Nikki Johnson No Comments

Cyber Risks & Liabilities

By: Dan Reith
Principal Broker
Reith & Associates Insurance and Financial Services Limited

COVID-19’s Impact on Cyber Threat Activity

Cybersecurity crisis emerged as a result of the 2020 global health crisis as cybercriminals posed an increased threat to the safety of individuals and organizations. Experts are seeing an uptick in cyber threat activity as workforces continue to move to the digital landscape.

Increased Individual Attacks

In 2020, cybercriminals capitalized on fear surrounding the pandemic by producing COVID-19-related scams that trick victims into opening malicious links and attachments. Cybercriminals create fake COVID-19-related content, such as local and regional health updates, or knowledge of cures and treatments. The pandemic has created an opportunity for cybercriminals to exploit human curiosity and concern, which has led to an increase in cyberattack victims.

There’s also been an increase in phishing scam campaigns where cyber threat actors craft convincing copies of government websites and official correspondence. These attacks prey upon populations who are anxious and less likely to be skeptical of emails and other links regarding COVID-19.

Increased Organizational Attacks

As cybercriminals continue to exploit human vulnerability and individual fears surrounding COVID-19, the sudden increase in organizations with employees working from home has allowed cybercriminals to capitalize on cloud-based technologies that didn’t exist before. Research has found that companies became less secure in 2020 due to hastily deployed remote work solutions.

The Canadian Centre for Cyber Security predicts that ransomware will continue to target health care and medical research facilities as the global health sector continues to mitigate the COVID-19 pandemic. Cybercriminals taking advantage of the health crisis have the ability to jeopardize patient outcomes and public health efforts.

Another ransomware trend that emerged in 2020 is known as “double extortion,” where cybercriminals maximize their chance of a profit by threatening additional abuse of the compromised data, including auctioning or selling it.

It’s more important than ever that organizations take a proactive approach to their cybersecurity measures as well as educate employees on the risks of cyber threat activity.

Human Error as a Cybersecurity Threat

The IBM Cyber Security Intelligence Index Report found that human error is a major contributing cause in 95 per cent of cybersecurity breaches. Human errors are unintentional actions or a lack of actions by employees and users that cause or allow a security breach to happen.

Human error can typically be separated into two categories:

  1. Skill-based errors—These errors occur when a user makes a small mistake when performing familiar tasks and activities. While they know what the end result is supposed to be, they make an error due to memory lapse, mistake or negligence.
  2. Decision-based errors—This type of error occurs when a user makes a faulty decision as a result of not having the necessary level of knowledge, not having enough information about the specific circumstance or not realizing inaction is a type of decision.

These mistakes and lapses in judgment can lead to cybersecurity attacks that put organizations in jeopardy. Cybercriminals know that technical security measures are only effective when humans properly utilize them.

The following are examples of how human error can be exploited:

  • Misdelivery—Misdelivery is a common threat to corporate data security and happens when a user sends something to the wrong recipient. Employees should take care to double-check all fields of information before hitting send.
  • Password issues—According to the National Centre for Cyber Security, 123456 is the most popular password in the world, and 45 per cent of people have the same password for multiple online services. Strong, unique passwords should be encouraged among employees.
  • Patching—Software developers are constantly working to detect exploits in programs and send software updates when one is discovered. Users and employees should immediately implement the update to remain protected against threats.

Addressing human error is key to reducing an organization’s chance of being successfully targeted. Educating workforces on mitigating cybersecurity threats can empower them to actively look out for and report new threats they may encounter.

What Is a Deepfake and What Is at Risk?

A deepfake refers to a doctored video or audio recording that looks and sounds like the real thing. While manipulating video is nothing new, deepfake technology could give anyone the ability to distribute misleading and false information.

As technology advances, it’s becoming harder to discern what is real or fake on the internet, and machine learning models are beginning to have trouble detecting the forgery. While there are certain signs that make it easy for the naked eye to spot a deepfake, including a lack of eye blinking or shadows that look wrong, experts predict that deepfakes will continue to advance in sophistication. Soon, the utilization of digital forensics will be the only possibility for detection.

If deepfakes become unidentifiable, it could lead to inherent mistrust and jeopardize faith in a shared, objective reality. In addition, there is the threat of those who might seek to weaponize this technology for political or malicious purposes.

