Cybercrime is still a relatively new topic and many are not really sure what it is all about. Does someone steal the computer or is it about the ominous viruses that infect a system?
Are you like that? Then this article is perfect for you!
In fact, there are different types of cyberattacks and for some, there is not a perfect solution out there. Most of the time people get into a “trap” and have to buy themselves out, which can be very expensive, but necessary to avoid losing valuable data. But there is also the possibility of insurance for cybercrime and with the expert for exactly this, Gerhard Ederer, we have prepared this article for you to process the topic.
If you already have experience with cybercrime or you have any questions -> feel free to write to us in the comments and we will do our best to answer them!
& If you are also interested in digitisation, then have a look at other articles on this topic here 🙂
What is cybercrime and how easily does one become a “victim”?
Cyber-attacks hit large businesses just as well as small and medium-sized ones. Especially the smaller ones are becoming an increasingly popular target, with two thirds of cyberattacks already affecting SMEs. IT security is not state-of-the-art for Austria’s small and medium-sized enterprises. This gets confirmed by the experience that we have in direct contact with companies.
Many companies lack comprehensive information security strategies and defined incident response processes. On average, just under ten percent of companies’ existing IT budgets is spent on security measures.
What types of cybercrime are there?
Cybercrime has developed rapidly and must now be classified as the sixth elementary risk. It can, in no time, threaten the existence of a company and thus of the people concerned. In recent years cybercrime has become more and more of a lucrative industry and has grown rapidly since then. Highly professional hackers attack companies of various sizes and industries.
More and more small and medium-sized enterprises become victims of Internet attacks – the levels of damage are on average around 80,000€, in some cases even more than 500,000€.
Cybercrime occurs in many variants. From script kiddies, hacktivists to the main threat of “organised crime”. The biggest threat comes from existing botnets. Botnet is the name of a collection of compromised PCs that an attacker can control by remote. These are usually built by a single attacker or a group. They use a malicious programmes to infect as many computers as possible. The individual PCs of a botnet are usually called “bots” or “zombies”. There is no minimum amount of infected PCs for a botnet. Smaller botnets can consist of hundreds of infected computers, while larger botnets work with millions of PCs.
Examples of known botnets in recent years are Conficker, Zeus, Waledac, Mariposa and Kelihos. A botnet is usually seen as a single entity, however, the authors of malware also sell their concoctions, so that sometimes there are also dozens of separate botnets that use the same malicious program.
How exactly does this work?
There are two main ways that cybercriminals infect PCs to make them a “zombie”: drive-by downloads and e-mails. Drive-by download infections must be prepared by the attacker in a few steps, and he/she must find a popular website with an exploitable vulnerability. Then the attacker can upload this malicious program to the site.
By contrast, the infection method via e-mail is much easier. The attacker sends a huge amount of spam that contains either a file (such as a Word document or a PDF file) containing malicious code, or a link to the malicious program. In both cases, the PC becomes part of the botnet as soon as the malicious code is downloaded to the computer. The attacker can now control the PC, transfer data from the computer, download new programs, and do whatever he/she wants.
“DDoS” and other important things to understand
The traditional and most widely used application for botnets is Distributed Denial of Service (DDoS) attacks. These attacks use the computing power and bandwidth of hundreds or thousands of PCs to channel massive amounts of traffic to specific Web pages to crash these pages. The goal is to prevent a page from being reached. Botnets are also used for other purposes. For example, spammers use botnets to send millions of advertising mail through infected PCs, and cybercriminals use it to commit large-scale credit card fraud.
How to protect yourself from attacks
The company must first of all raise awareness of the existing danger among employees and management. A professional risk analysis provides clarity on the impact of a cyber-attack on business operations and the associated costs. In a further step organisational (e.g. training of the MA) and technical (e.g. optimisation of the IT security) measures need to be carried out. The IT and consulting market offers far-reaching solutions for this. However, there is no 100% certainty of not suffering massive financial damage through a cyberattack. Therefore, the conclusion of a cyber insurance is appropriate in case of an emergency to quickly have access to specialists from various fields (cyber specialists, data protection lawyers, crisis communications) and to compensate for damages resulting from, for example, a business interruption or data breach. E.g. Wiener Städtische Insuranceofferssuch a Cyber Protect, an individual solution for small and medium-sized enterprises with a 7×24 h hotline.
About the Guest Author
Herr Gerhard Ederer, MFP from Wiener Städtische Insurance is certainly one of the best contacts when it comes to protecting your own company.
He has been responsible for sales of company insurances in the business customer segment in the Vienna State Directorate for more than 10 years. The range of advice includes employee retention models and pension plans, considering the tax framework, etc.
If you would like to have a risk analysis carried out for your company you can easily reach out to him via this e-mail: firstname.lastname@example.org.