Cyber Threats and the Effects of Insurance vs. other Risk Controls - Research Paper Example

Cyber Threats and the Effects of Insurance vs. other Risk Controls Affiliation) In the current or rather modern business environment, the use of electronic data as well as interaction through the internet is significant. Businesses have to heavily rely on electronic data and even carry out transactions through the internet in order to remain relevant in the competitive corporate world. Though relying on this can bring both growth opportunities and significant efficiencies to the business, this venture can as well come with a range of particular risks or threats that ought to be understood and mitigated. These risks widely known as cyber threats/risks, that is, the specific risks that typically relate to the use of computers, virtual reality and information technology. Accordingly, awareness of cyber risks needs to be increased to bring this newfound interest in insurance products to a new level of concern. The insurance now cover incidents in which sensitive, confidential or protected data has potentially been stolen, tampered with and viewed by an unauthorised individual. Furthermore, these cyber risks also include all computing risks such as hacking, viruses, Trojan horses, malicious codes, spyware and the most recent one “phishing.” These being the most common threats, this paper thus seek to define each component and break down the way each one can adversely affect the financial sheet at the end of the day (Cordesman, 2002). To begin with, hacking is the most widely known cyber threat. Computer hacking can be defined as the act of modifying computer software or hardware to accomplish a mission outside the inventor’s original purpose. Thus, those individuals who take part in computer hacking activities are often known as hackers. Previously considered common among teenagers as well as young adults, many hackers are now mature adult people who venture in this practise with the aim of acquiring money and information illegally. Hackers usually gain unauthorized access to firms’ computer systems and get electronic data for illegal use. Accordingly, the availability of information online on the techniques and tools and even malware makes it possible for even non-technical individuals to take part in malicious activities. Moreover, hackers break into firms’ networks with the intention of revenging or for the thrill in bring a business activity to a standstill. Consequently, they will brag of having the power to make a firm come to its toes. According to the U.S Central Intelligence Agency, many of these hackers do not have the necessary expertise to threaten the U.S networks (Cilluffo, 2001). However, these individuals pose a relatively high threat in business entities, since the activity has become an opportunity to get personal information belonging to customers thus stealing from their credit cards. A good example is the incidence that around September 14, 2013, where Noble and Barnes bookstores found that hackers had been stealing their customer’s credit card information as well as Personal Identification Numbers (PINs) (Cilluffo, 2001). These hackers managed to achieve their goals through using keypads separate from the registers at sixty-three of its bookstores. Hackers can really after the financial sheet of a firm. For instance, economists Peter Leeson and Christopher Coyne in one of their report said that in 2013 alone, hackers managed to cost firms 56 billion dollars. They further gave an example of the Play Station that cost Sony more than 170 million dollars. Another example they gave was of Google, which lost over 500, 000 dollars in hacking in 2006. According to the editorial director of Computer Security Institute, Richard Power, single instances of hacking may often cost as much as 700, 000 dollars to seven million dollars a day for big online businesses. The second cyber threat is computer viruses. From a technical perspective, a computer virus is defined as self-replicating segment of a computer code, which usually resides in mother or host program. A computer functions through the execution of instructions that consists of machine codes. Thus, a virus is a code that has been written by an individual and placed inside the computer. As such, the virus copies itself to other computer programs in order to perform the task that the inventor has written. However, writers who come up with these viruses always have complete control over them. They would first decide what the virus will do which consists of deciding on how it replicate itself and what damage it can cause. Secondly, they creators of these viruses have control over when the viruses would start performing the task they have been assigned. As such, the writer can decide to make the virus perform the task as soon as soon as it created or wait until a certain date or time. Computer viruses have the capability to create both minor and severe destruction. Since the creator decides on which part of the computer to affect, the virus thus can manipulate screen displays, manipulate sounds, damage disks, erase files, change keyboard input, damage programs, reduce memory space, corrupt the computer by slowing procedures or changing the sequence of operations and last but not least give a user access to vital information illegally (Bojanc, 2008). Over the last decade, the business world has suffered huge losses due these computer viruses. Computer viruses have the capability of tapping into systems and gaining access to important data. Consequently, a firm can be lead into losses if important electronic data would reach the hands of unauthorized individuals. A practical example is the virus called ‘I Love You’ that hit the government as well as business entities. This virus erased large amount of data as well performed the following damage; firstly, it managed to make its way to the user’s address book and later sent itself to all the addresses in the address book. Secondly, it also