Five tips to protect against ransomware attacks

Ransomware attacks are one of the most common forms of cyber attack in Australia. How can you protect your business?

Ransomware hackers steal businesses’ files and demand ransom payments to get them back. The attacks can be devastating financially for companies that are not prepared.

For example, the WannaCry attack hit 200,000 victims in 150 countries.

If you run a business, follow these five tips to safeguard yourself and your business against such attacks.

1. Update your software

Pay close attention to the software you use. Emergence Insurance recommends you alway accepting options to update or patch your operating system and other key applications immediately updates are available. Updates are often designed to strengthen cyber security.

2. Install antivirus software

Regular software updates alone do not ensure your systems are protected. Viruses are still a threat because they constantly evolve. Guard against them by running a reputable antivirus tool and remember to update your software immediately when updates are available.

3. Use common sense on the internet

Be smart about not exposing yourself to cyber attacks. Think before you click on unfamiliar links and don’t open strange email attachments. Delete all emails that look suspicious.

4. Backup your files often 

Create backups of all your files often. It’s a simple, effective way to ensure that if ransomware thieves steal your files and hold them hostage, the thieves have no leverage against you.

5. Develop a cyber security plan

Develop a long-term plan to strengthen your business’s cyber security. It should include educating your employees; upgrading hardware and software; building a business continuity plan; and buying cyber insurance protection to safeguard your business financially in the event of a cyber attack.

 

Source

Emergence Insurance

Emergence Insurance is here to protect all businesses – large and small – against cyber risks. In fact, that’s all we do, so we’re the specialists in the field.

 

Please note Cyberliabilitycomparison.com.au Insurance News is an information service sometimes provided by third parties Insure 247 Australia doesn’t warrants the accuracy of any information contained there in, readers should make their own enquiry’s before relying on information in the stories Terms of Service

Compare Australian Cyber Insurers

Please note that any advice given has been provided without taking into account your objectives, financial situation or needs. It is also based on information we have obtained from you. You must ensure the information is accurate and complete. Otherwise, this advice may be based on inaccurate or incomplete information. You should consider whether the advice is appropriate in light of your objectives, financial situation and needs

Small Businesses Are Not Immune To Cyberthreats

Small Businesses Cyber Threat

Small business is not immune to cyberthreats

You might think that if you run a small business, you’re mostly safe from cybercrime or ransomware attacks. After all, why would a hacker bother to target you when there are bigger fish to fry?

These days, though, no one is safe. Cyber attacks are increasing among companies of all sizes. This doesn’t mean it’s time for your staff to panic. It is, however, worth taking a moment to think about your company’s security measures and consider your insurance needs.

 

Small businesses are vulnerable these days

If you still think cyber security is only a concern for larger corporations, you need to update your thinking. The latest data shows that small businesses are just as vulnerable to data breach incidents as larger ones.

The Australian Cyber Security Centre (ACSC) recently reported on this problem, noting that because so many are unprepared for the possibility of cybercrime against their small business, an attack can be particularly devastating. This has been a more serious issue in just the last couple of years.

The ACSC reported that about 90 percent of small organisations experienced a cyber threat or data breach in 2016 of which 58 percent were successful. This is a sharp increase from prior years’ data.

 

Knowing the risks you’re up against

Once you’re aware that small companies do indeed face cyberattacks, the next element to consider is how costly the cyber risks you’re facing might be. The damage can be significant if your SME is ever attacked.

 

There can be a variety of costs that can impact a business due to a cyber attack, including:

  • IT forensic costs
  • Customer notification costs
  • Increased costs of working
  • Legal defense costs

Some customers might abandon your business if they’re worried about security, and others might demand concessions from you that cost money. All this will impact the brand reputation of the company, which is difficult to recover from after an attack.

 

Getting protection against potential losses

Cyber exposures are significant for a business, and it’s only natural to think critically about protecting your company against hackers.

A new mandatory data breach reporting scheme takes effect in Australia in Feb 2018 which will require certain companies to notify customers and the Australian Privacy Commissioner of data breaches. As a result, not just big corporations but also mid-market and smaller companies will want to buy cyber coverage to assist in managing this new regulatory requirement. Companies are becoming increasingly aware of the need to protect themselves. This is why the cyber insurance market is expected to grow dramatically.

