list of tips to help businesses and individuals protect themselves from a cyber attack. The next day the WannaCry virus hit the world and demands of $300 or more per user was demanded to release control of a computer back to the user.
According to White House Homeland Security Advisor Tom Bossert, 300,000 people in 150 countries were impacted.
In his news release that went with the list, Selzer said, “It is important that cyber vigilance begins at home. Knowing some common-sense precautions can keep you and your personal information safer.”
Too little, too late.
The Internet research agency Statistica says insurance and the financial sector are very vulnerable. And it put this chart together to show you just how vulnerable your business is:
Who’s affected most by ransomeware and why starting with infections by industry:
• Services — 38%
• Manufacturing — 17%
• Public administration — 10%
• Insurance, finance & real estate — 10%
• Wholesale trade — 9%
The leading cause of those infections:
• Spam/ phishing emails — 46%
• Lack of employee training — 36%
• Malicious websites / web ads — 12%
• Other — 5%
• Lack of security — 1%
Lots of quotes from experts and lots of advice starting with Michael Kaiser — the executive director of the non-profit National Cyber Security Alliance — who put what we all need to do now the best. “It is of utmost importance that cybersecurity ... be a top priority of businesses and organizations large and small,” he said.
Kathy Brown the Internet Society’s president and CEO added, “Law enforcement, IT professionals, consumers, business, and the public sector all have responsibility to act to keep enabling the good that the Internet brings. We have a shared responsibility to collaboratively get this under control.”
How bad is it? Bad. Researchers say 6% of the people of the world have been impacted by this or other malware. Brown said most people are ill-equipped to deal with ransomware and whopping 25% say they have no idea what to do if their computer was attacked.
Fen Osler Hampson is the director of global security at CIGI. He said, “Ransomware attackers have discovered that they don't have to steal or destroy your data to enrich themselves, they just have to hold it hostage. Our survey data shows that many people are willing to pay to get their data back, which makes such attacks highly profitable.”
Dan Burke heads Hiscox USA. His firm’s Hiscox Cyber Readiness Report 2017 checked with 3,000 businesses in the United States, the United Kingdom and Germany. He said it found, “In the US alone, 63% of firms reported experiencing a cyber incident in the past year, and 47% said they had two or more.”
And Burke and the report said those attacks and all cyber crime cost the global economy $450 billion last year. “Larger companies (250+ employees) had a somewhat higher risk, with 72% reporting one or more incidents, compared to 60% of smaller firms (less than 249 employees).”
Kaiser added, “When we see whole systems like the National Health System in the United Kingdom directly targeted, it reinforces how dependent we have become on our data-driven networks.”
Back to Selzer. These are his wise words of wisdom:
• Set strong passwords and don’t share them with anyone. Set them with at least eight characters, including letters, numbers and symbols.
• When using unfamiliar websites, be sure the URL begins with "https." The "s" at the end indicates it is a secure site.
• Keep your operating system, browser, and other critical software optimized by installing updates, including antivirus and anti-spyware updates.
• Maintain an open dialogue with your family, friends and community about Internet safety. Let them know you take it seriously.
• Limit the amount of personal information you post online, and use privacy settings to avoid sharing information widely.
• Be cautious about what you receive or read online — if it sounds too good to be true, it probably is. Also, if a message sounds out of character for the sender, or includes nothing but a link in the body of the email, it may be suspicious. Check with the person who purportedly sent you the message to make sure it is legitimate.
• Cyber attackers often take advantage of current events to conduct "phishing" attacks, where they will attempt to obtain personal information by posing as a trustworthy organization. Verify the legitimacy of the organization’s request by contacting the company by another means.
• Limit the type of business you conduct on public Wi-Fi networks. Don’t do your online shopping from an internet café. Do business with credible companies, and devote one credit card with a small credit line to online purchases.
• Password-protect your smart phone.
• Finally, and maybe most importantly, check your homeowners or identity theft insurance policies for the level of coverage you have in case of a cyberattack on your devices.
“The continual increase in cyber traffic means that home computer networks and smart devices are more vulnerable" than ever. We need to be vigilant in making sure our personal information is kept secure,” Selzer said.
NAS chief underwriter Mike Palotay agreed and said the attack also points out how small and medium businesses are woefully short of cyber insurance. He says these businesses need to take note and get insured.
“This has been an indiscriminate attack. It’s not targeted. You don’t have a hacker behind each attack on each company — it’s really more of an automated thing. It’s basically just spray and pray, really. You’ve got small companies who are experiencing outages and disruptions and having to pay extortions. And then you’ve got FedEx and the National Health Service [in the UK] and a bunch of much larger organizations experiencing problems,” he said.
But the bottom-line, Palotay said is, “Small and medium-sized business are very, very underinsured. The last figures I saw for small businesses that buy cyber insurance were in the single digits. This might be a wake-up call.”
By the way, Microsoft has a malware link to keep you posted on WannaCry. You can access it here.
Source links: PropertyCasualty360.com, Insurance Business America