Multinational insurance company CFC Underwriting says that human error still remains a primary factor in the thousands of cybersecurity insurance claims that the company handles. In 2018, the insurance company received over a thousand claims relating to ransomware, malware, data breaches, and data theft. Of these incidents, CFC Underwriting notes that the following human-driven errors were the leading cited causes of cyberattack claims:
Phishing Attacks:
A phishing attack is a type of cyberattack that uses malicious links in an email to trick victims into sharing personal information or downloading malware. The emails can be targeted at high-profile victims such as CEOs and CFOs, or can be sent en masse to millions of people. The main danger of this type of attack is that it is often difficult to distinguish between a legitimate or malicious email. Some attackers even construct entirely fake websites with credential fields that send the information directly to their systems. Phishing attacks are a major point of infection for ransomware attacks.
Business Email Compromise:
Business Email Compromises (BEC), are a specific type of malicious email attack that targets businesses that conduct wire transfers on a daily basis. The goal of these attacks is to trick these companies into completing transfers to malicious accounts. According to the FBI, around 80 000 cases were reported between October 2013 to May 2018, with a total theft of $12.5 billion.
CFC Underwriting reported that employees not following-up to check if funds were properly transferred was a major cause of the prevalence of this type of attack.
Losing a Device:
CFC Underwriting stressed that a common cause for data breach was misplaced or lost devices. Leaving computers and phones that contain sensitive information unattended can lead to accidentally sharing private company data.
What can you do to reduce minimize the risk posed by human error?
Human error will always be a risk factor in cybersecurity. Here are some best cybersecurity practices for you to protect yourself:
Stay up-to-date on phishing techniques – by training yourself and employees on key factors to look-out-for in phishing emails, you can significantly reduce risk of infection. See our article on phishing scams to learn more about this type of attack.
Keep track of your company’s devices. A key part of mitigating data breach damage relies on early detection, as seen by the recent data leak at HCL. Keeping a close eye on your devices ensures that missing devices are detected early and that efforts can start on damage mitigation.
Managed IT Security providers like GIGE IT Solutions can help you protect yourself against the risk of human-caused cyberattack. By designing customized IT security plans for your company and monitoring your security and data backup on a 24/7 basis, we ensure that you are always prepared. Call +1 888 366 4443 for an immediate consultation, or email us at info@gige.ca