In addition, businesses should consider how a cyber insurance policy can complement the business risk management initiatives. As part of a cyber insurance policy, insurers provide an incident response solution to assist business to recover quickly from a cyber attack.

Source: Emergence

 

Compare Cyber Insurance

 

 

Please note Cyberinsurancecomparison.com.au Insurance News is an information service sometimes provided by third parties Insure 247 Australia doesn’t warrants the accuracy of any information contained there in, readers should make their own enquiry’s before relying on information in the stories Terms of Service

Compare Australian Cyber Insurers

Please note that any advice given has been provided without taking into account your objectives, financial situation or needs. It is also based on information we have obtained from you. You must ensure the information is accurate and complete. Otherwise, this advice may be based on the inaccurate or incomplete information. You should consider whether the advice is appropriate in light of your objectives, financial situation and needs

Cyber Insurance Comparison

Kochie’s Business Builders Explains Cyber Insurance

Kochie's Business Builders

Kochie’s Business Builders Explains Cyber Insurance

To help explain cyber insurance, Steadfast have partnered with Kochie’s Business Builders to produce this short explainer video.

30% of small businesses in Australia experiencing a cybercrime incident

Most cyber attacks are caused by human error the average cost of business was a huge $276,000 in 2015 with over 30% of small businesses in Australia experiencing a cybercrime incident

Why do I need it?

If your business has a website or electronic records, you’re vulnerable to cyber hackers. In fact, it’s likely that your business will suffer a cyber attack at some stage. A cyber attack could cost your business more than money. It could also threaten your intellectual property and put customers’ personal information at risk – which could damage your reputation.
Kochie's Business Builders
What usually isn’t covered?

Exclusions and the excess you need to pay can vary greatly depending on your insurer. Policies generally won’t include cover for:

  • Damage to computer hardware
  • Criminal actions committed by you or your business
  • A cyber attack based on facts of which you were aware
  • Criminals using the internet to steal money from you

Compare Cyber Insurance Quotes from leading Australian Insurers like AIG, Allianz, Brooklyn Underwriting, CGU, Chubb, Dual, Emergence and Zurich.

 

Compare Cyber Insurance

1300-Insure

Please note Cyberliabilitycomparison.com.au Insurance News is an information service sometimes provided by third parties Insure 247 Australia doesn’t warrants the accuracy of any information contained there in, readers should make their own enquiry’s before relying on information in the stories Terms of Service

Compare Australian Cyber Insurers

Please note that any advice given has been provided without taking into account your objectives, financial situation or needs. It is also based on information we have obtained from you. You must ensure the information is accurate and complete. Otherwise, this advice may be based on the inaccurate or incomplete information. You should consider whether the advice is appropriate in light of your objectives, financial situation and needs

How can I protect myself against the WanaCry Ransomware?

Ransomware

WanaCry Ransomware

To best avoid infection of this sort we advise that the following steps are taken to maximise your system protection.

How can I protect myself against the WanaCry Ransomware?

You can protect yourself against the ransomware in the following ways:

  • Ensure you have a valid corporate Antivirus subscription
  • Ensure your Antivirus is up to date
  • Ensure that port 445 is closed on your network
  • Ensure you are up to date with all Microsoft updates on your server and workstations
  • Back up your data with an external hard drive or to the cloud

Please contact your local IT Support if you are unsure if you are protected, or may have the ransomware on your computer.

Need Cyber Insurance?

Compare Cyber Insurance

1300-Insure

Please note Cyberliabilitycomparison.com.au Insurance News is an information service sometimes provided by third parties Insure 247 Australia doesn’t warrant the accuracy of any information contained therein, readers should make their own enquiry’s before relying on information in the stories Terms of Service

Compare Australian Cyber Insurers

Please note that any advice given has been provided without taking into account your objectives, financial situation or needs. It is also based on information we have obtained from you. You must ensure the information is accurate and complete. Otherwise, this advice may be based on inaccurate or incomplete information. You should consider whether the advice is appropriate in light of your objectives, financial situation and needs

Latest Trends in Cybersecurity

Cybersecurity

Trends in Cybersecurity

The release of the latest Cisco security report shows that the cost of data breaches amounted to more than 20% of revenue on top of a substantial loss of customers and opportunities for more than a third of the organisations breached in 2016.

