Cyber 101:

Types of cyberattacks

Criminal hackers are devising new techniques all the time to attack organizations. Here are a few of the most common methods:

Denial of service attack: The hacker floods a website with more traffic than it was built to handle, making it impossible for legitimate visitors to access the site.

Phishing: An attacker pretends to represent a trusted organization to trick a user into taking an action (such as opening a malicious attachment or clicking on a bogus link) that he or she would not normally take.

Malware: Harmful software takes control of a machine, monitors user actions and keystrokes, and/or sends confidential data from the infected computer or network to the attacker’s home base.

Ransomware: This software encrypts files to prevent users from accessing them and then demands payment for their safe recovery. These attacks can occur after clicking on a phishing link or visiting a compromised website.

Spoofing: A cybercriminal impersonates another user or device to attack network hosts, steal information, spread malware, or bypass access controls.

Brute force: The attacker attempts to decode encrypted data by trying as many password combinations as possible, as quickly as possible.

Six questions to consider when buying cyber insurance

1. How many records containing personal information does your organization retain or have access to?

2. How many records containing sensitive commercial information does your organization retain or have access to?

3. What security controls can you put in place to reduce the risk of having your system compromised?

4. Do all portable media and computing devices need to be encrypted?

5. What about unencrypted media in the care, custody, or control of your third-party service providers?

6. Could you make a claim if you were unable to detect an intrusion until several months or years had passed?

What can cyber insurance cover?

Regulatory defense expenses: Civil fines incurred in responding to a regulatory proceeding resulting from a privacy or network security breach

Legal and civil damages: The cost of legal representation and possible damages related to a privacy or network security breach.

Security breach remediation and notification expenses: The costs to notify affected parties and manage a privacy incident.

Crisis management expenses: Public relations expenses to manage the damage to your organization’s reputation.

Forensic investigations expenses: The costs of hiring a breach response firm.

Computer program and electronic data restoration expenses: Expenses to restore or recover damaged or corrupted data caused by a breach, denial-of-service attack, or ransomware.

E-commerce extortion and reward payments coverage: Pays for the cost of a professional negotiator and potential ransom payments to the person or organization extorting you or your organization.

Business interruption and additional expenses: Income your business loses and the costs it incurs due to an interruption in services.  +

Insurance Bureau of Canada

ibc.ca