Cybercrime is an umbrella term for any criminal activity that uses or targets a computer. The threat of cybercrime can take many forms—from hijacking sensitive robotics to holding consumer data at ransom—and the impact to your operation (and reputation) can be crippling.
If cybercrime were a nation state, it’s predicted that it will be the world’s third largest in 2021 by GDP, just after the US and China.
To better understand how big the threat of cybercrime is becoming, consider these statistics:
And with remote work becoming more normalized, there are additional cybersecurity threats to small businesses. Alissa Abdullah, the former deputy CIO under the Obama administration, tells MIT’s Sloan School of Management: “Hackers have also started attacking collaboration platforms—a data breach affected more than 500,000 Zoom users in April [of 2020]. The pandemic and shifting to remote work ‘has changed the adversary’s opportunities, and shifted their focus on some of the other tools that we’re using.’”
You’ve probably heard of or seen the obvious emails asking for highly personal information, often targeting the elderly and vulnerable. You’ve probably also heard of typical identity theft or insurance fraud. But cybercrime against small businesses can be much harder to detect and prevent. What kinds of cybercrime exist?
Here are a few examples.
As technology advances, so do forms of cybercrime. Even cryptojacking, where hackers mine cryptocurrency using someone else’s computer, is possible.
While Fortune 500 companies have the resources to stay ahead of cybercrime, small to midsize businesses are often woefully behind in cybersecurity practices, making them easy targets for criminals.
Has your current insurance agent tried to sell you cyber liability insurance (shame on them if they haven’t)? Did you say, “We’re all good. Our IT people have us covered?” While your IT team may be great at what they do, the likelihood they are truly protecting you from the threat of cybercrime is slim.
Think you’re not a target? In the global cybercrime game, the scale of your business is less important than your data (and how easy it is to get it). So, while you may feel off-the-radar given your size, if your data is critical to running your business, you’re already a target.
For example, if your website supports claims that your company is an industry leader, everyone will know you’re killing it, including the hackers. Your website is inadvertently telling hackers you’ve got money that belongs in their pocket.
If you think running cold backups (the best tape protocol), having off-site redundancy, firewalls and anti-virus software makes you impenetrable to cybercrime, then you’re wrong
The hackers just didn’t get anything worth stealing, or your IT guys thwarted the attack.
Let’s talk about ransomware, the most common threat of cybercrime.
Consider this scenario:
Let’s pretend someone in accounting gets an invoice from a customer with a complaint. They click and open the invoice. It’s not even your company’s invoice, so they delete it. No harm, no foul. All is still good.
However, the Trojan Horse is now within city walls. Just as the Greek warriors lay waiting patiently, today’s hackers have similar patience. They wait and watch. They learn your backup systems and protocols and wait some more. Then the blue screen of death scrolls across all your computers with the message, “Pay $XX, XXX in the next 24 hours to get your data back or the price will multiply and continue to do so every 24 hours.”
No problem. Your IT people go to the redundancy, but it’s infected. No need to panic. They go to the tapes. But the tape is infected. So, they go back a few days, but that copy is also infected. The hacker has infected backups for up to three weeks.
Now, you face the dilemma: pay the ransom to restore three weeks of lost data, or cease operations to recreate the weeks worth of lost data. The costs of either option are often debilitating. In many cases, it’s enough to put the company out of business.
Even the greatest NFL defensive lines of all time let some get through. They can’t buy insurance to protect against those scores, but you can. A cyber liability policy can cover:
The good news is, the more you’re doing up front to protect your data and systems from the threat of cybercrime, the less you’ll pay to have this line of defense against the third-largest economy!
©All Rights Reserved. May, 2021. DailyDACTM, LLC d/b/a/ Financial PoiseTM
Gary is a Vice President of Alper Services, an Alera Group company, and the Director of the Alper Global Trade Risk Management Division (AGT). Under his guidance, AGT provides companies the ability to strategically manage their commercial trade risk, both domestic and export, as well as mitigating political risk involving international business investments. Risk Management…