I’ll Get You My Pretty...and All Your Data too!
and more people working remotely, there was an influx of opportunities for hackers to seek out and uncover vulnerabilities within organization’s remote systems and connections.
By Lynn Bren, AIC SCLA, SDPAA Deputy Director
Lynn’s sitting at her desk and receives an email from the Prince of Norway, he simply wants to send her a legitimate share of her inheritance, approximately $300,000. WOW! She didn’t even know that she was related to the Norwegian Royalty… and certainly didn’t recall anyone recently passing away, but hey…who is she to pass up an inheritance? All she has to do is click the link in the email to fill out all the appropriate paperwork. She clicks the link, the screen goes red with instructions to input payment information to unlock the system.
Lynn’s in charge of all accounts receivable and update information. She receives an email from Bren Contracting indicating that they are making sure that all of their clients have their current banking information. Checking their vendor records, Lynn notes that this information is different than what they currently have. Rather than immediately updating this information, she calls her contact at Bren Contracting to confirm that they have in fact updated their banking information. When she calls, she is told that no such request was made by Bren Contracting.
Last summer I did an article with some of the basics about Cyber Liability. The title of the article was it’s not if, it’s when. While this article gave some basic information, which I will provide some of here shortly, the article came at a time when the Cyber Liability carriers were still seeing relatively low claims volumes, and were requiring very little information to secure coverage. With the pandemic, 16
Unfortunately, if you search in your favorite search engine “cyber-attacks” your screen will be quickly filled with various attacks made by hackers across the world. One of the largest in terms of volumes of entities breached, was the Microsoft Vulnerability Breach. This breach affected over 10,000 entities across the United States and over 30,000 more entities across the globe. Computer Weekly posted an article in December 2020 discussing the top 10 Cybercrimes of last year. . As noted in the article, the top three and seven of the top ten crimes are ransomware related. (Scroxton) The hackers are clearly not just interested in your data, but they want you to pay to get it back.
In response to the significant increase in Cyber Crime, carriers around the world are having to evaluate the exposure and are now requiring significantly more information in order to determine IF they are going to provide coverage, and what will be paid for the same. The SDPAA is dedicated to creating the most up to date information and training options for our Members. We continuously work with various vendors to provide access to educational resources and tools which will help our Members not only qualify for Cyber Liability coverage in the future, but to be better equipped to avoid or respond to attacks. SDPAA Members will be receiving a survey within the upcoming weeks which will be utilized to not only collect data to determine what resources and tools that our Members need, but also to provide information to our Cyber carriers to ensure that the best coverages can still be offered to our Members.
The best way to avoid a Cyber Breach is to ensure that you understand what it is, what tools are available to protect your organization and then apply that knowledge and those tools to your not only work, but everyday life. Cyber liability is liability arising from a data breach in which some personal information is exposed or stolen by someone who has gained access to the electronic network. If your network is breached, you may have liability to notify someone whose data has been stolen, to offer credit monitoring, to pay costs to defend claims made by state regulators, to pay fines and penalties associated with a breach and to pay losses associated with identity theft. The liability cost of a breach, as reported in 2016, was $221 per compromised record. SOUTH DAKOTA MUNICIPALITIES
