Attention March 13th, 2024 Webinar Attendees, please click here to complete our Survey or Attendance Verification and Credit Request Form. (required for CLE credit)

Cyber Disaster Takes 16 Minutes or Less

Last update

at

by:

by:

Share

Print Friendly, PDF & Email
It takes only seconds - and a single click - to become phish bait.

Here’s a pop quiz: if you click on a phishing email, how long does it take the average hacker to invade your system and begin wreaking havoc?

An hour? Half a day? A week?

Try 16 minutes. And here’s the scary part: in most cases, even the savviest user isn’t aware they’ve taken the bait until 28 minutes after the click. By then, of course, it’s too late.

Even scarier: four percent of people will open any email, even ones that are blatantly suspicious. And once a person has fallen for a phishing scam, they are three times more likely to fall for another one.

Those are some of the findings from the Verizon 2018 Data Breach Investigations Report.

Protect your practice by attending our free CLE webinar on August 14 on “Top 10 Things To Prevent a Data Breach?” It’s just one benefit of membership in Alta Pro Lawyers RPG. Learn how to join here.

90 Percent of Cyber Attacks Happen Through Email
Phishing email scams account for nine out of 10 cyber attacks, according to the report.

And that although most people – 78 percent, in fact – know better than to click on a suspicious email, 22 percent are at risk of clicking, and four percent will definitely take the bait.

Consider this horror story from a bank in Virginia that was hit by not one but two phishing attacks in less than a year. It started when an employee opened a toxic email. Within minutes, the company’s computers were infected with malware. The criminals were able to access STAR debit card accounts and steal $569,000 before the threat was discovered.

But the nightmare wasn’t over. Eight months later, the hackers again broke into the STAR network, this time through the bank’s Navigator portal, according to Krebs on Security. Cash was stolen from hundreds of different ATMs to the tune of nearly $2 million.

And incredibly, this happened after the bank hired a cybersecurity forensics firm to come in and beef up its defenses.

The moral of the story: disaster is only one careless click away.

Cyber Criminals Stick to What Works
The Data Breach Investigations Report analyzed more than 53,000 cyber incidents worldwide, including 2,216 confirmed data breaches.

“This year we saw yet again that cybercriminals are still finding success with the same tried and tested techniques,” according to the report. “And their victims are still making the same mistakes.”

Many of those mistakes were avoidable. Almost one in five breaches (17 percent) resulted from human error. Employees failed to shred confidential information. An email was sent to the wrong person. A web server was misconfigured. Though these actions weren’t intentional, they were still costly.

Cyber Attacks Stem from Greed
“Most cybercriminals are motivated by cold, hard cash,” the report says. “If there’s some way they can make money out of you, they will. That could mean stealing payment card data, personally identifiable information or your intellectual property.”

Here are some other findings:

  • Ransomware is rampant. It’s easy to deploy and effective. “You don’t have to be a master criminal,” according to the report. “Off-the-shelf toolkits allow any amateur to create and deploy ransomware in a matter of minutes. There’s little risk or cost involved and there’s no need to monetize stolen data.”
  • Cybercriminals are thinking big. Increasingly, they bypass single user devices and go after larger targets. They can wreak more havoc and make more money by attacking a file server or database.
  • And they act fast. Eighty-seven percent of breaches took only minutes or less. Only three percent were quickly discovered. Two-thirds weren’t detected for months.
  • The perpetrator are pros. Almost three-quarters (73 percent) of cyberattacks were perpetrated by outsiders. Members of organized criminal groups were behind half of all breaches, with nation-state or state-affiliated actors involved in 12 percent.
  • Education is key. Human resource departments are focusing on educating all employees on cyber risks, especially financial pretexting and phishing. Outside consultants are brought in for specialized training. Cyber safety policies – two-factor authentication, device management, password protection, data security, keeping anti-virus software up to date – are critical.
  • Watch for patterns. Almost all security incidents (94 percent) and confirmed breaches (90 percent) fall into one of several categories: web applications, point of sale, privilege misuse, and lost assets.

Don’t get caught in a phishing expedition. Alta Pro Insurance offers comprehensive cyber-liability insurance protection. Find out more here.

Share

Print Friendly, PDF & Email

Related Posts on Altaprorpg.com!

Alta Pro Logo Icon

About the Editorial Staff

In an age of consolidation where increasingly impersonal transactions have made customer service an oxymoron, we bring together independent agents, insurance companies, and other industry specific service providers to develop and deliver insurance products and risk management solutions that benefit our insurance customers.

June 12, 2024 1:00 pm EST
1.0 Ethics Credit
September 18, 2024 1:00 pm EST
1.0 Regular Credit
December 11, 2024 1:00 pm EST
1.0 Ethics Credit

Join Our Newsletter

Occasional newsletters and CLE invites

Find Us on Social

Upcoming CLE Webinar: Cybersecurity Ethics : Start with the Basics

June 12, 2024 1:00 pm EST
CLE Credit: 1.0 Ethics

David G. Ries

Clark Hill

Archives

Need Help?

Visit our Frequently Asked Questions page. 

Or email us directly at info@altaprorpg.com

Or submit your issue in the comment form below and we will respond as soon as possible.