Tag: cyber attacks

20Feb

Increased Cyber Risks from Remote Work

Working remotely has become the default mode for many businesses since the COVID-19 pandemic. While this allows companies to continue operations while reducing their employees’ chances of getting sick it also opens up the company to new cyber risks.

Working from home requires access to Wi-Fi that may be insecure despite thinking otherwise. In the case of home networks, they are usually set up in default mode that permits devices to connect without passwords.

This even includes Wi-Fi-enabled appliances, monitors, door locks surveillance cameras, speakers and more. Your corporate mobile device may be using this Wi-Fi network also. And even if you are able to use a VPN and private servers, this does not mean your confidential data is not exposed to grave cyber threats.

The multiple variables of all your employees’ home network means that your IT department has to cover more computers. In addition, there will be some employees who don’t completely understand the probability of a data breach with an unsecured network – especially if they access work through public Wi-Fi like coffee shops for instance.

What can companies do to reduce the risk of cyberattacks while working at home? 

> Reinforce the use of VPNs for all remote staff

> Teach employees to scan devices before allowing them to connect with access by unauthorized software or hardware

> Double-check and lock remote devices wherever necessary to help reduce the possibility of cyber attacks without negatively affecting user experience.

> Disable split tunneling for VPN profiles to ensure that virtual employees won’t be able to access Wi-Fi networks directly without going through the corporate network first.

> Companies should also practice scheduled analysis of work-issued devices’ log data to improve detection of cyber incidents.

More importantly, companies should also update their cyber breach response strategies for the entire remote staff and practice plans through exercises with IT and security staff, along with officers and directors.

Many companies in Asia have been able to restructure operations and adapt to virtual offices. They are calling the remote workforce ‘the new normal’. Companies need to anticipate similar incidents like this pandemic – some may even pose more challenges.

For now, what’s needed are immediate measures to tighten online security of remote workers and revisit liability insurance policies that may not yet cover cybercrime-related claims.

12Nov

3 Common Ways Ransomware Gets to Your Computer

There’s a 50% chance that your computer at work could be infected with ransomware especially with more online interactions.

With ransom transactions averaging over US$80,000 in 2019, malicious software is quickly becoming cybercriminals’ choice of weapon.

Ransomware uses internal systems to encrypt a series of files and deactivate troubleshooting processes, preventing access to your own data.  The hacker essentially holds your data hostage until your business pays up a substantial amount.

Is your business prepared to deal with these types of cyberattacks now that you’ve shifted to more digital processes?

Cybersecurity training plus a good cybersecurity insurance plan are two crucial ways to safeguard your company from liability and the cost of cyberattacks. But how exactly does ransomware get to your computers and devices?

1. EMAIL

Ransomware sent via email is what’s usually called phishing. A majority of ransomware is delivered via phishing. Hackers use legitimate-looking emails to trick recipients into clicking a link or downloading an attachment that contains malware.

The recipient will then get redirected to a malicious site that starts the download of ransomware. Attachments to emails come in various formats like Word, PDF, Excel or ZIP files to make the email seem safe. When the attachment is opened, the ransomware instantly uploads itself, encrypting and holding files for the hacker.

To minimize the chances of falling victim to phishing, manually entering the links in your browser, hovering over links, and expanding shortened URLs can help prevent you from clicking on them.

For attachments, check if the sender’s email address is legitimate by reviewing the domain extension (e.g. sendersname@gmail-net.com is a suspicious address). And only open files sent by people who you trust.

This site helps you check if a certain domain is temporary or a throw-away: https://www.block-disposable-email.com/cms/

2. Remote Desktop Protocol (RDP)

RDP is a communications protocol that allows IT admins to get access to other systems (e.g. company employees).  During the process of gaining access to a system, a computer can become exposed to hackers for a window of time. This is when hackers attack and deploy ransomware.

Make sure your IT puts in place authentication factors and added security measures for all your ports. This is more of a task for the IT department but is still worth knowing when you’re running checks throughout your system.

3. Illegal or Pirated Software

Some companies cut costs by subscribing to pirated or unlicensed software because they don’t see the value of cybersecurity in relation to the tools they use on their computers.

Hackers can easily embed malicious ware when you download from unsecured software sites.

The quick solution to this is to invest in licensed software especially if you’re using it daily. To prevent ransomware infections via pirated software, avoid downloading activators, key generators and software cracks from torrent websites. It’s also best practice to use a complete anti-malware application to detect any installations happening in the background while your computer runs throughout the day.

There are other channels to which malware infects systems. Make sure your employees undergo cybersecurity training and have a robust liability insurance cover in place to protect your business.

10Aug

Cyber Insurance Outlook in the Next 5 Years

The need for cyber insurance has grown especially with the business shifts that occurred due to the pandemic. Remote work and the increasing technological and operational demands of businesses has also highlighted the importance of insurance for any type of business.

Given the current state of Asia (and the world), here are our predictions for the next five years for insurers as well as businesses in terms of managing cybersecurity.

Immense industry growth is ahead.

Most if not all businesses agree that there will be an increase in cyber insurance premiums. Standard & Poor’s Corp. stated that they foresee an increase of 20% to 30% per year on average in cybersecurity premiums.

The recent hacking at Colonial Pipeline resulting in a US$4.4 million ransom makes a strong case for companies to revisit and evaluate their current online security and the lack of infrastructure in place to protect them from such breaches.

A Standardized Cyber Insurance Cover

Cyber insurance covers differ in limits, features, and terms. At the moment, these variations are not fully intentional and is a normal part of the industry’s process of learning and adapting. Having said that, this current state also poses challenges for policyholders who may not understand which policy they need for their business. It also results in issues for reinsurers in evaluating their exposure to varied risks.

We see a more stable outlook in 2025 with the language and terms used for cyber insurance. As the market hardens, policy providers have already avoided ambiguous terms that may result in confusion for the insured.

In addition, regulations for cyber insurance will be more mature and regulatory bodies will enforce higher standards of information collection and will require regular reporting about cyber risk exposure.

Flexible Policies As the Norm

COVID-19 has taught many providers that rigidity and failure to adapt can do plenty of damage. As a solution to the current and very likely future events, we predict policies that offer monthly premiums or credit plans for add-on features based on regular reevaluated risks as well as incentives for taking preventative actions.

Cyber Insurance Providers Will Have Dedicated Cyber Risk-driven Models

Hackers will continuously find more and more ways to breach systems alongside the efforts to reduce cyber attacks. This means more complicated and highly dynamic risk assessment models for insurance providers in the foreseeable future.

A huge cyberattack is always impending and it can very well happen before 2025. Knowing this reality, we foresee providers investing in dedicated talents who specialize in cybersecurity to provide comprehensive risk models.

Companies worldwide have now been propelled to enter and quickly grasp a fast-moving and highly digitized facet of business transactions.

Alternative and cyber insurance products will become more interesting, flexible, and specialized. The task at hand for insurance providers is to innovate and design the right products to bridge market gaps that leave businesses exposed to the next attack.

Need help finding the right insurance plan for your business in Hong Kong? Contact us today.

14Jun

Infographic: Global Cyber Attack Statistics

The threat to cyber security has increased over the past 10 years. Businesses have paid large sums to recover files and systems which all could have been avoided if we only treat cyberattacks as a big possibility. Here are the numbers on cyber attacks on global businesses.

Ask us how we can help your business with the proper insurance cover.