Logo

26
issue
26 (121) 2016
Download PDF-version

Digitisation

How to protect your business from the risk of a cyber attack?

by Robert Woźniak, AIG, financial lines east zone product leader, AIG Property Casualty, EMEA
Header img 9905

 

In today’s day and age, cyber-attacks are just as much of a reality for business owners as physical attacks. All companies that store information on computers, servers, or the internet are prone to cyber-attacks.

That’s why all the companies should use cyber-security services – not only to protect themselves from cyber risks, but also to take preventive measures.

The issue of cyber threats has in recent years gained global notoriety. The reason for this is the increase in detected cyber-attacks on businesses – according to a report prepared by PwC, The Global State of Information Security 2016,  cyber-attacks increased by 46% in Poland and 38% globally in 2015. The principle lesson to be learned is that companies of all sizes are vulnerable to cyber-attacks. Many companies don’t view themselves as the potential target of the attacks because they believe they are too small to be targeted. But from a risk management perspective, that is exactly the wrong attitude to take. All of the companies are in danger and they have to realise that the cyber-attacks can have devastating impact on their businesses and cause damages and costs associated with the need to restore information, hiring additional public-relations services, and removing the malware. In the case of a cyber-attack, sensitive data could also fall in the hands of unauthorised individuals.

The three cyber-attacks you're most likely to face

There are some most common cyber-attacks that your business or workers could face and ways to avoid them. In the coming years, hackers will launch increasingly sophisticated attacks on everything from critical infrastructure to medical devices and other new technologies. Luckily, most of cyber-threats do not target a specific company, and they may be stopped by the use of basic IT security measures, including up-to-date antivirus software and robust firewalls.

Here are the main threats that your company or workers can face with:

  • Malware – If your companies’ computers running slower than usual and the workers are getting lots of pop-ups, your PC-s might have been infected with a virus, spyware, or other malware—even if you have an antivirus program installed. Malware is software used to disrupt computer operations, gather sensitive information, gain access to private computer systems, or display unwanted advertising (trojans, viruses and worms). Malware is most often introduced to a system through email attachments, software downloads or operating system vulnerabilities.

  • Phishing – it’s the attempt to obtain sensitive information such as usernames, passwords or other important data. Typically, a victim receives a message that appears to have been sent by a known contact or organisation. Phishing emails include a link that directs the user to a dummy site that will steal a user's information. In some cases, all a user has to do is click on the link. This kind of attack becomes more and more popular with cyber-criminals, as it is far easier to trick someone into clicking a malicious link than trying to break through a computer’s defences.

  • Advanced persistent threats - APT usually refers to a specific group, with both the capability and the intent to target, persistently and effectively, a specific entity. In other words, it is a specialised attack that is used to attack corporations. APT is a group of highly skilled individuals who have the knowledge and capability to hack into large corporations and government entities. A very popular method is for APT attackers to send a very specific phishing campaign known as spearphishing (multiplying employees’ email addresses).

It is often said that the best defence is a good offence – that is why your company should use firewalls, anti-viruses or anti-spyware software programs that can detect threats like rogue software. But that is not all – protecting your company is not just about installing dedicated software but also creating a new type of thinking. Vulnerability management, configuration management and other basic practices have to be priorities in organisations that have not yet implemented the new protection strategies in the effective way.

How to protect your business?

Building a cyber-resilience action plan is a step-by-step process that any company willing to commit the time and resources can accomplish. Regardless how safe a business feels it and its systems are, however, everyone must still be aware of and vigilant toward online threats. To avoid similar attacks, Polish businesses should take advantage of specialised insurance packages to prevent and protect themselves from cyber-attacks. In our country, less businesses use cyber insurance than businesses abroad (although the number of Polish companies using cyber security is on the rise). This needs to change – fortunately, the benefits from using such insurance products alone have convinced more and more Polish businesses to use this type of policy.

Polish insurance companies – including AIG, which analyses cyber-risks and insures 22 thousand firms of various sizes against cyber threats – report a growing customer demand in cyber-security. To help businesses protect themselves from growing cyber threats, AIG has created CyberEdge – an innovative protective program that serves to prevent the effects of data leakage and other consequences of data attacks. The package provides insurance not only for cases of damage claims or losses due to disclosed data, but also for the cost of consultants – computer forensics, data recovery experts, lawyers and PR consultants who will advise and develop tailored action plans in the event of a cyber-attack.

Companies, regardless of their size, are in danger of cyber-attacks if they store information online.  The key is to develop a personalised package to companies at risk of cyber-attacks, unique to their needs, size, and desired level of security. In assessing the potential risks and collaborating with a company, it is worth understanding  how the business approaches data security and depending on the degree of protection needed, propose a series of tailored insurance solutions.

More in Digitisation:

Digital transformation - the inescapable opportunity

by Zbigniew Szczerbetka, consulting leader, Deloitte Central Europe

 

Digital transformation is an increasingly important feature of the business plans prepared by enterprises wishing to gain competitive advantage over their rivals.

Legal aspects of personal profiling

by Dr Arwid Mednis, attorney at law, partner and Gerard Karp, attorney at law, partner, Wierzbowski Eversheds

 

Profiling is a form of processing of personal data of special concern due to its invasiveness for the right to privacy, particularly in the case of predictive analysis, using data gathered about people to determine how they will act in the future.

GMC Poland business simulation creates employer branding and training benefits.

The Global Management Challenge is the largest competition based on advanced business simulation, where teams of between three and five people compete by managing virtual companies.

Collaborate to succeed in a digitally transformed workplace

by Arthur Kachka, country manager, sales and channel leader in Arkadin Poland, Baltic & Ukraine

 

In our increasingly digital and connected workplace, businesses must become more agile to compete and succeed.