Some of the report’s major findings included

  • Ransomware is dominating the malware market although it is not a new threat it has evolved to become the most profitable malware type
  • Adobe Flash vulnerabilities continue to pose a prominent threat
  • There is a false sense of security about secure connections

Recommendations from Cisco researchers include:

  • Instituting and testing an incident response plan that will enable a swift return to normal business operations following a ransomware attack
  • Not blindly trusting HTTPS connections and SSL certificates
  • Moving quickly to patch published vulnerabilities in software and systems, including routers and switches that are the components of critical Internet infrastructure
  • Educating users about the threat of malicious browser infections
  • Understanding what actionable threat intelligence really is

Full Cybersecurity Report Click Here

Need Cyber Insurance?

Compare Cyber Insurance

1300-Insure

Please note Cyberliabilitycomparison.com.au Insurance News is an information service sometimes provided by third parties Insure 247 Australia doesn’t warrants the accuracy of any information contained there in, readers should make their own enquiry’s before relying on information in the stories Terms of Service

Compare Australian Cyber Insurers

Please note that any advice given has been provided without taking into account your objectives, financial situation or needs. It is also based on information we have obtained from you. You must ensure the information is accurate and complete. Otherwise, this advice may be based on the inaccurate or incomplete information. You should consider whether the advice is appropriate in light of your objectives, financial situation and needs

Could a cyber risks cause disruptions to critical business infrastructure

Cyber Risks

Cyber Risks to critical business infrastructure

When a scheduled flight of a wide-body airliner is cancelled it can cost the airline up to $43,000. So you can imagine what kind of day executives at LOT, the Polish national airline, were having last year when 20 flights were cancelled after computers that issue its flight plans were breached.

“The aviation industry’s growing reliance on data networks, and onboard computer and navigation networks, is rendering it increasingly vulnerable to cyber risks,” says Erlend Munthe-Kaas of Bloomberg Intelligence. “Airlines rely on computers for almost every aspect of operations. As a result, cyber incidents can have devastating consequences, including business interruption and loss of reputation.”

“There’s beginning to be a shift beginning to educate businesses to see the wider, deeper cyber risks picture that in many cases has gone unacknowledged.”

Think of it as cyber creep. The risks aren’t just about protecting your customer’s data, although that remains important. They are insinuating themselves into every nook of your business, creating the possibility of mass disruption to operations and critical infrastructure. As the world becomes more connected, and businesses rely more on machine-to-machine communication and automated manufacturing, the cyber risks pile up. One day, production might grind to a halt. Critical transactions might not take place. Shipments could be steered to incorrect destinations. Planes might not take off.

Continue reading Could a cyber risks cause disruptions to critical business infrastructure

Australian cyber threat to the private sector

Cyber Threat

The Cyber Threat to Australian Business may be larger than first thought with many Australian businesses refusing to report breaches due to concerns the disclosure may adversely affect their reputation or create legal or commercial liabilities.

In the second of the Australian Cyber Security Centres cyber threat report

Extract from  ACSC Threat Report 2016:

Australian industry is persistently targeted by a broad range of malicious cyber activity, risking the profitability, competitiveness and reputation of Australian businesses. The spectrum of malicious cyber activity ranges from online vandalism and cybercrime through to the theft of commercially sensitive intellectual property and negotiation strategies.

The ongoing theft of intellectual property from Australian companies continues to
pose significant challenges to the future competitiveness of Australia’s economy. In
particular, cyber espionage impedes Australia’s competitive advantage in exclusive
and profitable areas of research and development – including intellectual property
generated within our universities, public and private research firms and government
sectors – and provides this advantage to foreign competitors.

