Regardless of how much of your business is run offline, you are still a target, says Sarel Lamprecht, MD of cyber insurance provider Phishield.
Even sectors of the economy that have thought themselves immune to cyber attacks – because they don’t traditionally need machines that connect to the internet – are finding themselves vulnerable in this connect everything age of the Internet of Things. Just a few weeks ago, betanews.com revealed that Kaspersky had uncovered that hackers are focusing on industrial and engineering sectors in 30 countries globally.
The publication explains that the attack – which the anti-virus company has code named ‘Operation Ghoul’ – uses what is known spear-phishing emails and malware, based on a commercial spyware kit, to find valuable business-related data stored in a victims’ network. The group apparently behind the attacks has been tracked by researchers since March 2015, although this is really no indication of how long they have been operating.
How it works is through delivering malware that can easily be bought on the so-called dark web – the space general users of the internet do not know about as it’s mostly hidden except to forces of evil – which, once installed, collects all sort of data from the victim. This data includes keystrokes, clipboard data, FTP server credentials, and account data from browsers, email clients and messenger programs.
That’s a lot of information, in fact, it’s enough to render your entire company obsolete because the hackers can wipe out your bank accounts, steal your client files and delete all your information. No matter how good someone is at CAD drawings, this is a very real risk.
The gain is, as usual, financially motivated as these thieves want to steal intellectual property and business intelligence, which they can sell to a competitor in the virtual version of industrial espionage to wipe out bank accounts. Any company that doesn’t have the necessary protection and insurance in place is at huge risk.
In fact, just recently, German-based wire and cable supplier Leoni fell victim to fraud thanks to falsified documents, identities and the use of electronic communication channels, Business Insights reports. As a result, the company lost 40-million euros because of the scam.
The fraud was perpetrated through an email impersonation with a message purporting to be from a CFO at one of its Russian factories the key behind the incident. This resulted in the opening the criminals needed to steal the money.
Although Leoni denied any risk to its IT infrastructure, or security, the reputational risk of an incident like this is huge, and the scam led to the company’s share price dropping. It also highlights just how easy it is to gain access to someone’s email account and move cash around.
What if the hackers had been able to perpetrate more than that fraud? In addition, even though it said its operating performance was in line with what it forecast, Leoni did caution that “the extent to which the damage will affect the projected net income for the year cannot at present be assessed”.
Business Email Compromise scams are clearly on the up, and they affect every single company – even if you don’t think your core business is happening online. As soon as you are connected to the net, you’re at risk and, even though you’ll take steps to mitigate any risk. the thieves are always one step ahead.
This is why cyber insurance is vital: it covers your losses, helps with the reputational risk and finds and fixes any gaps in your IT infrastructure. It’s never too late to sign up.