COVID-19 disruptions have sparked an increase in Cyber Attacks… Is your business protected?

July 7, 2020

Throughout the disruption brought by COVID-19, businesses have adapted to flexible working arrangements and many people are working from home for the first time. The changes to our working environment has resulted in specific cyber security risks, including targeted cybercrime.

Despite recent efforts by the government to help mitigate the increasing cyber risk to both businesses and individuals, cyber-attacks have dramatically increased and are more prevalent than ever for businesses of any size.

Cybercriminals are becoming more sophisticated in Phishing campaigns and SMS scams to extract confidential data or passwords from unsuspecting internet users. Often the attackers are masked as retail banks, government departments and other credible and legitimate sources.

Prime Minister, Scott Morrison, recently commented that cybercrime is “increasing in frequency, scale, in sophistication and in its impact”. He further stated that these activities are “not new”, but the frequency has increased over “many months”.

As a result, the government has committed to $748m in new cyber securities initiatives. The allocation of resources will be mainly for the defence of malicious interferences and $470m to expand the Australian Cyber Security workforce within the Australian Signal Directorate. This public announcement and allocation of resources demonstrates how serious the government considers the risk is to Australian businesses and individuals.

An example of a cyber threat includes the new ‘copy-paste compromise tactic’:
ASCA provided an advisory on the recent “copy-paste compromises” tactics and techniques and communicated the various “spear phishing techniques” to be:

  • Links to credential harvesting websites;
  • Emails with links to malicious files, or with the malicious file directly attached;
  • Links prompting users to grant Office 365 OAuth tokens to the actor; and
  • Utilisation of email tracking services to identify the email opening and lure click-through events.

Recent cyber attacks to large organisations:
Well-established companies have fallen victim to ransomware attackers. Toll Group corporate server files had been attacked in May 2020, which resulted in a total system shut down. Personal information had been stolen (including salary, superannuation and tax file numbers). Similar incidences have also occurred to Service NSW in April in which 47 staff accounts were attacked, MyBudget in May where left in 13,000 customers in financial limbo and Lion Australia was blackmailed to publish confidential company data on the dark web.

How Cyber insurance can protect your business from cyber threats:
In this current climate, it is integral that every business priorities Cyber risk management and employee awareness. As with all risk, incidents and losses may still occur and Cyber Insurance is a vital part in protecting an organisation.

Cyber Insurance cover includes:

  • Cyber-attacks from malware or other intrusive programming, digital blackmail and social engineering.
  • Investigation: a forensic investigation to determine the cause and prevent similar attacks occurring. Often requiring a third-party security firm;
  • Business losses: a cyber insurance policy may include cover for losses resulting from network downtime, business disruption, data recovery, and costs incurred by managing a crisis and can extend to reputational damage;
  • Security and notice: This includes the costs to produce required data breach notices to clients and other affected parties, which is mandatory requirement under Privacy legislation; and
  • Lawsuits and extortion: Cover may include legal expenses associated with the release of confidential information and intellectual property, legal settlements and regulatory fines. The cover may also include the costs of cyber extortion, such as from ransomware.

If cyber-attacks are addressed quickly, response can be inexpensive, and IT security can be re-stabilised to minimise the impact upon business operations.

For Individual and Business Cyber Insurance, please contact Gow-Gates Insurance Brokers:

Cyber Risk Team:
E: cyber@gowgates.com.au
P: 02 8267 9999

Comments are closed.