cyber insurance

Euro 2016 – The Cyber Threat Landscape

by
Euro 2016-

Euro 2016……whether you agree with the final England squad going to France for the 15th UEFA European Championships or not, we should all be in agreement that this major sporting event is inevitably going to be a target for cyber criminals.

Some Facts…

24 countries will be represented at Euro 2016 each with 23 players in the squad which totals 552 players in all

2.50 million fans are expected in the 10 stadiums

Overall spend is expected to be E1billion

The event is being broadcast to 230 countries worldwide with 150 million spectators expected to follow each match

650 employees and 6,500 volunteers

Information : Courtesy of Press Kit dated 2nd March 2016

Why Euro 2016?

Major sporting events grab the attention of the entire world but unfortunately this also attracts elements of the population who perceive this as an opportunity to be exploited  ….. the world of cyber crime.

The threat that cyber crime poses to an event such as this is similar to that which exists for any other business but on a much larger scale and with more dramatic consequences due its high profile and the many threat vectors that may exist.

The Cyber Threat Landscape

Some of the targets for cyber criminals are likely to be the following :-

1.The Official Euro 2016 Website

Distributed denial of service (DDoS) attacks preventing access to website by fans.

The accessing of the website by hackers and altering the data such as falsifying the results and tables and providing incorrect information to the public.

Defacement of the website by a hacktivist.

Fans will no doubt access the website via Wi-Fi and vulnerability will exist if they inadvertently log in through a rogue Wi-Fi connection which could lead to the stealing of their personal data.

2.Match Day Tickets

Ticket fraud with the setting up of bogus websites taking fans money and issuing counterfeit tickets.

Website scamming offering last minute match day tickets for the big games with no ticket actually being produced.

3.The Stadiums

Technology will be pivotal in all aspects of the running of the ten stadiums being used in the tournament. Stadium entry, ticketing processing, management of floodlights and associated infrastructure would all be impacted in the event of a cyber attack.

4. Tournament Data 

The event will involve a huge amount of data ranging from credit card data of fans, players confidential information or the database of the organizers which is likely to be targeted by hackers. This could occur through phishing attacks in order to steal personal private information (PPI)and then lead to possible bank fraud of individuals.

5.E-mail Transmission

E-mail scamming could be caused by bogus e-mails set up to obtain players and officials personal information that is disseminated over the internet. The numerous sending and exchanging of e-mails also presents an opportunity or spamming.

6.Media Coverage

World wide coverage will be provided to this event by television companies who will be reliant on technology and the service could be interrupted or even blacked out by a hacker wishing to cause transmission downtime.

7. Computer Network 

The spreading of a malware attack within the internal computer network and third party providers could cause enormous interruption to the running of the tournament. The reliance on technology reaches far and wide ranging from the transportation network to close circuit TV surveillance systems.

8. Mobile Applications 

Fake mobile apps devised by developers to give the impression of the official FIFA app. These have already been discovered by Avast Software’s Jan Piskacek with adware with viruses appearing on mobile phones.

Fake FIFA Apps on Google Play

9.Cyber Terrorism

Cyber terrorism could occur in a number of forms. A ransomware attack would limit or entirely restrict the use of computer systems affecting many aspects of the tournament.

There may be political motivation from countries that want to disrupt the tournament. This could be to make a political stand on an issue or perhaps a country that failed to reach the finals or a country that has controversially been knocked out of the competition.

The threat of remotely controlled drones by cyber terrorist entering a stadium causing disruption and delay to matches.

10.Social Media

Infiltration of social media websites by hackers of the tournament and personal accounts pose a threat to fans , players and officials privacy.

Cyber Risk Management Program

FIFA will no doubt have in place a comprehensive cyber risk management program to manage Euro 2016 which is likely to be broken down into the following :-

  • Identification of cyber risk vectors
  • The mitigation of cyber risk within the tournament
  • The transfer of residual cyber risks that they are unwilling or unable to manage.

Cyber Insurance

Cyber Insurance can assist with the transfer of cyber risks by the following insurance modules :-

  • Network Security Liability
  • Data Privacy Liability
  • Multimedia Liability
  • Network Business Interruption
  • Data Asset Protection
  • Cyber Extortion
  • Crisis Management

A cyber insurance policy also provides post breach vendor assistance helping with data breach notification , forensic investigation and public relations.

Lets hope England’s destiny will not again be determined by a penalty shoot out – if so the team will be need to be prepared, well practiced and above all have the right players taking the penalties …. this can be applied to the cyber security team that is in place to manage and mitigate cyber risks of any sporting event or to that fact any commercial enterprise.