The ACSC’s visibility of cyber security incidents affecting industry and critical infrastructure networks is heavily reliant on voluntary self-reporting.
Some companies may be hesitant to report incidents to the government due to concerns the disclosure may adversely affect their reputation or create legal or commercial liabilities. For example, in some cases victim organisations have sought legal advice before reporting an incident.

Many cyber security incidents across the private sector are undetected or unreported. Increased reporting of cyber security incidents by the private sector would subsequently increase the ACSC’s knowledge of cyber adversaries who target Australian industry and critical infrastructure, and the methods they employ. This knowledge would further enable the development of cyber security advice and mitigation strategies.

The ACSC is making a dedicated effort to engage industry on cyber threats and associated mitigation strategies through a process of sustained engagement. However, the private sector’s ability and willingness to recognise the extent of the cyber threat and to implement mitigation strategies varies considerably across and within sectors. Generally, companies that have been extensively targeted or compromised are more likely to view the business risks associated with the cyber threat as sufficient to warrant investment in cyber security.

Those without direct experience of being targeted or a victim may not be aware of the potential economic harm malicious cyber activity can cause their businesses, do not
understand the value of the data they hold, and cannot conceive why they would be targeted.

 

Australian Cyber Threat

Between July 2015 and June 2016, CERT Australia responded to 14,804 cyber security incidents affecting Australian businesses

Between July 2015 and June 2016, CERT Australia responded to 14,804 cyber security incidents affecting Australian businesses, 418 of which involved systems of national interest (SNI) and critical infrastructure (CI).

CERT Australia relies heavily on the voluntary self-reporting of cyber security incidents from a wide variety of sources throughout Australia and internationally and therefore does not have a complete view of incidents impacting Australian industry.

Sources: www.acsc.gov.au

Need Cyber Insurance?

Compare Cyber Insurance

1300-Insure

Please note Cyberliabilitycomparison.com.au Insurance News is an information service sometimes provided by third parties Insure 247 Australia doesn’t warrants the accuracy of any information contained there in, readers should make their own enquiry’s before relying on information in the stories Terms of Service

Compare Australian Cyber Insurers

Please note that any advice given has been provided without taking into account your objectives, financial situation or needs. It is also based on information we have obtained from you. You must ensure the information is accurate and complete. Otherwise, this advice may be based on inaccurate or incomplete information. You should consider whether the advice is appropriate in light of your objectives, financial situation and needs

 

If Hackers Steal Data Who Pays

It’s Just Hackers

In 2014 Hackers stole data from Yahoo that resulted in the details of 500 million users personal details including names and emails, as well as “unencrypted security questions and answers” be taken.

The breach damaged the trust in the brand, required Yahoo to publicly disclose the cyber-breach and advise all its users to change their passwords.

However, not all users changed their password and some are still reporting loss of data

The Cost of a Cyber Breach*

The costs of a data leak or data loss are rapidly accruing, with the total average cost per data breach within Australia now sitting at $AUD2.82 million, according to a 2015 study from IBM and Ponemon Institute. Moreover, the average cost per lost or stolen record has reached $AUD144, while the average number of breached records per incident is just under 20,000.

 

But I don’t have that many clients

The high-profile breaches recently included MySpace (359 million), LinkedIn (164 million) and Adobe (152 million), however, the hacking of a Gold Coast doctor in 2012 cost $4000 dollars.

Report a cyber incident

The Australian Signals Directorate (ASD) provides government with a greater understanding of cyber threats, and the coordination of whole-of-government operational responses to cyber incidents. The Cyber Security Incident Reporting (CSIR) scheme assists ASD with this role.

The Australian Government Information Security Manual (ISM) states agencies must report cyber security incidents to ASD. Cyber security incident reports are the basis for identifying and responding to cyber security incidents across government.

Reporting cyber security incidents helps ASD to develop a threat environment picture for government systems, and assist other agencies who may also be at risk. Cyber security incident reports are also used for developing new policies, procedures, techniques and training measures to help prevent future incidents.

