Human Vulnerabilities are the Leading Cause of Cybercrime and Ransomware affecting Individuals and Businesses
A prominent cause of cyber fraud and hacking incidents that result in interruption or loss for individuals and businesses begins with Compromised User Credentials triggered by a user’s response to an email that looks like it is from Outlook 365, Google Suite or other email provider that requests a password change. Once the credentials are compromised, hackers capitalize monetarily by tricking users to send digital payments on behalf of oneself, their business or a customer (wires, ACH, ePay) to bank accounts that are not those of valid customers or suppliers, or to ship inventory to addresses that are not those of a legitimate customer.
Hackers are exploiting human vulnerability to gain Compromised User Credentials to infiltrate servers, access files, and conduct Ransomware incidents that result in interruption and loss for users. The FBI’s 2019 Internet Crime Report cited that 94% of malware incidents were delivered via email. 75% of those companies infected with Ransomware were running up-to-date endpoint protection.
In a recent webinar published by cyber insurance leaders, Brian Thornton of ProWriters, and underwriter Mike Palotay of Tokio Marine Houston Casualty Insurance Company (TMHCC), Palotay cited that reliance on password protection alone is not an effective strategy without additional measures such as implementation of dual or multi-factor authentication (insert link to past AssetSure Blog: Are You and Your Company Cyber Safe?) and email filtering capabilities from email providers and third-party providers, yet the latter two strategies continue to have very low adoption rates by individuals and businesses.
Cyber Liability insurance rates and capacity continue to be impacted by the high incidence of cybercrime and ransomware. According to Palotay, where hackers initially targeted real estate, accounting, insurance, law and escrow firms for cybercrime, there is a rise in incidents for businesses in other industries including construction, manufacturing, and distribution. Unlike traditional cyberattacks that relied on security vulnerabilities to gain access to unauthorized devices or networks, hackers that intend on committing cyber theft rely on techniques that target human vulnerabilities. Tools exist to educate employees on such techniques to increase the probability for defense against cyber theft and ransomware incidents, however additional measures must be taken by individuals and businesses to greatly improve defense against cybercrime and ransomware incidents.
For additional information, check out the following Prowriters Resources available for download: