November

Agriculture – The Cyber Threats

by
Agriculture

Agriculture is perhaps not recognized as a sector that could be the target of hackers however this sector is now relying on increased connectivity and communication on-line and with this comes the threat of possible cyber attacks.

The Farming community has varied experience in protecting its IT and limited experience in the management of these types of risks.

Cyber Threats

  •  Increased reliance on digitization and conversion from older computer systems
  •  Working with a broad number of suppliers increases supply chain threats
  •  Farm database being subject to a data breach from a hacker
  •  Loss of productivity as a result of a cyber attack impacting on yields
  •  Loss of storage facilities
  •  Compromise of farm management and logistics software  
  • Agricultural vehicle attacks

The Smart Factor

Agriculture is becoming more reliant on smart technology as this is cost effective and works effectively in this sector where movement of goods and animals dominants.

For example this involves some of the following :-

1.Livestock tracking wearables

2 Food tracking

3.Smart agriculture sensors for soil moisture and weather stations

Cyber Risk Management 

Agriculture is linked to the food industry and any compromise in technology is going to have a very significant impact of the food supply chain , protection of this is vital. The food sector is classified as part of the 13 sectors that fall under Critical National Infrastructure (CNI), the prominence of this therefore is at the highest level. The  management of risks in this sector should be a priority.

We have not seen many cyber attacks in this sector and it is maybe the case that few have been reported or they have been in significant to be reported.

Cyber Insurance 

This is relatively new form of insurance and is now being purchased by many businesses in many different sectors and it is conceivable that the farming sector will also consider this with cyber risk becoming more relevant .

 

Image : Shutterstock

Don’t Underestimate The Insider Threat

by
Insider Threat

The Insider Threat has now become an even more significant risk to businesses following the dismissal against the High Courts decision that Morrisons was vicariously liable for an employees misuse of data. This is despite the fact that Morrisons were deemed to have carried out as much as they could reasonably been expected to do to protect their employees data.

The case Wm Morrisons Supermarkets v Various Claimants (2018) now states that businesses can be vicariously liable for the actions of a rogue employee.

https://www.bakermckenzie.com/en/insight/publications/2017/12/the-morrisons-data-breach-judgment

With the introduction of the General Data Protection Regulations (GDPR) earlier this year the awareness of data protection by the public has increased which is likely to lead to litigation being bought against businesses in effort to seek remedies for a lack of protection of their personal data.

Background to the case

A security breach occurred when a senior internal auditor leaked payroll data of 100,000 employees. Of this 5,518 former and current employees claimed that this incident exposed them to the risk of identity theft and possible financial loss with Morrison’s being responsible for breaches of privacy.

The Class Action Threat 

The Morrisons case is also an example of a class action where it is not only one individual making a claim but a series of claimants , claims of this nature can be significant and impact severely on the well being of a business. The insider threat has therefore increased and it is likely that businesses will need to re focus their efforts in ensuring that they have procedures in place to help counteract such threats.

Emotional Distress

Under GDPR it is now to bring claims for non -material damage i.e. emotional distress caused as a result of a compromise of an individuals personal data.

Why can business do to monitor employees behavior?

Limit computer admin rights within the business

Monitor abnormally high transfers of data by employees within the business

Ensure CV’s of new employees are what they say they are

Make sure data mapping is in accordance with GDPR ensuring that the business knows where their data is located.

Robust training of employees and expectations made clear of how they manage data.

Ensure highly sensitive data is held in respositories

The Insider Threat is intrinsically linked to the human factors that impact upon cyber security please see our blog on this.http://cyberbrokers.co.uk/human-factor-cyber-risk/

Cyber insurance is also a very valuable asset to have in that it provides insurance protection and offers an incident response service so that businesses can effectively manage a data breach.

 

Image : Shuttertock

The “Cyber Monday Morning” Feeling…

by
Cyber Monday

The “Cyber Monday Morning” Feeling..

This year Cyber Monday falls on 28th November, traditionally preceding “Black Friday” which occurs on the 25th November …. it is likely that consumers will have that “Cyber Monday Morning Feeling” ….. keen to make purchases on-line for loved ones that maybe they failed to grab on the Friday.

