Knowing the most common cybersecurity attacks can help brokers better advise their clients on risk mitigation strategies, a Canadian cyber insurance provider has said.
Selling cyber policies remains a concern for many brokers, who are struggling to keep up with the increased frequency and severity of sophisticated cyberattacks and ever-evolving coverages.
The more brokers understand about the nature of cybercrime claims, the better equipped they will be to advise clients on preventing losses in the first place, George Bozanin, managing partner and head of business development with Coalition Insurance Canada, told Canadian Underwriter.
“While ransomware and funds-transfer fraud are the main ways criminals immediately monetize cybercrime, they use a wide array of attack techniques and tactics to gain access to systems in the first place,” Bozanin said.
The most common attack vectors in claims experienced by Coalition policyholders were social engineering leading to business email compromise; insecure remote access exposed directly to the internet; and third-party vendors targeted in supply-chain attacks — all of which “can lead to potentially catastrophic cyber events.”
“So far in 2021, the top attack techniques experienced by Coalition policyholders include phishing (48%), exploitation of vulnerabilities on public-facing applications (27%) and exploitation of insecure remote access (12%),” Bozanin said, quoting Coalition’s recent 2021 Claims Report.
What to tell your clients
Bozanin said brokers should provide their clients with “specific and actionable recommendations” to protect their businesses.
“Brokers should tell clients that every password they set, tool they use and network they access can leave them exposed and vulnerable to cyber threats.”
Bozanin said Coalition recommends the following best practices:
- Increase email security: email is not a secure form of communication so every organization should use caution when sending or verifying sensitive information by email. Recommend that clients use a secure email hosting provider and investigate free security measures to enhance email security.
- Implement Multi-factor Authentication (MFA): MFA immediately increases your client’s account security by requiring multiple proofs of identity when signing into an application. MFA should be implemented on all critical business applications, such as email.
- Maintain good data backups: a good data backup can mean the difference between a full loss and a full recovery after a ransomware attack. Recommend that all business clients maintain backups both on and off-site for critical business data, and test backups by attempting a full recovery.
- Enable secure remote access: remote access creates more risk for organizations and should be implemented carefully.
- Update software: cyber criminals exploit vulnerabilities to gain access to systems or spread malicious software. These vulnerabilities can be located and patched through regular software updates.
- Use a password manager: password managers help keep track of multiple passwords and generate new ones at random. They are essentially an encrypted vault for storing passwords that are protected by one master password.
- Scan for malicious software: endpoint detection and response (EDR), a more enhanced version of antivirus software, is an emerging technology that addresses the need for continuous monitoring and response to advanced threats.
- Encrypt data: encryption is the process through which data is encoded so it’s hidden from bad actors who manage to gain access. Encryption helps protect private information and sensitive data, and enhances the security of communication between client apps and servers.
- Implement a security awareness training program: train employees so they will stay vigilant and avoid becoming victims of a phishing attack.
- Value of cyber insurance: if all else fails, brokers should remind clients that organizations want to ensure they can recover financially from a catastrophic attack.
Feature image by iStock.com/solarseven