The real world of

Cyber Crime

Did you miss our real world stunt?
Watch what happened when we staged a real life hack.
Watch the video
How well do you know
Cyber crime?
You’re more susceptible to cyber crime than you think. In fact, your business is 9 times more likely to be a victim of cyber crime than burglary***.

Being aware of the latest threats in cyber-crime, and knowing how to prevent these threats and deal with them when they arise, can help you stay one step ahead.

Test your knowledge now.
Situation 1
Anna receives a notification from what appears to be her business email provider, alerting her that her most recent subscription payment has failed. She’s asked to update her payment details, to avoid losing her subscription.
What should she do next?
Situation 2
Issouf receives an email containing confirmation of some recent credit card purchases he made online. He is being requested to open an attachment to confirm these purchases were made by him.
What should he do next?
The cyber threat to
Your Business

Ransomware

The files of a small business become encrypted and a ransom demand from a hacker arrives.

Data Breach

A staff member leaves their work laptop on a train and it contains personal data.

Phishing

An employee of a firm makes a bank transfer of £25,000 to fraudsters after falling victim to a phishing email supposedly from a senior manager.

Interruption

An employee misconfigures a computer software update over a weekend, leaving critical systems unavailable.

Any one of these incidents could happen to your business. In 2018, 45% of small businesses experienced a cyber event, with £10,000 being the annual average cost to UK businesses*. 2017 also found that 67% of Hiscox cyber claims were caused by employee error, negligence or social engineering**.
Real Life Cyber
Crime Stories

Phishing

One email cost us nearly quarter of a million pounds

Email “phishing” scams are hardly new, but they remain surprisingly effective as one financial services agency found out recently. The method was simple. Criminals set up a Gmail account that mimicked the real email address of one of the company’s senior managers. They then sent an email from the fraudulent address to an employee, requesting the transfer of £230,000 from the business to an outside bank account.

Fooled by the manner of the email and the address it came from, a wire transfer was issued to the criminals’ bank account, and the money immediately withdrawn. When the agency discovered what had happened, both its bank and the receiving bank tried to recover the cash – but to no avail. The business learned the hard way that employees should be encouraged to question unusual requests from colleagues, and carefully check the validity of the emails they receive. Failing to do so can be extremely expensive.

Denial of service

A worker took revenge – and we paid the price

One of the most effective ways of damaging a company is to stop them from trading. And a way of doing that is by disabling their IT systems with a DDoS – or “Distributed Denial of Service” – attack. This method targets a specific network (as you’d find in any company) and uses a “botnet” to flood it with so much traffic that it’s unable to cope, and shuts down. This technique has been used by countries to attack other states, but smaller businesses are also at risk – sometimes from their own employees.

Recently, a disgruntled worker at a loan firm carried out a DDoS attack on his employer’s IT network, using his inside knowledge to target the system’s weak points. The attack was so effective it brought down the company website, leaving it unable to conduct its business. With the police also involved, it took several days for the company to get up and running again.

Ransomware

The ransom demand came in, we had no idea what to do

Like other areas of criminality, ransoming has changed drastically with the arrival of the internet. In the past, these crimes used to involve criminals demanding money in return for the safe return of a hostage or incriminating items. Today, things are even more sinister – and a lot more expensive. One Hiscox client was targeted by hackers who accessed, then encrypted, its most sensitive files.

A ransom demand was then made. The hackers had generated thousands of passwords until they’d discovered the details of the company’s network administrator and gained access, not just to confidential information like contracts, but to the company’s bank accounts. This “brute force” attack was damaging in two ways. Firstly, because of the immediate financial cost, and secondly, because the data breach had the potential to break the trust between the company and its clients.

FIND OUT WHY SMALL BUSINESSES CHOOSE
Hiscox Cyberclear
If the worst should happen, Hiscox CyberClear will help to protect your business from the financial and reputational costs of a cyber incident.
1
EXPERTS
Instant access to a network of expertise from IT forensics, to privacy lawyers and reputational experts.
2
ONE STEP AHEAD
As well as today’s risks, you’re protected from emerging risks, threats and digital attacks.
3
EXTENSIVE
As well as covering the costs and business impacts of an incident, we offer a range of additional features.
4
PLAIN ENGLISH
Hiscox CyberClear is just that...clear. Know what you’re buying and what you’re covered for.
5
PROVEN TRACK RECORD
We’ve been providing cyber insurance since 1999. We know the risks to your business and how best to manage and mitigate them.
6
AND MORE
Access to our online suite of cyber security training modules through the Cyber Hiscox CyberClear Academy and calculate your risk exposure with our calculator in partnership with Deloitte.
* 2018 Hiscox Cyber Claims Report    |     ** 2019 Hiscox Cyber Readiness Report    |     *** YouGov Survey, April, 2019
'The average cost of a cyber incident to a small business is £10k per year.' Source of this statistic is based on UK data from the Hiscox Cyber Readiness Report 2018. https://www.hiscox.co.uk/cyberreadiness
Lexicon
Ransomware

Ransomware is malicious software which locks your screen or encrypts—or scrambles—a user’s computer and/or files. It’s often delivered via harmful email attachments, outdated browser plug-ins, websites, text messages, and more.

Unlike most viruses that work to corrupt your files or system, ransomware essentially kidnaps your files for an anonymous ransom payment. If there is a flaw in the ransomware code, your data may be permanently unrecoverable, even if you have the decryption key. The files may also not work the way they should after decryption.

What’s worse: You also could be targeted again in the future.


Protect yourself against Ransomware
  • Stay vigilant when opening email. This includes verifying sender authenticity and double-checking email content such as attachments and URLs.
  • Keep all software, including your antivirus software, up to date.
  • Regularly backup files stored on your computer, tablet, and smartphone.
  • Disable pop-up windows in your Web browser.
  • Disable browser plug-ins or set your browser to prompt you to run the plug-in.
  • With Hiscox CyberClear we’ll provide specialists to handle ransom negotiations should cyber crime hit.
Phishing

Phishing scams are usually emails that appear to be from legitimate companies or trustworthy individuals. They can also be in the form of text messages or even phone calls. They trick users into providing sensitive information. Phishing emails often look very realistic, so they are tough to identify. The primary goal is to obtain credentials, financial information or other sensitive data.

Scammers who send phishing emails can use your computer to attack your organisation. A successful phishing attack can lead to virus infections, ransomware, identity theft, data theft and more.


Protect yourself against Phishing
  • If an email looks suspicious, but comes from a source you would typically trust, don’t be afraid to investigate.
  • Call or send a new message to the person who you think sent the email. Never reply directly to the email.
  • Report suspicious emails you receive at work to your Information Security group, Help Desk, or designated abuse email address.
  • Deleting an email can rid the threat from your inbox, but you could also miss reporting a widespread phishing attack on your organization.
  • Legitimate companies and organizations will not use public email addresses (Google, Yahoo, QQ, Zoho, eclipso, etc.) for official business.
  • A legitimate company with whom you’ve worked with before is going to send email only to you. Be suspicious of unexpected emails sent to groups.