In what now seems like a foreboding example of premonition, Kansas Commissioner of Insurance Ken Selzer on Thursday released a shortlist of tips that his office intended to help individuals and businesses protect themselves against identity theft or a cyber attack.
"It is important that cyber vigilance begins at home," Commissioner Selzer said in his May 11 statement. "Knowing some common-sense precautions can keep you and your personal information safer."
One day later, international hackers unleashed the WannaCry ransomware program, which demands $300 from the user of an infected computer or device in order to restore its data. As the virus spread over the weekend, insurance agents, brokers and consumers braced themselves for a major Monday-morning tech headache.
Good reason to worry
White House Homeland Security Adviser Tom Bossert said Monday that 150 countries and more than 300,000 people were affected by the WannaCry attack, which revealed a vulnerability already known to cyber security experts worldwide.
"Law enforcement, IT professionals, consumers, business, and the public sector all have responsibility to act to keep enabling the good that the Internet brings," Kathy Brown, president and CEO of the Internet Society (ISOC), said in a press release Monday. "We have a shared responsibility to collaboratively get this under control."
Brown hoped to draw attention to recent survey results compiled by the ISOC along with the Centre for International Governance Innovation (CIGI) and the United Nations Conference on Trade and Development (UNCTAD). Their Global Survey on Internet Security and Trust found that "most people are ill equipped to deal with ransomware."
What’s more, researchers determined that 6 percent of people worldwide have already been impacted by malware, and nearly twice as many know someone who has been victimized by a cyber attack.
Roughly one in four people interviewed for the survey said they would "have no idea" what to do if their computer or device were targeted by malware or ransomware.
"Ransomware attackers have discovered that they don't have to steal or destroy your data to enrich themselves, they just have to hold it hostage," Fen Osler Hampson, distinguished fellow and director of Global Security at CIGI, said in a prepared statement. "Our survey data shows that many people are willing to pay to get their data back, which makes such attacks highly profitable."
Roughly one in four people "have no idea" what to do if their computer or device is targeted by ransomware. (Photo: iStock)
"In the US alone, 63% of firms reported experiencing a cyber incident in the past year, and 47% said they had two or more," said Dan Burke, cyber and technology product head at Hiscox USA. The Hiscox Cyber Readiness Report 2017 surveyed more than 3,000 businesses in the U.S., United Kingdom and Germany on their cyber preparedness. Researchers concluded that last year alone, cyber crime cost the global economy $450 billion.
"Larger companies (250+ employees) had a somewhat higher risk, with 72% reporting one or more incidents, compared to 60% of smaller firms (less than 249 employees)," Burke said a press release.
Scary wake-up call
"When we see whole systems like the National Health System in the United Kingdom directly targeted, it reinforces how dependent we have become on our data-driven networks," Michael Kaiser, executive director of the nonprofit National Cyber Security Alliance in Washington, D.C., said in a statement about the WannaCry event. "It is of utmost importance that cybersecurity of those networks be a top priority of businesses and organizations large and small."
Speaking in terms of "cyber hygiene," Kaiser recommended the following urgent cybersecurity steps:
- Keep clean machines: Prevent infections by updating critical software as soon as patches or new operating system versions are available. This includes mobile and other internet-connected devices.
- Lock down your login: Strong authentication — requiring more than a username and password to access accounts — should be deployed on critical networks to prevent access through stolen or hacked credentials.
- Conduct regular backups of systems: Systems can be restored in cases of ransomware and having current backup of all data speeds the recovery process.
- Make better passwords: In cases where passwords are still used, require long, strong and unique passwords to better harden accounts against intrusions.
Insurance and the financial services sector are among the industries most vulnerable to cyber attacks. Consider the following chart compiled by Statistica, the internet research agency, which shows the industries that tend to be targeted by malware or ransomware, and what shape these attacks might take.
You will find more statistics at Statista.
Insurance and financial services are especially vulnerable to cyber attacks. (Photo: iStock)
Insurers survey WannaCry impact
In its summation of the impact the WannaCry attack could have on insurers, the cyberinsurance and risk management company Cyence determined that direct ransom costs could be about $10 million. But executives worried that the deeper impact will be felt by the attack’s business interruption, which could cost companies approximately $8 billion.
"Cyber insurance policies would respond to this event, but there are a few factors which will limit insurer’s ultimate exposure," Cyence executives said in a prepared statement. "Cyber insurance policies have retentions/deductibles that are typically at least few thousand dollars. Since WannaCry’s demand is only $300, this cost would be borne by the insured — not the insurer."
The best defense...
The best defense in a good offense. With that in mind, here are the 10 tips that Kansas Insurance Commissioner Ken Selzer released to the public last week:
- Set strong passwords and don’t share them with anyone. Set them with at least eight characters, including letters, numbers and symbols.
- When using unfamiliar websites, be sure the URL begins with "https." The "s" at the end indicates it is a secure site.
- Keep your operating system, browser, and other critical software optimized by installing updates, including antivirus and anti-spyware updates.
- Maintain an open dialogue with your family, friends and community about Internet safety. Let them know you take it seriously.
- Limit the amount of personal information you post online, and use privacy settings to avoid sharing information widely.
- Be cautious about what you receive or read online — if it sounds too good to be true, it probably is. Also, if a message sounds out of character for the sender, or includes nothing but a link in the body of the email, it may be suspicious. Check with the person who purportedly sent you the message to make sure it is legitimate.
- Cyber attackers often take advantage of current events to conduct "phishing" attacks, where they will attempt to obtain personal information by posing as a trustworthy organization. Verify the legitimacy of the organization’s request by contacting the company by another means.
- Limit the type of business you conduct on public Wi-Fi networks. Don’t do your online shopping from an internet café. Do business with credible companies, and devote one credit card with a small credit line to online purchases.
- Password-protect your smart phone.
- Finally, and maybe most importantly, check your homeowners or identity theft insurance policies for the level of coverage you have in case of a cyberattack on your devices.
"The continual increase in cyber traffic means that home computer networks and smart devices are more vulnerable" than ever, Selzer said. "We need to be vigilant in making sure our personal information is kept secure."