Nikki Johnson No Comments

Cyber Risks & Liabilities in 2021

By: Dan Reith BA(Hons) CAIB
Principal Broker
Reith & Associates Insurance and Financial Services Limited

Technology was forced to rapidly advance in 2020 due to the global health crisis, which found organizations scrambling to adapt to remote working. HR technology was no exception. With the implementation of virtual onboarding processes, the creation of fully-automated payroll systems and more, HR technology adjusted to the needs of organizations in 2020.

HR technology will continue to be vital for the advancement of companies in 2021 in the four areas mentioned below.

Digital Solutions for Remote Work

As organizations continue to navigate the virtual landscape, digital solutions are essential. Keeping an eye on productivity while still fostering collaboration is possible by managing workflows and streamlining processes. Integrating platforms that offer niche solutions for digital collaboration is key moving forward. Document sharing, online chats and video conferencing can help with keeping projects on track.

Software-as-a-Service and Cloud-based HR

Organizations with cloud-based systems already in place were able to seamlessly transition from the office to working from home. For those relying on outdated technology, the shift was a bit harder. In 2021, HR should include cloud-based and software-as-a-service (SaaS) solutions to stay on top of the evolving digital landscape. These solutions allow for comprehensive employee management online, including talent acquisition, virtual onboarding, performance management and payroll.

AI-powered Talent Management

Sage People found that 56 percent of organizations plan to adopt artificial intelligence (AI) into their recruitment process in the next 12 months, compared to just 24 percent who utilized the capability in 2020. AI-powered talent management can include resume assessments and candidate ranking. AI can also schedule and conduct video-based interviews that can predict how well a candidate will fit the role.

Digital Learning

Job seekers are prioritizing educational opportunities as they search for their next career move. Employers should attract talent by implementing online education platforms as an indication of investment in their employees’ careers. Digital learning solutions are overtaking classroom-based learning, and this trend will only continue into 2021.

What Is Internet of Behaviours and How Will It Be Prevalent Going Forward?

Internet of Behaviours (IoB) is the leveraging of data to influence behaviour. Organizations utilize available data to predict and influence human behaviour. Gartner predicts that by 2023, 40 percent of the global population will be tracked digitally in order to influence behaviour.

However, IoB is already here and prevalent in many areas of daily life, including:

  • Facial recognition
  • Location tracking
  • Big data

And while IoB offers several benefits (e.g., convenience of having synced digital devices), the collection of this behaviour-focused data leaves sensitive data at risk for cyberattacks. Property access codes, delivery routes, bank access codes and more are susceptible to cybercriminals.

Businesses should be vigilant and proactive in their cybersecurity efforts to ensure that data is secure and protected. Consider introducing cybersecurity training and awareness programs in your organization in order to stay ahead of cybercriminals.

TOP CYBER THREATS FOR 2021

As the world continues to rely more and more on technology, the need to address threats to cybersecurity becomes increasingly important. With 64 percent of organizations already having experienced web-based attacks, here are seven cybersecurity threats to be aware of in 2021:

  1. Phishing — Phishing occurs when a hacker tricks someone into providing sensitive information or accessing malware by using a false identity. This can happen through email, social media accounts and more.
  2. SMS-based phishing — This form of phishing, sometimes referred to as “smishing,” occurs through SMS text messages. The attack only happens after the link within the text message is opened. While emails are typically able to identify a phishing scam and filter it out, text messages with bad links can still come through.
  3. PDF scams — These scams occur when a PDF attachment in an email or messaging platform contains a link to malware or ransomware. Scammers know people are more likely to open a PDF attachment than a website link, especially if it’s been labelled as a statement balance or press release.
  4. Malware and ransomware — Malware and ransomware can lead to hijacked software, frozen systems, and lost and stolen data. Businesses often keep data on servers that are connected to the internet, and all it takes is one crack in a company’s cybersecurity for hackers to attack and access that data.
  5. Database exposure — Customer contact information, financial records and identity records are all susceptible to hacking and theft when servers aren’t properly protected.
  6. Credential stuffing — Credential stuffing aims to gain private access through the utilization of stolen login credentials. The most common occurrence of credential stuffing happens when the same login information is used for multiple websites and accounts.
  7. Accidental sharing — Accidents happen. But when accidents contain confidential and sensitive information, company cybersecurity can be at risk. This type of threat is usually the result of human error rather than a hacker or malware issue.

Experts predict that, by 2023, cybercriminals will be stealing nearly 33 billion records per year. Learn more about protecting your organization against these cybersecurity threats by contacting Reith & Associates Insurance and Financial Services Limited today.