The Year-End Cyber Attacks of 2017 and the Future of Cybercrime
The cyber attacks of 2017 have been the most malicious in internet history and have to date reached $5 billion worth of damages. By the year 2021, cybercrime damages are expected to climb to $6 trillion annually. Venture capitalists invested over $7.6 billion into cybersecurity startups this year alone.
The Equifax breach, which exposed the personal information of nearly 150 million people, was devastating in many ways. The executive leadership of that company actually knew ahead of time that they needed to fix the problem, but chose not to do so in a timely manner. The technical issue could have been fixed, but their choice not to do it exposed a company culture based on secrecy and deceit.
Yahoo had their email system hacked back in 2013, but the severity of the damage was not known until October of 2017. They also chose to keep this breach under wraps exposing another company culture favoring their reputation over their clients’ privacy.
Dun & Bradstreet’s marketing database of over 33 million corporate accounts was breached in March of 2017. Employees from the U.S. Department of Defense, the U.S. Postal Service, AT&T, Walmart, and CVS Health had their information stolen. Many cyber experts predict that within the next 10-15 years the future of identity theft will move beyond social security numbers and credit card information to stealing our fingerprints and brain waves.
The disturbing reality we face as business professionals, and human beings is that technology is constantly advancing at lightning speed and it’s racing to keep up with itself. Not only have hackers taken control of our information, but some very powerful corporations are protecting themselves and their profits before their customer’s privacy.
Senior management is responsible for overseeing risk management of their company which includes regular evaluation of IT acquisition plans, outsourcing, cybersecurity budgets, cloud services, incident reports, and risk assessment results. They should be asking the following questions about their organizations:
- What is the level of impact a cyber attack would have on our company?
- What types and how many cyber events do we detect in a normal week?
- How is senior leadership informed of the current cyber risks that affect our company?
- Does our company have a comprehensive response plan in place in case of a data breach?
- Do we meet all industry standards and best practices?
On February 12, 2013, President Obama issued Executive Order 13636, “Improving Critical Infrastructure Cybersecurity” to address the growing threat of cybercrime. A Cybersecurity Framework was formed that assists organizations of all sizes to align their cybersecurity activities with risk tolerances, resources, and their business requirements.
NIST, along with the Small Business Administration (SBA) and the FBI, developed the InfraGard program in an attempt to share information and support regarding cyber intrusions, vulnerabilities, and infrastructure threats. This network of public and private organizations share information and key resources with the common goal of safeguarding America’s critical information and infrastructures.
Preparing and Responding to Cyber Attacks
- Identify and protect the critical company assets, data, and services
- Have a well-rehearsed plan of action
- Engage with law enforcement before and after an attack
- Stay informed about threats. The Sharing and Analysis Center analyzes cyber threat information and shares real-time intelligence.
- Make an initial assessment of the threat – was it a technological glitch or malicious act?
- Record the extent of the damage for analysis and as possible evidence at a trial
- Detail every step that was taken and the costs involved
Train employees in basic cyber practices:
- Create strong, unique passwords, don’t reuse old ones, and change often
- Enforce company rules on what programs/software can and cannot be installed on their computers
- Educate them on not opening suspicious emails, tweets, ads, and attachments
- Conduct thorough background checks on your employees
Protect your computers and mobile devices from cyber attack:
- Continually update your security software, web browsers, and operating systems
- Set antivirus software to scan after each update
- Implement a “time-out” function on all computers
- Install a mobile device security apps
- Scan USBs and other external devices for viruses and malware
- Limit staff access to information, data, and software
- Avoid using Wi-Fi networks as they may permit interception of data
Safeguard and backup critical data, including financial files, word processing documents, databases, electronic spreadsheets, human resource files, and accounts receivable/payable files. Backup automatically or weekly and store copies offsite. Always destroy data before disposal by cross-cut shredding and physically destroying hard drives even after wiping them clean.
We’re Here to Help
Call our office at (850) 942-7760 to learn more about all of our commercial insurance options.
Demont Insurance Agency, Inc. The Insurance You Need, The Assurance You Deserve.