Ransomware attacks typically utilize malicious software to block a business' network until a ransom is paid.
"Cyber criminals typically don't target specific small businesses, but they increasingly use tools that target their vulnerabilities," said Patrick Thielen Senior Vice President, Chubb Financial Lines. "Those vulnerabilities are at times technical, like unpatched software or poorly configured hardware. But even more common are those vulnerabilities involving employees who may use weak or compromised passwords, or may inadvertently click something they shouldn't have."
"Cyber criminals know that SME leaders may mistakenly think that cyber security services are beyond their means, which makes SMEs more vulnerable to an attack," added Anthony Dolce, Vice President, Cyber Lead, Chubb North America Financial Lines Claims. "However, we are living in an age where cyber attacks are constantly evolving and threatening businesses of all sizes, but especially small to mid-size businesses. Therefore, it remains critical for companies to understand this present age and develop strong risk mitigation strategies to lessen the impact of cyber threats."
This quarter's Cyber InFocus Report examines:
Emotet: a type of malware leading to increased business interruption claims. Chubb has seen an increase in Emotet infections in recent months. It is sometimes observed as a precursor to other troublesome types of ransomware, including Ryuk.
Ryuk: a new, sophisticated ransomware strain that is particularly virulent, hard to detect and characterized by very high ransom demands. While Chubb is seeing an increase in Ryuk claims, we are also seeing a precipitous decline in the number of SamSam ransomware attacks, which was outlined in the 1Q 2018 Chubb Cyber InFocus Report.
Credential Stuffing: a type of cyber attack used to gain unauthorized access to online user accounts. After purchasing email addresses and passwords on the dark web, an attacker uses botnets to programmatically target multiple online user accounts using the stolen information.
The report also highlights additional Chubb Claims Small Business action statistics for 2018, including:
- 21% of Chubb cyber incidents reported last year by small businesses involved social attacks, such as phishing;
- 20% were due to error;
- 14% were due to hacking.
Companies can help mitigate their risks by taking some recommended steps outlined in the report, including auditing their systems that are most susceptible to an attack, and making sure precautions are taken to prevent an incident before it occurs. Some of the easiest actions SMEs can take center on employee education, endpoint monitoring, detailed VPN logs, and the use of multi-factor authentication.
Chubb's Cyber InFocus report, first launched in early 2018, provides insights into the effects of cyber risks and trends on specific industries or business segments each quarter. Such insight is based on Chubb's use of third-party research as well as proprietary claims data from more than two decades of insuring organizations against evolving cyber threats.
Visit www.chubb.com/cyber to read this quarter's Chubb Cyber InFocus Report, and reports from previous quarters, and get access to additional insight into risk mitigation practices, as well as real-time proprietary cyber claims data through the Chubb Cyber Index.SM Visit Chubb CyberInfocus to view a video on this quarter's topic.
About Chubb Cyber
Chubb is a leader in insuring cyber risk. Combining industry-leading underwriting and expert third-party incident response services, Chubb offers policies that are tailored to the specific needs and risks of its clients to ensure they are ready with the tools and expertise necessary should a cyber incident occur. Moving swiftly to connect clients with the proper parties to minimize data loss is only part of what Chubb delivers. Keeping an eye on the ever-evolving cyber security landscape, Chubb looks for ways to do more for its clients by offering cutting-edge products and holistic services to each and every client.