Hiscox’s Jeremy D’hondt offers sound advice to fight off hacking and cyber attacks.
Every company will suffer a cyber attack sooner or later. Being prepared is everything. Approximately half of all Belgian companies (49%) fell victim to a cyber attack in the past year. This is what came out of the new Cyber Readiness Report from specialist insurer Hiscox. In addition, just over one in ten companies that were attacked (12%), were what are referred to as ‘super targets’. That means that they were attacked more than 500 times last year.
Moreover, in the context of the Corona crisis, more and more people are working from home, which creates a much easier climate for hackers. D’hondt, Sales & Development Underwriter Professional Indemnity & Cyber, says: “Companies that are insured with us can always get in touch with us in the case of a cyber attack, through our hotline. That is certainly not an unnecessary luxury. When a company that has been hacked calls us, you want to be able to respond as quickly as possible”. However, he sees his primary task as helping companies prevent a cyber attack.
“Given that the majority of hacks occur through human error, we teach our professional clients how they can detect a cyber attack and how to correctly respond thereto, for example through our CyberClear Academy.”
Ransomware and phishing
According to D’hondt, the main forms of cyber attacks in Belgium are ransomware and Business Email Compromise (BEC) attacks. These types of attacks are very varied, but both can cause serious damage. In a ransomware attack, hackers try to crash a company’s computer systems or hold company data hostage, as a result of which the company can often operate only partly, or not at all. “We see this in SMEs as well as major multinationals,” says D’hondt. They threaten to only release the systems again if the company pays a ransom. A BEC attack works differently. In that case, they break into a company’s email systems using employees’ login details. Many email addresses and passwords are, in fact, all over the internet. Then they can act as someone from inside the company.
“For example, they send through payment requests that look real but with different bank details. These are usually realistic amounts, so they don’t look suspicious. Once this payment is made, you mostly never see that money again,” says D’hondt. Legal and communication assistance “As an insurer, we have to react differently to BEC or ransomware attacks,” says D’hondt. In both cases, a company suffers financial damage that absolutely must be covered by us.
But it doesn’t stop there. According to Hiscox experts, a company can experience other kinds of damage through hacking. The insurer, for example, covers the costs of IT experts to restore the system. In ransomware attacks, often confidential, personal data of clients and/or suppliers are compromised. “The defence costs ensuing from this are also covered,” he says.
Hiscox also helps the company mitigate reputational damage by bringing in a PR agency to guide the crisis communication regarding the hacking, both to the media and to suppliers and clients. To finish off, D’hondt also gives some important tips to companies. “Be prepared, because the chance you will experience hacking is much greater than, for example, a fire. I always advise companies to check all new account numbers with the supplier and also to use multi-factor authentication for webmail accounts or for logging in remotely. You should always check identities twice when a log-in occurs from a new device. Finally: regularly back up your computer systems in a separate place. You can avoid a lot of issues just by doing this.” www.hiscox.be