Image Credit – Evan Lorne / Shutterstock

CiSP – Cyber Security at your finger tips

by
Artificial Intelligence

CiSP stands for the Cyber-security Information Sharing Partnership and has been formed jointly by industry and government which sits in CERT-UK.

What is CiSP?

It is an online social networking tool that was established in 2013 which allows members to exchange information on threats and vulnerabilities as they take place. CERT – UK is the national computer emergency response team with a number of responsibilities that stem from the UK Cyber-Security Strategy. It is used by many businesses across industry and provides reports that help its members to improve their awareness of cyber security threats.

www.cert.gov.uk/cisp

Recently the South West Regional Group launch of CiSP took place , this was the 12th and final launch carried out in the UK. This was jointly sponsored by the SW Regional Cyber Crime Unit (RCCU) , CERT-UK and J.P. Morgan (Regional Champion). The profile of the sponsors demonstrates the importance that attaches to CiSP and the impact that is perceived that it can make in developing the cyber security programs of businesses.

Why should you become a member of CiSP?

  • Early warning of cyber threats that may affect businesses
  • Collaboration between businesses and government in a secure environment
  • Ability to help businesses protect their livelihood from cyber threats
  • Businesses can learn from the experiences of others….both mistakes and the successes
  • Availability of specific sector content on cyber threats and incidents that have taken place
  • Businesses that have a small or non-existant cyber security budget can avail themselves of the information
  • Any business can join and benefit from the scheme
  • It costs nothing to become a member and can help a businesses prepare for a cyber attack

CiSP Membership Link

How CiSP can help a Business?

  • Alerts and advisory papers on cyber security
  • Reports om trend threats
  • Malware and phishing e-mail analysis
  • Guidance and best practice on common areas on both a national and global basis

One of the key features is the Fusion Cell that consists of a team of analysts taken from government and industry who provide source analysis of cyber threats and vulnerability updates.

The scheme is aimed at SME’s who are considered one of the most vulnerable business sectors with varying degrees of cyber maturity. It is therefore important that they understand how to protect themselves from cyber attacks and the resulting cyber crime that can occur.

Industry Endorsement

The British Insurance Brokers Association ( BIBA) is going to sponsor its members to join the scheme in order to help improve awareness about cyber cyber risks that exist.

This will no doubt become a common theme within other industries in the future.

Insurance has a role to play 

Cyber insurers and specialist insurance brokers can also contribute to CiSP by providing current data and information of cyber security attacks and data breaches that they have been involved with and managed.

 

Cyber breaches hit UK businesses

by
Ransomware

Cyber breaches are hitting UK businesses according to a recently released commissioned report by the UK Government.

Two thirds of large businesses UK hit by cyber attack in past year

Following the high profile targeting of  TalkTalk , Vodafone , Weatherspoons it is no surprise that large businesses are still the focus of cyber breaches …… the underlying message to these businesses is that they need to improve their cyber security programs in order to combat these threats.

Main Report Findings

  1. 1 in 4 large businesses encountered a breach once a month
  2. Only one-third of all firms had a written security policy
  3. Only 10% of all businesses had an incident response plan in place should a cyber attack occur
  4. 13% of all businesses set cyber security minimum standards for their suppliers
  5. Only 20% of firms validate the providers of cloud computing services.
  6. 7 out of 10 of the attacks involved compromises by viruses, spyware or malware

Why has this happened ?

The report also highlighted the fact that many firms do not have cyber security programs in place that are in accordance with government guidance such as the Cyber Essentials Scheme and the “10 Steps Guide to Cyber Security”. This is must be a major concern to the Government as these two measures alone would install a good level of cyber security.

Cyber Essentials is generally more difficult to achieve for larger businesses as their systems tend to involve the use of bespoke software and its management. This certification is geared more to standardized systems which is more akin to SME’s . There is therefore a question here whether Cyber Essentials needs to be adapted to larger businesses?

Cyber Insurance

The report also makes reference to 37% of firms having in place some form of cyber insurance , this is either in the form of extensions to professional indemnity insurance policies or stand alone policy specific cyber insurance policies.

A concern raised by the report is that there is a lack of knowledge about what was covered under a cyber insurance policy and the insurance industry therefore has a role to play in helping businesses understand this form of insurance.

Cyber breaches will continue to impact on businesses unless they have a formal cyber security program in place to protect them from the increasingly sophisticated cyber attacks that can compromise a businesses.

Panama : The Cigar is Still Smouldering…

by
Panama

Up until recently Panama was associated with a canal , hats and cigars…..it is now known for one of the biggest data breaches ever known – the Panama Papers.

What are the Panama Papers?

