The backgrounds and initiators of cyber attacks can vary considerably. From bored computer freaks to white-collar criminals, malware is distributed and targeted attacks prepared. Phishing mails are one popular method. These mails include an attachment or a link with the aim of getting its recipient to download malware that can, for example, spy on your network, steal data, or encrypt your data and then demand a ransom. Using insider information, fake invoices containing a manipulated account number are sometimes sent to clients, who then transfer payment to the wrong recipient.
In an era when traditional information technology and operational technology are merging into one, an attacker could even interrupt production cycles in a bribery attempt with a demand for ransom money.
The danger of becoming victim of a cyber attack increases with each additional device (smartphone, tablet, etc.) and each business partner who accesses your information technology systems (e.g. electronic ordering process). In an international environment, internet-based cooperation is vital. Hence, extra care must be taken. Here too, it is the weakest link in the chain (e.g. a branch in a third-world country) that can become the victim of a cyber attack which leads in turn to contamination of the centralized IT systems.
Another popular scam is so-called CEO fraud. Here, for example, a falsified email or text message in the name of the CEO is sent to the accountant with the request that a secret transaction be executed for a bogus company takeover.
So how can we protect ourselves against cyber attacks and keep the negative consequences to a minimum?
- You will of course have information technology staff (internal or external) who take care of your IT security on a professional basis. It's good to have a contingency plan defining the measures to be taken following an attack (forensics, whether to continue running your IT systems or halt them, nomination of decision-makers who react in crisis situations).
- Confidential data should also be encrypted.
- Backups are a major topic. Is the backup carried out continuously or periodically? The danger of continuous backups is that a data encryption attack will also result in encryption of the backup.
- Have employees been trained to examine emails critically for their authenticity? Employee awareness can be raised with the help of affordable self-educational offerings that equip them to recognize potentially risky data carriers, content and emails and not download a Trojan by mistake or open the floodgates to malware by clicking on a link. Prevention also includes not leaving USB sticks labeled “salary list” lying around for someone to push into the computer. Guidelines on navigating social media are also helpful. This helps prevent company information from entering the public domain (e.g. employee photos in the production hall with a secret prototype in the background).
Suitable measures can help you be prepared for the risks of the cyber age. However, 100% security is a myth. With a corresponding insurance solution, the financial consequences of a cyber attack can be reduced. Such insurance solutions cover, for example, the costs of restoring the operating systems, data and programs, the costs of the operational interruption during system outage (incl. extra costs), as well as any liability claims if, say, data is stolen.