The cyber crime of social engineering has developed because of human fallibility.
Emergence Insurance Head of Underwriting & Product Development Jeff Gonlin told an Emergence webinar: “Your computer is easier to hack than the banks’ and humans are easier to hack than any computer.”
Social engineering was “hacking humans” by deceiving them into paying fake invoices or handing over confidential information.
Because transferring money was now the most common way to pay bills, “conmen have adapted the way they lie and cheat” to suit technology.
While technology has changed, people have not and can be psychologically manipulated because of their desire to be helpful and their attitude to authority.
The rise in social engineering crimes prompted Emergence to change its policy wording to provide coverage.
“Social engineering was an orphan, but we adopted it,” Jeff told the webinar, which had 1,200 participants – Emergence’s largest since it launched the webinar series in 2017.
Emergence policies now include a new, optional section, Criminal Financial Loss, which offers cover for socially engineered thefts and cryptojacking. The new covers are in addition to cyber theft and telephone phreaking, which have long been part of Emergence’s offer.
The policy covers direct financial losses and theft of service, for example increased bandwidth and electricity costs generated by cryptojacking. “You need a lot of computer power to create digital currencies. If a criminal can use your computer to mine digital currencies, why not?” Jeff said.
“Unlike ransomware, cryptojacking occurs in stealth mode. You may notice your computer performance is slower and your electricity costs are far higher.”
Cryptojacking rose 40% in 2018 because “bitcoin’s value went from zero to hero”.
Gerry Power, Emergence’s National Head of Sales, told the webinar risk management could prevent a lot of cyber crime.
“Human error is within our control. Employees are the last line of defence against phishing emails or suspicious calls. Improving your security posture can reduce your cyber insurance premiums.”
“Credential stuffing” is a trending method of hacking that uses stolen credentials to mount large-scale automated login requests. Because so many people reuse the same passwords across multiple devices, credential stuffing can be successful.
Gerry said password phrases ensured greater protection.
He advised organisations to encrypt data; have multiple back ups on and off site; disconnect backups from the network once completed; have business continuity and disaster recovery plans in place and test them often; and consider third parties that have network access.
“If an interconnected supplier is hacked, criminals may be able to walk straight into your system. What are your corporate crown jewels? Where are they stored? How secure are they?”
Gerry said while a cyber policy was part of every successful business’s risk management framework, it was not the first line of defence.
“Cyber insurance is designed to protect a business when its IT security, policies and procedures fail to stop an attack,” he said. “But no amount of risk management can get you out of the sights of a determined cyber attacker.”
Emergence is a pioneer of cyber cover in Australia and provides protection for SMEs through to ASX-listed entities.
Emergence has been voted the 2019 Insurance Business Underwriting Agency of the Year and has won Insurance Business’s brokers’ pick award for Cyber Product of the Year in three of the last four years.
Access the broker portal to get Emergence cyber quotations for your clients. Email info@emergenceinsurance.com.au to get access.
This post is another cyber education initiative from Emergence.