The types of cyber security incidents agencies should report to ASD include:

  • suspicious or seemingly targeted emails with attachments or links
  • any compromise or corruption of information
  • unauthorised access or intrusion into an ICT system
  • data spills
  • theft or loss of electronic devices that have processed or stored Australian government information
  • intentional or accidental introduction of viruses to a network
  • denial of service attacks
  • suspicious or unauthorised network activity.

To report a cyber incident:

Sources: http://www.asd.gov.au/infosec/reportincident.htm *http://www.cso.com.au/

Need Cyber Insurance?

Compare Cyber Insurance

1300-Insure

Please note Cyberliabilitycomparison.com.au Insurance News is an information service sometimes provided by third parties Insure 247 Australia doesn’t warrants the accuracy of any information contained there in, readers should make their own enquiry’s before relying on information in the stories Terms of Service

Compare Australian Cyber Insurers

Please note that any advice given has been provided without taking into account your objectives, financial situation or needs. It is also based on information we have obtained from you. You must ensure the information is accurate and complete. Otherwise, this advice may be based on inaccurate or incomplete information. You should consider whether the advice is appropriate in light of your objectives, financial situation and needs

Zurich's Digital Resolve Response

zurich_Logo_4c [Konvertiert]

Zurich’s Digital Resolve Response what is it?

Insurers are busy preparing for a explosion in Cyber Insurance clients, but with clients come claims, and for some clients the insurers response to an event will set the standard.

One cyber insurer Zurich has put together a team of specialist companies to make a panel of first respondents to a cyber event, these specialists legal teams, PR teams, digital forensics teams, incident response, and security sciences, investigation, eDiscovery and due diligence.

What is DigitalResolve and how does it work

It can help to:

  • Locate and rectify the source of cyber attacks, failures or breaches
  • Protect businesses from further attacks or disruptions
  • Assess financial losses
  • Protect a business’s brand/reputation
  • Ensure compliance with local regulations
  • Notify victims of data breaches
  • Negotiate ransomsUndertake credit monitoring
  • Recover losses from negligent third parties

Zurich Digital Resolve have access to experts to assist in the following areas:

  • Forensic Accountants
  • Legal Advice
  • Public Relations
  • IT Forensic loss assessment
  • Kidnap and ransom response teams
  • Cyber Extortion Experts
  • Identity Protection
  • Credit Monitoring
  • Public Notification
  • Regulatory No

 

 

Zurich Digital Resolve Group Include

Mandiant

Mandiant, a FireEye company, is the leader in helping organizations respond to and proactively protect against advanced cyber security threats.

“Mandiant is at the forefront of helping organizations rethink how to prepare for security breaches.”

– Michael Chertoff, Former Secretary of Homeland Security

Stroz Friedberg

Stroz Friedberg is a specialized risk management firm built to help clients solve the complex challenges prevalent in today’s digital, connected and regulated business world.

DLA Piper

DLA Piper is a global law firm with lawyers located in more than 30 countries throughout the Americas, Europe, the Middle East, Africa and Asia Pacific, positioning them to help companies with their legal needs anywhere in the world.

Norton Rose

Norton Rose Fulbright is a global law firm.

FleishmanHillard

FleishmanHillard in Australia is part of a global marketing and communications network operated by one of the industry’s leading PR agencies.

Crawford

Crawford & Company is the world’s largest independent provider of claims management solutions to insurance companies and self-insured entities.

If an incident occurs, clients can call a hotline 24/7, 365 days a year. An Incident Manager will be appointed to handle their case and will select a team of experts to act on the client’s behalf. The team will comprise everyone from IT forensic experts and consultants, to legal experts in data protection and cyber breaches, to PR consultants who can help mitigate any reputational damage.

Like to know more


1300-Insure

Please note Cyberliabilitycomparison.com.au Insurance News is an information service sometimes provided by third parties Insure 247 Australia doesn’t warrants the accuracy of any information contained there in, readers should make their own enquiry’s before relying on information in the stories Terms of Service

Compare Australian Cyber Insurers

Please note that any advice given has been provided without taking into account your objectives, financial situation or needs. It is also based on information we have obtained from you. You must ensure the information is accurate and complete. Otherwise, this advice may be based on inaccurate or incomplete information. You should consider whether the advice is appropriate in light of your objectives, financial situation and needs

Cyber risk is bigger than an IT issue

Cyber risk is bigger than an IT issue

One thing is becoming clear about cyber risks: the problem is much bigger than any organization’s information technology department.

