Cyber crime - where there’s a will there’s a way
Brokers are generally well versed on the serious threat that cyber risks pose to businesses but are often unsure of how to detail and clarify these threats in a way that encourages a definitive purchase of a policy.
Clearly, brokers’ conversations with clients need to go beyond simply explaining the scope of cover; they need to create a legitimate need for it in the client’s mind. This need must be compelling enough to convince even a cash strapped business to spend its money on insurance policies.
Although there have been many high quality cyber presentations to the South African insurance industry, at times they have failed to provide clear and simple advice on how to actually sell these highly technical policies that cover the incredibly cunning techniques that hackers use to get important information out of internet users.
Hacking techniques
The online community, known as OWASP (the Open Web Application Security Project) listed the top 10 hacking techniques on their website. Surprisingly, an unvalidated redirected attack, as powerful as it is, appears right at the very bottom of the list.
This hack attack works as follows: When a user logs onto the Internet to access a service (such as online banking), they are presented with a screen which asks for a username and password. After successfully entering these details the “next page” loads and the respective online transactions can be undertaken.
An unvalidated redirect attack intercepts the process after the logon details have been entered and instead of taking the user to the “next page” it opens up on the hacker’s web site. This might not sound serious, until it becomes clear what happens next: the hacker presents an exact replica of the previous logon page the user just left – except it indicates that there was an error and the wrong username and password was entered.
Not realising what has happened, the user re-enters all the same details but this time into the hacker’s web site. Having literally handed over these password-protected details to the hacker they return the user to the bank’s “next page” none the wiser.
From this it should be clear that no matter how well guarded a password is and no matter how complex it may be, it is of no use if hackers can so simply gather this information without the victim of the crime even realising they have handed it over. To make matters worse, the vast majority of people reuse their passwords, which means that hackers can use that password to access multiple applications.
This kind of breach clearly indicates just how critical commercial and cyber insurance is. In an age where online crime is perpetrated with such ease and frequency the only safeguard is insurance and this is the message that brokers need to pass on to their clients.
Upgrade to commercial crime
A traditional fidelity guarantee policy covers theft perpetrated against the insured by its staff.
Whilst that cover is important, it is becoming increasingly important to widen the cover to include theft by cyber criminals. Most commercial crime policies also cover the insured’s loss as a result of cyber theft.
Money through extortion
An alternative to breaking into an insured’s account and stealing their money is to simply force them to hand that money over through extortion.
In this instance, hackers run malicious software on the insured’s network which encrypts the insured’s data. This makes it unusable without a password, which the hacker only reveals in exchange for a sizeable payment.
The Internet has made everyone equally accessible and money is money – and equally appealing regardless of the source. Where there is a will, there is a way is a saying which in the world of cyber-crime translates to “where there’s money, there’s a way.”
