CYBER THREATS AND HOW TO A VOID THEM AGENDA 1. Development of - - PowerPoint PPT Presentation

CYBER THREATS AND HOW TO A VOID THEM

AGENDA

1. Development of the cyber world 2. Threats to small businesses 3. Cyber Recovery Insurance

Y

• ur presenters

Anne Jackson Sales Director, Lorega Sarah Morton Sales and Marketing Manager, Lorega Gary Hibberd Managing Director, Agenci

Lorega LTD

Increasing global internet use

• 3.7 billion internet

users globally

• Devices not limited

to desktop and mobiles

• Huge increase in

internet connected devices, including thermometers, refrigerators and smart watches.

http://wearesocial.com/uk/blog/2017/01/digital-in-2017-global-overview Lorega LTD

What happens online in 60 seconds?

http://www.excelacom.com /resources/blog/2016- update-what-happens-in-

• ne-internet-minute

https://iabuk.net/research/library/time-spent-online-july-december-2015 Lorega LTD

But what else is happening?

https://www.helpnetsecurity.com/2016/04/08/dark-web-content/ https://darkwebnews.com/help-advice/access-dark-web/ Lorega LTD

• Cyber crime and data

breaches aren’t always about money

• Other motivations include

hacktivism, teenage boredom and training for larger crimes

Motivations for cyber criminals

http://www.hackmageddon.com/2016/02/16/january-2016-cyber-attacks-statistics/ Lorega LTD

THREATS TO SMEs

What’s out there?

Lorega LTD

Ro Rogue Employee

• Physical theft of

data

• Data could be

sold to competitors

• Could be used

for extortion Ne Negl glige gence

• Employee could

send data to the wrong place or source

• Physical loss of

hardware such as a mobile phone or laptop

• Victims of phishing

emails Ou Outsider r Thre reat

• Hacking
• Hacktivism
• Malware,

ransomware and viruses

• Leads to theft of

data, unauthorised access to systems or total shutdown of systems and websites 3rd

rd par

party an and d vendo dor threat at

• Cloud and other

storage or data systems

• Network interruption
• Loss of data or theft of

data

• Backdoor intrusions

Types of threats to businesses

Lorega LTD

Types of threat: Rogue Employees

• May steal data when leaving to join a

competitor

• Could use data for own use
• Could lead to criminal convictions

Avoid the threat

• Ensure robust data security policies

and procedures in place

• Only grant access to data or certain

technologies if necessary

Lorega LTD

Types of threat: Negligence

• PICNIC – Problem In the Chair, Not In

the Computer

• Rise of BYOD

Avoid the threat

• Ensure proper disposal of sensitive

data

• Password protect devices
• Have backups in place

Lorega LTD

Types of threat: Outsider Threats

• This is what most people think about when

they think of cyber security and cyber crime Avoid the threat

• 10 steps to avoid cyber bugs and thugs
• Protect systems
• Invest in cyber security
• Have a cyber insurance policy in place
• Secure WIFI networks

Lorega LTD

• UK the most targeted nation for phishing

attacks and ransomware in 2015

• 85% of organisations reported being the victim
• f a phishing attack in 2015
• 30% of phishing emails are opened
• 9 out of 10 phishing emails carry ransomware
• r malware

Avoid the threat

• If it looks dodgy, impersonal, it probably is
• Don’t click on attachments or links from

unknown senders

• Don’t email personal or financial information
• Never go to banking websites from emails
• Turn on two factor authentication

Types of threat: Phishing emails

Lorega LTD

Sophisticated Google Drive phishing

• Tom Scott received

an email that looked like a google drive attachment

• The sending address

was disguised as a friend’s email

Lorega LTD

Look familiar?

Lorega LTD

Types of threat: CEO Fraud

Lorega LTD

Types of threat: CEO Fraud

• 1 in 3 companies have been victims of CEO

fraud email

• Over 80% of security professionals believe

executives in their organisation could fall for targeted phishing scams

• Often ask for bank details, but employee

records have also been targeted

• Can happen on the phone

Avoid the threat

• Would your CEO normally ask you to make

that payment or send those details?

• Ring to check
• Be vigilant and look out for spelling mistakes,

different ways of speaking or anything unusual

• Always check bank statements

Lorega LTD

Types of threat: Ransomware

• 54% of UK companies hit by ransomware attacks

last year

• 37% of organisations affected have paid the

ransom

• 32% of UK have lost files or data
• 34% of companies globally have lost money
• Average of 9 hours spent on remediation
• Only 4% of businesses confident in dealing with

ransomware Avoid the threat

• Never pay the fine
• Always backup data
• Don’t download .exe or other program files from

unknown sources

• Don’t allow macros in Excel documents downloaded

from the Internet

• Always keep anti-virus software up to date

Lorega LTD

What do they look like?

