Category Archives: Uncategorized

Cyber Breach Insights – Q2 2020

Cyber Breach Insights – Q2 2020

Cybercriminals step up social engineering during pandemic

Cybercriminals have been going to great lengths throughout 2020 to get their hands on confidential information such as log-in details that let them bypass a company’s security systems and commit theft or fraud by manipulating employees using fake or doctored emails. While this form of online social engineering had declined from Q4 2019 to Q1 2020, the arrival of the global pandemic provided cybercriminals with the perfect cover for ramping up email attacks. Coinciding with the increase in remote working during the second quarter, our global data has shown employees have been more likely to fall for social engineering scams, with organizations in the middle market most likely to be victimized.

Social engineering

Techniques such as email phishing used to manipulate someone into providing confidential information, e.g. log-in credentials, or taking other actions that bypass normal security to help the attacker commit theft or fraud.

Phishing

An email created to look like it comes from a trusted source that is designed to induce a recipient into sharing sensitive information, download malware or visit an infected website.

Fraudulent instruction 

A social engineering attack in which compromised email credentials or spoofing are used to induce an employee to make a wire transfer or other electronic payment to a bank account controlled by a cybercriminal.

 

Remote working poses challenge for prevention and detection

During the second quarter of 2020, cybercriminals had greater success in duping employees with phishing and social engineering scams. The number of incidents involving social engineering and business email compromise (BEC) reported to Beazley Breach Response (BBR) Services grew over Q1, even as the total incident count fell slightly.

The majority of social engineering attacks result in a BEC, where the cybercriminal gains access to an email account. However, in Q2 cybercriminals were most successful in stealing funds using social engineering techniques to provide fraudulent payment instructions without a system compromise.

With the expansion of the remote workforce, detecting and preventing social engineering scams has become more difficult. Employees are typically the first line of defence, but working remotely can make it harder for employees to maintain a culture of compliance. While the increase in distractions that come with caring for family members while working have been widely discussed, physical separation from the workplace is also a factor. Without a coworker to converse with at the next desk, employees are less likely to do a “sense check” of a suspicious email. In fact, BBR Services has handled an increase in notifications involving employees who admit they did not notice anything suspicious.

In another development, BBR Services has noted a slow-down in the speed at which companies detected that payments were being redirected, particularly if the change to payments had occurred near the beginning of the pandemic response.

For more information about how we can protect your Business against Cyber Breaches, please click here

For the full article by Beazley Insurance, please click here

Virgin Media data breach affects 900,000 people

Virgin Media data breach affects 900,000 people

A Virgin Media database containing the personal details of 900,000 people was left unsecured and accessible online for 10 months, the company has admitted.

The database was accessed “on at least one occasion” by an unknown user.

The database, which was for marketing purposes, contained phone numbers, home and email addresses. It did not include passwords or financial details.

The breach was not due to a hack or a criminal attack, but because the database had been “incorrectly configured” by a member of staff not following the correct procedures, Virgin Media said.

The firm was alerted to the problem on Friday after it was spotted by a security researcher at TurgenSec.

The company said almost all of those affected were Virgin customers with television or fixed-line telephone accounts, although the database also included some Virgin Mobile customers as well as potential customers referred by friends as part of a promotion.

Virgin Media, which is owned by US cable group, Liberty Global, has informed the Information Commissioner’s Office as required, and launched a forensic investigation.

Lutz Schüler, chief executive of Virgin Media said: “We recently became aware that one of our marketing databases was incorrectly configured which allowed unauthorised access. We immediately solved the issue by shutting down access.”

“Protecting our customers’ data is a top priority and we sincerely apologise,” he said.

“Based upon our investigation, Virgin Media does believe that the database was accessed on at least one occasion but we do not know the extent of the access or if any information was actually used,” Mr Schuler said.

Virgin Media said it would be emailing those affected on Thursday, in order to warn them about the risks of phishing, nuisance calls and identity theft. The message will include a reminder not to click on unknown links in emails and not to provide personal details to unverified callers.

For the full article by the BBC, please click here

To discuss how you can protect your Business against the risk of a data breach, click here

Cyber is the biggest Insurance risk concern

Cyber is the biggest Insurance risk concern

Cyber risks are the top concern among businesses of all sizes.

Of the 1,200 business leaders who participated in an insurer-sponsored survey, 55% said they worry some or a great deal about cyber risks, ahead of medical cost inflation (54%), employee benefit costs (53%), the ability to attract and retain talent (46%) and legal liability (44%).

The Travelers Companies, which has been commissioning the 2019 Travellers Risk Index in 2014, said this is the first time in its survey’s history that cyber has been the top concern among businesses of all sizes.

As concerns about cyber threats have grown, a higher percentage of businesses reported taking proactive measures to safeguard against cyber risks; however, a sizable number have not implemented such preventive best practices. The steps taken by respondents include:

  • Purchasing a cyber Insurance policy (51% of survey participants, up from 39% last year).
  • Creating a business continuity plan in the event of a cyber attack (47%, up from 38%).
  • Taking a cyber risk assessment for themselves (49%, up from 45%) and their vendors (41%, up from 37%).
  • Updating computer passwords (74%, up from 71%).

Tim Francis, Enterprise Cyber Lead at Travelers, said that while more businesses are taking steps to prevent a cyber event, “it’s still alarming that nearly half don’t have the proper insurance coverage.”

Tim Francis, Enterprise Cyber Lead at Travelers, said that while more businesses are taking steps to prevent a cyber event, “it’s still alarming that nearly half don’t have the proper Insurance coverage.”

Given that a single Cyber attack can put a company out of business, Francis said “taking the threat seriously and implementing a risk management program that addresses possible exposures can help a company not only avoid an attack but also recover from one as quickly as possible.”

Since 2015, the percentage of small business respondents that have suffered a Cyber attack has tripled, from 4% to 12% this year. Increases are also being reported among medium-sized companies (10% in 2015 to 20% this year) and large businesses (from 19% to 33%).

“More companies are experiencing cyber attacks,” Francis said. “The cost of a single breach to a small business can easily reach a substantial amount of money on top of the time it takes to restore the business, so protecting a company’s assets with a Cyber Insurance policy is critical.”

For access to the full article by The Insurance Journal, please click here

New Insurance Scheme Launched for Micropubs!

New Insurance Scheme Launched for Micropubs!

Warwick Davis Insurance is proud to announce the launch of our brand new specialist insurance scheme Micropub Insure, which (you guessed it) targets the fast-growing Micropub industry in the UK. There are already around 150 Micropubs in the UK with many new start-ups in the process. And the trend looks set to continue with predictions of possibly thousands of Micropubs gracing the high street of towns up and down the UK. Be sure to check out our new micro site www.micropubinsure.co.uk .