These are a leaked set of 11.50 million confidential documents that provide details of approximately 214,000 offshore companies listed by Panamanian law firm Mossack Fonseca. This information contained identities of shareholders and directors of these companies and showed the wealth of high profile individuals , including the assets that were hidden from the public. Individuals included past and current heads of states, government officials and celebrities from over 40 countries. Investigations have now determined some of the companies may have been utilized for various illegal purposes.

The Panama Papers far exceeds the previous highest data breach record previously held by Wikileaks by 1500 times.

How did this happen?

An anonymous source know as “John Doe” passed the documents to German newspaper Suddeutsche Zeitung which it is understood commenced at the beginning of 2015. The quantum of data involved was 2.6 terabytes which is a vast amount of data In view of the amount of data involved the newspaper recruited the assistance of the International Consortium of Investigative Journalists (ICIJ) which distributed all the documents so that they could be investigated by various journalists and media organizations around the world. The first documents were published on 3rd April. The ICIJ will issue a full list in May of all the companies involved.

What was the cause of this huge data leak ? 

There are a number of different schools of thought as to whether this was due to an insider or outsider hacker attack , but one thing that is certain is that Mossack Fonseca did appear to have very poor cyber security procedures in place.

This has been evidenced by some of the following cyber security flaws that have since been discovered:-

  • The Outlook Web Access login had been utilized since 2009 with the client login not being updated since 2013
  • The computer systems included a high risk SQL injection vulnerability that allows anyone to remotely execute arbitrary instructions.
  • The main computer system included a version of WordPress that was three months out of date.
  • Configuration of the website was not recognized as best practice.
  • Mossack Fonseca’s e-mails were not encrypted
  • The systems were vulnerable to external scanning and possible exploitation

With the amount of data involved it is believed that it took about one year for the data to arrive at its destination. It is a wonder that no one noticed this amount of data leaving the company ? Interestingly enough very few US citizens were listed in the papers , which may be due to the fact that the US does have different corporate tax structures which negates the need for offshore tax arrangements.

www.wired.co.uk   The security flaws at the heart of the Panama papers

Why was Mossack Fonseca targeted ?

Legal firms hold a great deal of data on their clients including copies of personal data , confidential documents and legal transactions which does make them a prominent target for hackers. A high profile legal practice such as Mossack Fonseca involved in the areas that they practiced in therefore represents an ideal victim to a hacker.

With the poor cyber security procedures in place it does perhaps suggest that this data compromise may have come from an insider hacker who knew the computer systems and perhaps an employee with a point  to make or an overarching grudge.

Reputational damage is also a consequence of a breach of this nature , another possible reason for the this attack. which sometimes causes irreversible damage to a firm.

What could have prevented this data breach? 

In the current climate no one business or individual is 100% secure from a cyber security breach but certain procedures seemed to be absent from what would be expected to be standard cyber security risk management procedures:-

  • Prioritising  of cyber security
  • Regular patching of software
  • Updating of software
  • Regular login updating
  • Encryption of all sensitive documents
  • Website security

How Cyber Insurance could have helped ? 

A cyber insurance policy can provide the following coverage.

  1. Data breach costs incurred including notification costs to the appropriate regulatory bodies
  2. Regulatory costs and investigations that may arise as a result of the breach
  3. Post breach costs including investigation and forensics costs incurred to monitor and analyse the data breach which would help identify the cause of the incident.

The proposal for cyber insurance also requires certain minimum security measures to be in place at the onset prior to the policy incepting , the purchase of a cyber insurance policy therefore may have help Mossack Fonseca focus on certain areas of cyber security that may have prevented the hacker to penetrate their computer systems.

From the wider perspective the insurance market is assessing its exposure by gathering data from insurers and reinsurers in order to ascertain the consequences of this loss to the industry. One thing for sure is that insurance coverage would not respond to any illegal activities.

General Data Protection Regulations

Despite being passed the GDPR are not yet in force , but what would have been the ramifications of this on Mossack Fonseca.. ? These rules will apply to entities that carry out business with companies based in the EEC , whether the complicated legal structures put in place by Mossack Fonseca would have implicated by this is difficult to tell , but fines of 4% of annual global turnover or E20,000,000 , which ever is the less would apply if this was the case.

Lessons to be learned 

  • Robust cyber security measures and procedures are paramount to a business armoury in protecting their mere existence.
  • Law firms will be alerted to this data breach and with recent attacks in the US , this sector is clearly currently a target for hackers
  • Cyber Insurance can help improve cyber security and mitigate the effects of a data breach

The biggest data breach ever experienced is still being uncovered, further revelations will no doubt come to light in the coming months… the cigar is still smoudering.