Lorega LTD

Types of threat: DDOS

• Frequency of distributed denial-of-service

(DDoS) attacks has increased more than 2.5 times over the last 3 years.

• The average size of DDoS attacks is increasing

steadily and approaching 1 Gbps, enough to take most organizations completely offline.

• Globally the number of DDoS attacks grew 25

percent in 2015 and will increase 2.6-fold to 17 million by 2020. Avoid the threat

• Server scripts can alert you if a DDoS attack is

suspected

• Overprovision site bandwidth to

accommodate more traffic

• Have a plan to communicate with customers

Lorega LTD

An introduction to Cyber Recovery Insurance

What can be done?

Lorega LTD

• Incidence of cyber attacks is rising
• Any loss of personal information can be complex and time-consuming to deal with
• Trading impact of loss of confidence in the business and brand
• New EU regulations could mean heavy fines for your customers - businesses are currently

exposed to fines up to £500K, but this could go up to $20m or 4% of annual turnover

• Cost of restoring IT systems
• Risk of third party claims
• Threat of business failure

Impact of a data breach on small businesses

Lorega LTD

• Businesses have a responsibility to ensure appropriate and proportionate

security of personal data held

• Sensitive personal data is of particular concern
• Data subjects must give consent for their data to be held
• Businesses must report to the ICO within 72 hours of becoming aware of the

data breach

• New legislation comes into play on 25th May 2018 – businesses need to be ready now

GDPR

Lorega LTD

• Cyber Recovery is an insurance policy which provides and pays for the

cost of a Cyber Emergency Response Team (CERT) to deal with the crisis when a system has been breached

• Administered by Lorega, who have many years of experience helping

customers when they need it most

• Payment of certain fines, penalties, awards, damages and the cost of

credit monitoring

• Helps businesses recover from a covered data security breach

Cyber Recovery Insurance

Lorega LTD

• Occurs where ‘Personal information’ is copied, transmitted, viewed or

stolen by anyone unauthorised to do so

• This could include the loss or theft of a laptop, hacking or unauthorised

access to computer systems or data files

• Personal data which identifies an individual - even without a name

associated with it

• Includes exposure to identity theft or aspects of a person’s life

What is a data security breach?

Lorega LTD

Cr Crisis Respon

• nse
• Emergency line

available 24/7, 365 days a year

• Initial incident

notification and full assessment

• Advice on

immediate actions In Inciden ent Managem emen ent

• Advice to ensure

compliance with Data Security Law

• Investigation and IT

advice in respect of third party claims

• Legal and PR advice in

respect of third party claims and protection

• f business reputation

In Inves estigation & Res estoration

• Investigation and IT

advice in respect of Regulatory Investigation

• Legal advice in respect
• f Regulatory

Investigation

• Assisting with the

restoration of emails,

• nline and other

software systems Aw Awards, s, fines s & & monitoring

• In the event of a

Regulatory investigation:

• Payment of Regulatory

costs and damages

• Payment of Regulatory

fines and penalties

• Payment of credit

monitoring costs

Li Limit £300 Li Limit £5000 Li Limit £25000 Li Limit £100,000

Lorega LTD

• Underwritten by Hiscox
• 24/7, 365 days a year claims helpline, with nationwide response
• Provides cover for first covered data breach
• Breaches must be notified within 12 hours of discovery within the period
• f insurance

Policy details

Lorega LTD

• Excludes certain sectors – local and central government and

government agencies, health service and housing associations

• Any subsequent data breach, a data breach discovered outside period
• f insurance, or occurring outside of UK
• Other exclusions, set out in Section 5 of the policy schedule, apply

Exclusions

Lorega LTD

• Cover starts from £50 net, with banded rates based on turnover up to

£5m

• Broker commission rates up to 30%
• Simple quote process via Lorega Online, our online quote and buy

system

• Reporting of claims – within 12 hours of discovery

Selling Cyber Recovery

Lorega LTD

• UK law places responsibility on businesses for the security of the data

they hold

• Incidence of cyber attack is rising, with significant impact on SMEs, their

brand, and possible heavy fines

• Cyber Recovery is designed to help SMEs manage the risk and cost of a

data security breach

Summary

Lorega LTD

• A cyber consultancy service, to help SMEs survive a loss of personal

information following a cyber attack, or to help them to test and prepare their systems to prevent a data breach.

• Support and assistance for other cyber policies
• IT and cyber security risk assessments
• Plan of attack to provide insights into internal networks
• Creation of information security policies and procedures
• Virtual security officers
• Vulnerability and pen testing

After the event

THANK YOU

www.lorega.com/cyberrecovery Twitter.com/loregaltd ajackson@lorega.com

Lorega LTD