We’ve spoken about the prevalence of cyber attacks on these pages before. As we become ever more reliant on digital platforms, we leave ourselves more and more susceptible to the possibility of having our data breached.
Whether it’s a hallowed institution like the NHS or a corporate monolith like Snapchat seems to make little difference. The only prerequisite for becoming a target is inadequate protection and preparation.
We build our houses on firm foundations and plan our skyscrapers down to the final millimetre, but there are always flaws. The digital world, a superstructure of infinite proportions, is no different. As hard as we try there will always be a backdoor or an exploit somewhere waiting to be found.
So should you do your best to stop an attack happening? Absolutely. Putting certain safeguards in place will likely prevent all but the most determined of hackers getting access to your data. But you should also prepare for the worst. If your data is accessed or a job you’re working on suffers a security breach you’ll need to have the right cover in place to protect you.
Still not convinced? In our current news cycle there’s barely a month that passes without news of another multinational or conglomerate being infiltrated. Let’s go through two of the most recent cyber attacks, one targeting Equifax and the other Deloitte.
The news broke on 8th September 2017. Between mid-May and the end of July, credit report colossus Equifax suffered a huge cyber security breach, with the information of 143 million US customers possibly compromised. The hackers were able to access reams of data, including Social Security numbers, birth dates, addresses, and credit card numbers. Up to 44 million customers from the UK and Canada were also affected.
Needless to say, the impact was severe. As cyber analyst Avivah Litan noted: “On a scale of 1 to 10, this is a 10. It affects the whole credit reporting system in the United States because nobody can recover it.”
Shares in Equifax dropped by 13% in early trading the day after the breach was made public, and numerous lawsuits have been filed against the company (including one seeking up to $70 billion in damages.) The Chief Information Officer and Chief Security Officer both lost their jobs in the immediate aftermath.
The case still rumbles on. As of yet there has been no attribution of direct responsibility for the error (the company failed to patch a previously identified digital security vulnerability), but Equifax was known to employ a large number of outside contractors across a variety of departments. Should it transpire that one of those contractors is responsible for the error, the full weight of the company is likely to come down upon them.
A little more than two weeks after news of the Equifax data breach broke, the Guardian revealed that Deloitte, one of the world’s “big four” accountancy firms, had been the victim of a sophisticated hack that “compromised the confidential emails and plans of some of its blue-chip clients.”
Deloitte quickly noted that “very few” clients have been affected by the breach, which stemmed from the hackers gaining access to its system through an email platform. The attack was discovered in March 2017, but could’ve happened months earlier, with Deloitte revealing very little.
Such attacks are damaging in multiple ways – not only for the customers and clients affected, but for the reputation of the company. For a behemoth like Deloitte (its revenues in the last year were £29 billion), the consequences could be vast.
The field of corporate finance is hugely competitive and news of the breach is likely to have given many of its clients pause for thought. With a number of competitors snapping at its heels, it’s more than likely that Deloitte will suffer significant losses to its book of business (and that’s not even considering the multitude of fines and lawsuits that are likely to come its way.)
As the Guardian notes, all major companies should expect to be targeted by hackers. But the breach is deeply embarrassing for Deloitte in particular, given that it offers potential clients advice on how to manage the risks posed by sophisticated cybersecurity attacks.
Whilst the details aren’t yet clear, it would appear that a phishing attack on the private email address of someone associated with the company is to blame. Compromised email servers are likely to be full of sensitive information.
What should you do if you find yourself in a similar scenario? Multi-factor access control (two-factor authentication, for example) is important, especially if you’re in an administrative position. Having extra information sent to you (such as an access code sent by text message) before allowing you to log will make it much harder for someone to gain illicit access. It’s also a good idea to make sure that individual emails are encrypted.
What do you need to do?
If you work in an industry where you think there’s a possibility of being affected by a cyber attack, then Cyber Liability cover is something you must consider. Recently introduced as an optional add-on to our standard policy, Kingsbridge’s cover costs just £74.50 (plus Insurance Premium Tax), with a £250 excess per claim. It includes:
- Business interruption costs (£20,000)
- System and data rectification costs (£100,000)
- Regulatory defence and penalties (£25,000)
- Cyber extortion and ransom costs (£25,000)
The policy will also give you access to ReSecure, a dedicated 24-hour helpline and specialist cyber incident report service. Want to know more? Click here, or give us a call on 01242 808740.