How Deep Does the Rabbit Hole Go?

An interesting headline for an insurance article I realize but I am continually surprised how far and wide reaching this new “cyber thingy” is taking hold across the globe. And the effect is largely unseen as a clear majority of businesses don’t report these cyber hacks or data breaches to anyone and just battle through. Perhaps because there is no one to report them to or they are simply not insured.

When will it stop? Or a better question, how far will it go? hence my article headline.

I heard recently that Artificial Intelligence will soon be deployed into cyber hacking,no need for human intervention to search and find the next victim. They will deploy a self-learning program that continues to watch and act as necessary and strike when the percentage variables are right mainly down to our traits of repetitiveness and laziness.

A case in question!

Recently a builder had his email systems compromised likely from a phishing email, which opens a backdoor into your computer. Originally I struggled as to see how a builder would need Cyber Event Protection, most don’t use computers that much and outsource anything that isn’t building and tools of trade.

However I was wrong, here’s how it panned out:

The builders’ own email system sent an email to the owner while the builder was in mid-flight on an overseas holiday so could not be contacted by anyone. The email requested that the owner make a progress payment as scheduled. That was sent onto the bank with the relevant Tax Invoice with all the proper details on it, just different bank details. It seemed evident that the bank received the correct documentation from the builder and authentication from the client that the job had been completed as scheduled and proceeded to make the payment.

Voila! Money transferred into hackers account, promptly withdrawn and account closed, never to be seen again. The builder when he returned sent the proper Tax Invoice to the owner and that’s where the problems started. Threats about Court and not finishing the job were worthless. Builder needed the progress payments to continue other works,in this case the builder may not survive this episode. And to think that I didn’t think a builder needed Cyber Event Protection Insurance.

This is fast becoming known as a “Digital Fire”, a phrase coined by Troy Filipovic, Managing Director of Emergence Insurance who specifically only underwrite Cyber Insurance on behalf of Lloyds of London. Troy and I recently presented to a large client in the Northern Rivers and Troy’s statement of “Every organization relies on digital in some way - to communicate, to transact or to compete. Data breaches and cyber events are not an IT security problem but a business problem. There is no such thing as an impenetrable system. Compromise is expensive, it can include financial losses, damage to reputation, loss of intellectual property and disruption to business.”He couldn’t be truer.

I’m just asking you:Do you have your passwords saved in a folder in your emails called passwords, or a word document call “Passwords”?Its all too easy for the hacker!

These events are often random and can affect both small and large companies. Distribute IT was a $50mil turnover business with a 10% market share managing 250,000 domains, 30,000 hosting clients and 3,000 resellers with offices across Australia and Jakarta. They were in the process of an IPO onto the Australian Stock Exchange. One lonely trucker who was trying to get a job in the IT field applied for a job and didn’t get it so decided to take it upon himself to demonstrate how good he was and with 6 DoS (denial of service) attacks, the primary server and 4 levels of backups were destroyed. The regulator stepped in and took over the business and it no longer exists today and that lonely trucker is currently in jail. A sad story for the owners and investors and goes to show how easy it is to be a victim even when you do nothing wrong.

NOTE: This article is general in nature and does not provide any personal advice. Oracle Group (Australia) Pty Ltd t/as Agile Insurance Advice have not had the opportunity to understand your personal and business financial circumstances. Should you wish further information, please always refer to the Product Disclosure Statement.