Cyber security, online crime and privacy are a few hot topic items that have been in the news and are top of mind for online users. While the thought of online dangers might be a passing concern, for business owners these issues can be truly terrifying. In the spirit of Halloween, here are a few cautionary tales we wanted to share.
Watering hole attack on an oil company
Last year a major U.S. oil company was targeted by cyber criminals using a ‘watering hole attack’. Like many large corporations, the oil company had an expensive and robust cyber security system to protect them from direct attacks. However, cyber criminals targeted their employees using a combination of social engineering and a negligent third party.
The employees of the oil company frequently ordered lunch from a local Chinese takeout restaurant and often visited their website to view the menu before ordering. Knowing this, cybercriminals uploaded a fake menu infected with malware. When the employees viewed or downloaded the menu, they unknowingly downloaded malicious code that gave hackers access to their network. This breach resulted in a temporary shutdown of the refinery, costing the company millions of dollars!
Privacy breach at a telecommunications company
Not all incidents that result in a loss come from sophisticated cyber criminals. Recently a telecommunications company had a privacy breach that was unique. A customer had an issue with their cell phone bill and brought it to a local kiosk. The customer service representative suggested that the customer and his wife combine their monthly cell phone bills into a single bill to save money. The customer agreed and consented to the change in billing. When the phone bill came in the following month, the customer discovered his wife was having an affair since he could see her cell phone usage.
This incident resulted in a divorce for the client and a lawsuit for the telecommunications company. The ensuing breach of privacy lawsuit asked for over half a million dollars in damages, since the employee wasn’t allowed to combine bills without the wife’s consent. In this case, it wasn’t a hacker or a malicious cyber-criminal; it was an employee trying to provide customer satisfaction.
Locked out of a small business
Sometimes even smaller businesses are the victim of cyber criminals, who are just looking to cause mischief. A small veterinary office was targeted by someone who compromised their vaccination database. Someone accessed their system and changed the passwords and contact information, effectively locking them out of their own system.
Even this relatively minor breach was costly for a small business. It cost the business $5,000 to have an IT specialist come in and get their database restored and secured. Luckily they had cyber risk insurance. Since the business could not operate for a few days while the issue was resolved, they were able to put in a $50,000 claim for business interruption. Despite recovering their costs, they still suffered reputation risk, losing some clients over the incident.
Click here for more information on how Cyber Risk Insurance can protect your business from online threats.