Cyber Monday represents one of the busiest on-line purchasing days of the year in both the UK and US. Last year according to figures from Experian and IMRG , Cyber Monday was worth £968M to on-line retailers which represented an increase of 34% on the previous year. A further increase is expected this year…. a factor that might influence this is that consumers in the UK experienced issues with crowds and traffic problems and consumers may prefer to shop from the comfort of their own home or office.

The spike in on-line shopping activity on this day does not go unnoticed by the cyber criminals and it is one of the days of the year where consumers may be most vulnerable to scams and fraud.

Keen to grab a deal that may be too good to be true, consumers could be fooled into making purchases without looking too carefully at the website that may not in reality exist or the e-mail that has been sent to them with a special one off deal that day. As a result of this lapse in concentration  cyber criminals can take advantage of this which could lead to them gaining access to personal details such as bank account details, full names & addresses and national insurance numbers.

Not only are there dangers for consumers but businesses will also be a target for cyber criminals who will be shopping for Christmas..!

Here are some cyber security measures that should be focused upon  :-

1.Updating your Software

Whatever device you are using whether it be a smartphone , tablet or desktop it is important that the software is up to date as this helps protect these devices from new viruses and malware that could lead to data being compromised.

2.A Strong Password

The most common password remains 123456 and it is sad reflection that people do not fully realize the dangers that this poses.There are various schools of thought on what makes a good password, CyberAware, the government sponsored website provides some good advice on this.

https://www.cyberaware.gov.uk/software-updates

3.Privacy Settings

Checking of privacy settings on social media to ensure that you only wish to share personal information with persons that you know and are happy to share this with them.

4.Internet Settings

When shopping  on-line ensure that on-line retail sites are secure and that they are what they perceive to be.

5.Human Error

An inadvertent error in pressing the wrong button on a computer or smart phone  could lead to data or information being sent to the incorrect destination causing disclosure of this to a third party or hacker that may use this for ill gains.

To reinforce this there are two excellent websites to guide individuals and businesses on how best to protect their privacy and data :-

CyberStreetwise 

This is a government sponsored initiative that was launched in 2014 to encourage behavioural changes in individuals and the SME business sector in terms of adopting a good cyber security posture.

https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/273330/cyber_streetwise_open_for_business.pdf

Get Safe Online

This website provides advice on how individuals and businesses can protect themselves from on-line issues such as fraud , identity theft and virus attacks.  Guidance is also provided on associated subjects relating to good housekeeping of computers and mobile devices.

https://www.getsafeonline.org/about-us/

Cyber Insurance 

For all the cyber security procedures and practices that may be in place Cyber Insurance can provide that “top layer”of coverage as part of the cyber risk management program should there be a compromise of computer systems that results in a data breach or being a victim of cybercrime.

Image : Shutterstock

Cyber Monday is coming ……..

by

cyber mondayCyber Monday is coming …… 30th November 2015

A reminder why Retailers should consider Cyber Insurance !

Last year on Cyber Monday in 2014 , consumers spent £7,523 per second ….this is traditionally one of the busiest day on the internet where consumers take advantage of many fantastic deals ahead of Christmas.

China recently had their version of Cyber Monday which was the biggest single shopping day in the world with $14.3 billion settled via its payment service.

Fact – 23% of all retail transactions take place on line in the UK.

Fact – 10% of Britain’s whole economy is on-line ….. the highest in the world.

In this environment companies computer systems are under enormous strain and this presents an ideal opportunity for hackers to take advantage of any vulnerabilities that may exist , be that stealing data , injecting a virus or holding a website to ransom which could cause chaos and massive disruption to a business.

At this time many retailers will see an extraordinary exchange of data which will include consumers credit and debit cards and other personally identifiable information. In managing this risk a business must have robust security systems and adequate privacy policies in place to mange this exposure. It is unlikely that a business will be able to 100% prevent a cyber attack or a breach which is where cyber insurance can play an important role in the armour that a business has in averting these types of threats.