Phishing emails today look a lot different than they did a few years ago. The family of a prince in a faraway land might not be asking you for a large chunk of change if you help them transfer money out of the country as often anymore, but that doesn’t mean the cyber threat is gone for good.
The practice of spear phishing is an emerging risk that targets the upper echelons of a company, like CEOs, CFOs, and CIOs, to gain access to the target network. Once they’re inside, hackers can sit in it for months.
“They come in, [and] they might do something, like change the way that your email works. What they’ll do is often they’ll change forwarding rules, so they're forwarding emails to their account. They can then vet things or tell people to change where they’re going to be sending your money,” said Linda Hamilton, client operations manager and OFAC compliance officer at global data recovery firm Proven Data, and a panelist at the upcoming Emerging Risks & Innovation Summit in New York. “You don’t even know you got an email because it’s being forwarded to a different email address.”
When it comes to cyber threats, even printers aren’t safe from hacking anymore because many are “smart” devices that are connected to networks.
“You need to make sure that [the printer] is segmented from your network or you have stopgaps in place so that if the printer were to be breached, it’s not going to be a doorway to something else,” explained Hamilton, adding that if a hacker can get into the printer server, they can move to the domain controller, and potentially get access to all of a company’s passwords.
“The biggest issue is making sure that when you bring IOT or smart devices into your system, you need to know what it is connecting to, what data is it storing, is any of this confidential information, and if so, how do I protect that information, how do I keep it segregated from the rest of my network, because you really don’t want your network to look like a pancake. You want things to be segmented, so if someone breaks into one part of your network, they can’t access the rest of it.”
With companies facing these heightened cyber threats, insurance professionals need to step up and help to mitigate risks.
“The insurer plays a bigger role than just providing a policy and financial reimbursement in the realm of cyber liability, [and] similarly, the broker has a bigger role,” said Jeremy Barnett, senior vice president of marketing and business development at NAS Insurance, and another panelist at the Emerging Risks & Innovation Summit.
In parallel to the rise in cyber risks, regulators are keeping a closer eye on companies when they are the victims of cyber events. That’s something brokers need to be aware of and talk to their clients about, according to Barnett.
“When organizations do suffer from an incident or a breach or some type of cyber crime event, when law enforcement and potentially regulators get involved, and they see that an organization has not been taking precautionary steps to protect customer data or patient data or providing backups that help secure private information, then they do levy fines onto organizations,” said Barnett. “The fact that [regulations] are emerging, like the California Consumer Privacy Act, we expect that’s going to be an area of greater attention and concern.”
Whether it’s IOT devices, phishing emails, or new regulations, brokers and agents need to stay on top of cyber and technology-related developments.
“It’s definitely more technologically [focused] type of advice, so brokers have to stay sharp on where these risks are,” said Barnett.
Take a deeper dive into this issue at the Emerging Risks & Innovation Summit in May 2019.