managed to make its way to the software that usually supports chat rooms in order for everyone engaging in the chat room to receive it. Thirdly, it searched for audio with the intention of replacing itself (Bojanc, 2008). Lastly, the virus slotted-in a password-stealing program in the Internet Explorer. Within few hours, the virus had spread across the globe with damage worth fifteen million dollars. The third common threat is the Trojan horses. A Trojan horse is a programme that hides on victims’ computer, monitors their activities and communicates information back to the attacker. A Trojan or Bot monitors people’s web browsing to steal login details. A Trojan is usually given a list of popular banking sites and login all the web traffic to these sites, sending it back to the command and control server. This includes victims’ bank login and transaction details. Additional ‘injects’ can be bought with the Trojan kit that ask extra bank verification question questions or add additional transactions as the victim is banking. Attackers then use the passwords to transfer money out of the company’s bank account. Typically, these transfers are made to a “mule’s” account: someone that they have recruited to receive money. Again, there are services available on underground forums to help recruit mules. The mules then wire money to the attacker in another country. Once a bank detects fraudulent transactions, it will try to block, reverse or claim back the money, but it can often be too late. For instance, in 2005 a Trojan horse called Slammer caused an internet blackout across the U.S, Australia, New Zealand and South Korea. Consequently, traffic increased by twenty five percent thus making a huge damage in the economy of the affected countries. Moreover, airlines had to cancel flights due to network loss thus ceasing their operations (Stoneburner et al, 2002). Fourthly, are the malicious codes, which damage the computer through codes. The code is not easily controlled by use of antivirus applications. It can either activate itself or rather be like a virus, which usually needs a user to perform an action, such as opening an email attachment or clicking on something. For instance in June 2013 Brook bond Systems lost 200, 000 dollars because of a malicious code that entered in their data system. Fifthly, is spyware, a technology that helps in collecting information about an individual or organization without their knowledge or consent. Known as ‘spybot’ at times, the program is put inside a user’s computer to secretly collect information about him/her in order to rely it to advertisers or business competitors. This threat can make a firm to lose a lot of money due to a revelation of its secrets to a competitor in the market. Finally yet importantly on the threats, is the latest threat called ‘phishing.’ This is the use of emails to trick a user into performing an action. For instance, a phishing email might tell a user to click on a link that takes them to fake banking site where they then enter their username and password. The term phishing is derived from fishing; most criminals are ‘fishing’ for victims that they then reel in. How Companies can Control these Threats For firms to control as well as prevent these threats, they should formulate organizational formal cyber risk policies and procedures. Thus, firms should check on their security, that is, if the physical security is perfect. For instance, the firm should watch out of intruder detection technologies and check of the access restrictions. The firms should also have specific controls over the system security for instance, have segregated networks that are isolated from business critical information and data, identity and access management (Siegel et al, 2002). Furthermore, the firm should have updated ant malware tools that protect the firm’s system from malware threats. Additionally, the firms antivirus and anti spyware should be updated more often. Above all a firm should have legal controls where it works closely with legal adviser to ensure that the firm is in line with robust legal protections. More so, in areas concerned with copyrights, patents and secrecy as well as confidentiality clauses in contracts, this includes employment contracts. To avoid running into huge losses in case of a threat, a firm must mitigate its risks to insurance companies. Businesses should take cyber risk insurance covers to help cover for the loss and breach of data. However, insurance policies should be checked, for instance, Property insurance policies, crime insurance policies and liability insurance policies (Lam, 2014).. Accordingly, a hacking loss may affect more than one insurance policy or rather may overlap the coverage. A policyholder may end up facing a number of lawsuits claiming damaging for violation of federal statutes, which govern the handing of customers, investigation by governmental authorities and employee or health information (Siegel et al, 2002). References Bojanc, R., & Jerman-Blažič, B. (2008). An economic modelling approach to information security risk management. International Journal of Information Management, 28(5), 413 422. Cilluffo, F. J., Cardash, S. L., & Ledgerwood, M. M. (2001). Cyber threats and information security: meeting the 21st century challenge. CSIS Press. Cordesman, A. H., & Cordesman, J. G. (2002). Cyber-threats, information warfare, and critical infrastructure protection: defending the US homeland. Greenwood Publishing Group. Lam, J. (2014). Enterprise risk management: from incentives to controls. John Wiley & Sons. Siegel, C. A., Sagalow, T. R., & Serritella, P. (2002). Cyber-risk management: technical and insurance controls for enterprise-level security. Information Systems Security, 11(4), 33 49. Stoneburner, G., Goguen, A., & Feringa, A. (2002). Risk management guide for information technology systems. Nist special publication, 800(30), 800-30. Wallner, J. Cyber Risk Management. Encyclopedia of Quantitative Risk Analysis and Assessment. Read More