Cyber threats continue to top the list of concerns for individuals and businesses alike. With breaches becoming more common and more expensive, businesses are now discovering that steps must be taken to protect against data security breaches. Since understanding the risk is the first step to controlling it, let’s take a look at some observations made by Georgia Institute of Technology’s Information Security Center and Research Institute in their 2015 Emerging Cyber Threats Report.

Users are the greatest weakness to information security.

  • Though software vulnerabilities continue to be exploited, users remain the link most often exploited in attacks as cybercriminals continue to successfully abuse their trust.
  • Users often allow attackers to circumvent security measures.
  • Social engineering, which is also known as hacking humans, is a common and extremely effective way to attack systems. Sixty-seven percent of cyber attacks start with a phishing electronic communication sent by an attacker posing as a trustworthy person or business.
  • Training is an important piece of the security puzzle and one that businesses do not employ often enough. Forty-nine percent of businesses that do not perform employee security-awareness training pay the price — their annual losses are four times greater than those with a training process in place.

Attackers are increasingly targeting mobile devices.

  • As consumers and employees increasingly rely on mobile devices, their phones and linked cloud repositories have become treasure troves of information.
  • Increasing mobile app popularity and the proliferation of free apps relying on advertising for revenue have driven many developers to use vulnerable code that can be exploited. According to the report, in 2014, 91% of the top 200 iOS apps and 83% of the top 200 Android apps had some risky behavior.
  • Attackers follow the money, so the increasing use of mobile devices to make payments will draw their attention.
  • Android devices continue to bear the brunt of attackers’ focus. Since Android devices are targeted by malware 99% of time, users of these devices require better security measures and increased education about the risks.
  • Apple’s iOS ecosystem is not a safe haven. Researchers at Georgia Tech note that attackers have found ways around security measures, and that additional attacks should be expected.

Rogue workers can cause significant damage to a business.

  • The involvement of an insider causes the costs of data breaches to rise quickly.
  • Companies generally require more time to detect and respond to insider attacks, nearly 260 days, compared to 170 days for other attacks.
  • Incidents involving malicious insiders cost an average of $210,000 more to resolve.
  • Businesses should focus on protecting their “crown jewels” before expanding data-protection programs to cover broader kinds of information.
  • Businesses face a significant challenge looking for behavioral indicators that could detect the activities of a rogue insider.
  • Outreach to employees and access restrictions, such as splitting access rights to valuable data between two or more people, can make it much less likely for a single rogue insider to cause damage.

According to the report, the growing ‘Internet of Things’, which is the interconnection of uniquely identifiable devices (phones, tablets, etc.) to the Internet, will only make security issues more important in the future. By 2020, there could be 50 billion interconnected devices, so securing these devices and the data passed between them will be an ongoing challenge.

Since the risk of suffering a data security breach is likely to continue in the foreseeable future, businesses should consider insurance to protect against cyber risks. There are a number of cyber liability products that protect against privacy injuries, such as identity theft, and that cover the cost of complying with various data breach notice laws. However, given the complexity of the risk, an experienced insurance agent should be consulted to ensure that adequate coverage is obtained.

If you would like to learn more about insuring against cyber risks, contact us.

If you’d like to subscribe to our weekly newsletters please click here.