Mapping cyber incidents to potential losses

SOMETIMES, it’s easy to understand the concept of cybercrime and cybersecurity but difficult to really picture how exactly a hacker can cause you damage – and the extent of your damage.

Research by @IBM and @CybersecuritySF: #Hackers gonna hack. In 5 years, new methods of attack will make today’s security measures woefully inadequate. $6 trillion #cybercrime damage costs by 2021. Quantum-safe #cryptography. #Cybersecurity Read: https://t.co/UL15KBpNs6 pic.twitter.com/5cbGkkeNn5

— Steve Morgan (@CybersecuritySF) March 22, 2018

To help you quickly get to grips and up to speed with cybercrime (and why you need to push for cybersecurity in your workplace), Tech Wire Asia has put together a list of common types of cyber incidents and the resulting losses:

3rd party data confidentiality breach

This is a scenario where you give out information about your clients or customers, with personally identifiable information. There are some stellar examples out there, including Uber and Equifax, that made headlines for weeks. For Equifax, the “hack” event cost its CEO his job.

Potential losses:

• Incident response costs
• Breach of privacy compensation
• Reputational damage
• Regulatory and legal defense costs
• Fines and penalties
• Directors and officers liability

2 top #Equifax execs are out after a massive hack that exposed 143 million Americans' financial data. (Bus Insider) https://t.co/u8BNct9n7A pic.twitter.com/SAyJskvoZU

— jamesvgingerich (@jamesvgingerich) March 22, 2018

Own data confidentiality breach

This is usually a case where a hacker steals information and “knowledge” stored in a company’s computer. Sometimes, the ramifications can be severe.

Imagine information about a top new project or potential deal getting leaked before you announce it to the public – or lose out on trade secrets that drive your business.

While many companies refuse to talk about such incidents to avoid making headlines and raising questions about other security lapses, these are quite common. Just last year, ThyssenKrupp revealed that is secrets were stolen in a ‘massive’ cyber attack.

Potential losses:

• Intellectual property theft
• Directors and officers liability

Operational technology malfunction

A lot of the technology in your office and factory is electronic – and controlled with a command from a nearby computer. In short, they’re programmable. If hacked, they could cause significant damage to your staff and even your customers.

With the rise of robotics, the dangers only get magnified. They have a larger field of motion and are programmable to a much greater degree. And if your business relies on technology, you’ve got to be thinking about this quickly.

https://twitter.com/search?q=hacker%20sabotage&src=typd

• Business interruption
• Fines and penalties
• Physical asset damage
• Bodily injury and death
• Director and officers liability

Are you at #SXSW2018? Don't miss @marknca's session today at 11am on how industrial robots can be hacked: https://t.co/tS9keo6NFm @SXSW pic.twitter.com/CHN94a2PEo

— Trend Micro (@TrendMicro) March 12, 2018

Network communication malfunction

With a lot of internal and external business relationships dependent on networks, their malfunctioning can cause severe damage to the company and its business.

A denial of service attack on a company server, for example, can lead to the company’s website being rendered inaccessible for minutes, hours, or even days – causing it to lose out on customers and revenues.

Denial-of-service cyberattacks on our public websites and services are a risk we need to prepare for. Elections could be severely impacted by such attacks.https://t.co/b4v9MrK1GY

— Kathleen Clyde (@KathleenClyde) March 18, 2018

Potential losses:

• Business interruption
• Reputational damage
• Directors and officers liability

Inadvertent disruption of a 3rd party system

Now this is something that’s easy to understand. Imagine owning a device that you use to connect with a key supplier or client. Say, a direct link to their software that allows you to query their inventory and plan your purchases or sales.

Given your link, if you get hacked and the hacker piggybacks on your system to send out some sort of a malware to your supplier’s or client’s system that was otherwise secured can raise several questions for your business.

Potential losses:

• Network security failure liability
• Regulatory and legal defense costs

Disruption of an external service provider

Again, an easy one to understand. Imagine relying on a CRM or an ERP package that’s delivered to you as a service, via the cloud. Now, imagine that the cloud and the provider are hacked. It could potentially damage your workflow and disrupt “business as usual” for a while.

#Cybersecurity is a big concern for anyone using cloud-based software. Here's how easily a #parkinggarage can be hacked: https://t.co/QDf1sir2Na If you're concerned, email ParkPlus to discuss! bizdev(at)getparkplus(dot)com #hacking #cybersecurity #parking pic.twitter.com/VW8qsxEnoF

— Get ParkPlus (@getparkplus) February 1, 2018

Potential losses: Contingent business interruption

Deletion or corruption of data

Getting your computer or corporate network infected with malware not only risks your data but might also corrupt or delete it. This data, whether on your own computer or on another computer on your network, might be sensitive and critical to your business operations.

Olympics-targeted malware was designed to “send a message,” researchers believe: the code demonstrated the ability to cause mass data destruction like NotPetya last summer, but instead only deleted backups https://t.co/KRwQWsdUS8

— Andy Greenberg (@a_greenberg) February 12, 2018

Potential losses:

• Data and software loss
• Regulatory and legal defense costs
• Product liability
• Directors and officers liability

Encryption of data

The most popular of the lot, this cyber incident encompasses all the ransomware out there that infects your computer, locks your data, and forces you to pay a price for ignoring the threats in the cyberworld.

It’s affected everyone – from employees at government organizations to private citizens running small businesses.

The FBI and Department of Homeland Security are investigating a ransomware attack on the city of Atlanta, city officials said https://t.co/YXRKUFHlJn pic.twitter.com/NIfcanUYt7

— CNN International (@cnni) March 22, 2018

Potential losses:

• Cyber ransom and extortion
• Directors and officers liability

Cyber fraud or theft

Finally, everyone’s nightmare – having your account hacked and all your money stolen. Whether of personal or company accounts, it can have severe ramifications and cause a lasting impact.

In most cases, unfortunately, the monies are difficult to recover.

Hackers stole £4.3 million from the Russian central bank last year https://t.co/iiKsxA8UIS via the SWIFT messaging system, according to report from the bank.

— SC Media UK (@SCmagazineUK) February 21, 2018

Potential losses:

• Financial theft and/or fraud
• Directors and officers’ liability

---

---

---

---