Only the big guys need Cyber Insurance, right?
Hi All,
If we consider how much data and information flow exists day to day on a global scale, it would be all too easy to adopt the herd mentality. Safety in numbers is a common, but poor, approach to Cyber security. In insurance terms this is known as the “It won’t happen to me” risk management manual i.e. clients who are more than willing to take on chance, head-on, not considering what would happen if chance won.
I’m going to start by throwing some facts at you:
- Hackers/scammers/hactivists, by and large, don’t care about who you are or what you do, they only care that you are willing to allow them access i.e. allow vulnerabilities to exist
- There will always be someone in your team, organisation, employ that will click a link
- Weak password and ID set-ups continue to rank as the highest reasons for system access
- Regulatory/operational compliance e.g. PCI-DSS, continue to return ‘fail’ in compliance audits
- Effective Board and IT collaboration will improve a company’s resilience score
That’s great Chris but what does this mean for a café, shoe shop, accountant, smash repairer etc etc?
Just looking at the Australian occupation codes (government and insurer) we see that there are thousands of business types. Indeed, 90%+ of these are SME style businesses. I would find it very difficult to not find a Cyber exposure in the vast majority of these. Today, I will talk about just one, the humble Point of Sale (PoS) terminal.
"regardless of whether you’re the CSO, CISO, CEO, CMO, CIO, or CFO, payment security should matter to you" - Verizon 2015 PCI Compliance report
We all happily hand over our debit and credit cards to business owners and their employees. We enjoy that first sip of morning coffee as the barista cheerfully runs your magnetic strip through the machine. So where’s the concern? There are millions of these terminals, aren’t they secure?
Simply put, PoS terminals are systems that capture and send credit card information. They utilise internet connections and given they operate under a program, they are essentially a computer. There are Malware programs out there that exploit the PoS terminal RAM. This “RAM Scraping" Malware exploits the millisecond that usually encrypted information is used by the terminals RAM. Bottom line is, some bad software can capture a credit card number, CVV and expiry date and then this can be retrieved by or sent to the bad guys.
So you have clients without Cyber exposure? If they have a PoS terminal, I’d suggest we revisit the conversation.
Cheers,
Chris
Director - Mills Insurance Solutions
8yExcellent article and I just had to rebuild a PC for a friend who got hit by one of the Crypto Locker emails. It was only a personal PC, but it shows just how easy it is for anybody to click on something in an email and cause a massive problem for an organisation.
Sr Client Support Specialist - Multimedia Solutions at Nasdaq
8yNice write up Chris Stallard cyRM !
Marketing Leader | Combining Marketing Science with Creativity and innovation to drive exceptional business results.
8yGood start ... would love to read more. Securing the perimeter is critical to strengthening your cybersecurity posture. As we head into the era of the Internet of Things (IoT) this will become even more critical.
Senior Account Executive (Retired)
8yGreat article Chris - I will use this information when discussing Cyber risks with my clients