Blog

Cyber attacks in a cyber world!

03/07/2018 | Kelly Zebrowski

In a world that is moving so fast sometimes we don’t see the obvious and cyber thieves know it.  Don’t succumb to their trickery and become a statistic.

  • The cost of cybercrime will reach $2 trillion by 2019 and businesses have incurred over $5 billion in financial losses between 2013 and 2016 related to social engineering scams according to an analysis by the FBI.
  • All businesses can be impacted by cyber losses.   A report by Keeper Security titled “The State of SMB Cybersecurity” stated that 50 percent of small and midsized businesses (SMB) reported suffering at least one cyber attack in the last 12 months.  Their definition of small and midsized businesses is a company with 100 to 1,000 employees.
  • The same report states that 60 percent of employees use the exact same password for everything with 63 percent of employees using a weak, default, or stolen password.
  •  Verizon stated in their 2016 Data Breach Investigations report that 30 percent of phishing emails are opened.
  • A study by Dr. Zinaida Benenson at the Friedrich-Alexander University identified 78 percent of participants stated they were aware of risks of unknown links but yet 45% of the respondents actually clicked on an known link in a test group setting.
  • re are approximately 1.5 million cybercrime victims per day.
  • A University of Maryland study found that hackers are attacking computers and networks at a “near-constant rate”, with an average of one attack every 39 seconds.

Cybercrime comes in many sizes and shapes as shown in the statistics and impact every business.  Examples include ransomware, phishing, and theft of personal private information.  However, as tax filing nears you or somebody within your organization will be subject to a social engineering scheme.  You may have already seen firsthand an example of an attack.  This is where an urgent email is sent to the Human Resource or Accounting Department requesting W-2s or a payment from someone purporting to be the CEO or owner. 

Typically, these types of emails are urgent in nature, require immediate action, and occur late on a Friday afternoon in hopes that the recipient will respond quickly without thinking too much about what is being requested.  According to Symantec’s 2017 Internet Security Threat Report, these types of emails have common threads that help decipher a potential issue.

Top Email subject lines according to Symantec:

Subject Percent of social engineering emails
Payment 18.9
Urgent 10.3
Request 8.6
Attention  7.3
Transfer  2.4
W2 1.4

These cyber fraudsters get into your systems or websites and find enough information about the CEO or owner to make the email request look real.  These criminals want W-2s to obtain your employees’ personal information to fraudulently file a tax return.

Should you experience a breach or release of W-2’s, you will need to comply with each state law.  The laws vary but commonly you have a responsibility to notify any person whose information was potentially breached along with offering some form of credit monitoring for a specified amount of time.

Don’t become a statistic and let this happen to you or your employees!  Make sure your employees are aware of these schemes and have proper procedures in place to avoid them from occurring.  Also, consider procuring cyber insurance as a precautionary measure as property and crime policies typically do not cover these types of exposures.  Coverage can be designed to your needs as an add on to your crime policy for the potential loss of money or via a cyber policy for the breech of data.

Contact a member of The Fedeli Group for further information.