Risk & Business Magazine Miller Winter 2019 | Page 30

CYBER 101
Cyber 101:
C
TYPES OF CYBERATTACKS
riminal hackers are devising
new techniques all the time
to attack organizations. Here
are a few of the most common
methods:
Denial of service attack: The hacker floods
a website with more traffic than it was
built to handle, making it impossible for
legitimate visitors to access the site.
Phishing: An attacker pretends to
represent a trusted organization to trick a
user into taking an action (such as opening
a malicious attachment or clicking on
a bogus link) that he or she would not
normally take.
Malware: Harmful software takes control
of a machine, monitors user actions and
keystrokes, and/or sends confidential data
from the infected computer or network to
the attacker’s home base.
Brute force: The attacker attempts to
decode encrypted data by trying as many
password combinations as possible, as
quickly as possible. Legal and civil damages: The cost of legal
representation and possible damages
related to a privacy or network security
breach.
SIX QUESTIONS TO CONSIDER WHEN
BUYING CYBER INSURANCE Security breach remediation and
notification expenses: The costs to notify
affected parties and manage a privacy
incident.
1. How many records containing
personal information does your
organization retain or have access to?
2. How many records containing
sensitive commercial information
does your organization retain or have
access to?
3. What security controls can you put
in place to reduce the risk of having
your system compromised?
4. Do all portable media and
computing devices need to be
encrypted?
5. What about unencrypted media in
the care, custody, or control of your
third-party service providers?
Ransomware: This software encrypts
files to prevent users from accessing them
and then demands payment for their safe
recovery. These attacks can occur after
clicking on a phishing link or visiting a
compromised website. WHAT CAN CYBER INSURANCE COVER?
Spoofing: A cybercriminal impersonates
another user or device to attack network
hosts, steal information, spread malware,
or bypass access controls. Regulatory defense expenses: Civil fines
incurred in responding to a regulatory
proceeding resulting from a privacy or
network security breach
30
6. Could you make a claim if you were
unable to detect an intrusion until
several months or years had passed?
Crisis management expenses: Public
relations expenses to manage the damage
to your organization’s reputation.
Forensic investigations expenses: The
costs of hiring a breach response firm.
Computer program and electronic data
restoration expenses: Expenses to restore
or recover damaged or corrupted data
caused by a breach, denial-of-service attack,
or ransomware.
E-commerce extortion and reward
payments coverage: Pays for the cost of
a professional negotiator and potential
ransom payments to the person or
organization extorting you or your
organization.
Business interruption and additional
expenses: Income your business loses and
the costs it incurs due to an interruption in
services. +
Insurance Bureau of Canada
ibc.ca