Background

My background as an IT leader and information security professional before I joined XL Catlin gives me a good vantage point on how businesses can make the mistake of thinking that cyber risk begins – and ends – with their technology operations. Regardless of a company’s size and resources, IT operations play a critically important role in cybersecurity. But the total cost of cyber risk affects the entire enterprise, and a cyber incident frequently causes problems that no IT professional, however talented, can solve.

Business continuity, third-party liability, reputational damage and regulatory compliance – those are beyond the purview of IT. A well-run IT department can minimize downtime and get systems back up, which is critical. The value of data and the cost of a disruption, however, are ultimately determined by the data owners in the business operations. While a system shutdown can be catastrophic for some organizations, business interruption and data recovery insurance are available to mitigate that risk. Regulations regarding cyber security are evolving, and insurance is available to manage that uncertainty too.

But the business itself must communicate with its employees, customers, investors and perhaps regulators, after an incident. If a data breach has occurred, a forensic investigation and notification of affected parties are likely required. A strong, unified message is critical to convey, and that is best delivered with the help of senior executives and crisis communication professionals. One of the valuable benefits of cyber insurance is access to expert resources, from PR to forensics to IT specialists, who can quickly come in to assist.

The complexity of responding to a cyber incident and communicating with stakeholders are strong reasons to have a team, such as an executive control group. The composition of such a team depends on the size of the entity and the nature of its business. In larger organizations, it likely will include enterprise risk management staff as well as C-level leaders, such as the chief technology or chief information officer. For smaller and midsize organizations, the team might include the general counsel, chief operating officer and the head of IT, for example. Regardless of the specific titles, the functions that need to come together to discuss cyber risk include risk management, operations, IT, legal, marketing and communications. Ideally, a cyber risk steering committee or group is convened to ensure that all relevant areas of the organization are represented and kept informed. The job of managing cyber risk shouldn’t fall to one person, however; a cyber risk team can ensure that the entire organization understands the risk and adjusts procedures accordingly.

It’s important to think about cyber insurance as similar to property or commercial general liability – as a form of protection that your organization needs to continue operating.

Midsize companies have particular challenges when it comes to cyber risk. Often they have fewer IT resources, which makes them attractive targets for cyber attacks. Statistics on cyber attacks bear this out. The 2015 Cyber Claims Study from risk assessment firm NetDiligence found that 71% of cyber claims came from organizations with less than $2 billion in revenue, and 56% came from those firms with less than $300 million.

Many midsize companies also have contractual requirements with bigger organizations that increase their need for high cyber insurance limits. Based on their own perceived exposure, a midsize organization might not think it needs to purchase a lot of cyber insurance coverage, but that situation can change if a business relationship requires it. The lesson here is to look closely at your business and all risks relating to your systems and networks. How long could your firm afford to remain offline, if a cyber incident disrupted your IT operations? Could your company lose revenue or customers if that happened? Would you be able to meet your obligations to business partners?

There is a lot to understanding and managing cyber risk. A team approach is a good way to cover the bases, as well as working with expert resources and strong insurance partners to help protect your business.

About the Author

Sean M. Donahue is assistant vice president and underwriter, Cyber and Technology Insurance, at XL Catlin.

Source XL Catlin

1300-Insure

Please note Cyberliabilitycomparison.com.au Insurance News is an information service sometimes provided by third parties Insure 247 Australia doesn’t warrants the accuracy of any information contained there in, readers should make their own enquiry’s before relying on information in the stories Terms of Service

Compare Australian Cyber Insurers

Please note that any advice given has been provided without taking into account your objectives, financial situation or needs. It is also based on information we have obtained from you. You must ensure the information is accurate and complete. Otherwise, this advice may be based on inaccurate or incomplete information. You should consider whether the advice is appropriate in light of your objectives, financial situation and needs