5 Types of Cyber Criminals and How to Protect Against Them

Winston-Salem, NC 11/3/2019

Understanding the types of cyber criminals and their techniques can help protect your organization from a data breach. Here are some common threats and steps a business can take: https://youtu.be/bAO_ur8CJvY

#1 The Social Engineer

Cyber criminals pretending to be someone else can trick unsuspecting employees to compromise data. In one scenario, a spoof email purporting to be from the CEO of the company directs an employee to send a PDF with employees’ 1099 tax forms for an upcoming meeting with the Internal Revenue Service. The social engineer is able to capture Personally Identifiable Information (PII).

“We often see people making mistakes like this,” says Jennifer Coughlin, a partner at Mullen Coughlin LLC, a data breach law firm that works with Travelers Insurance. “Encourage employees to make a phone call and speak to the person, instead of leaving a voicemail – to verify all requests for sensitive, confidential, or protected information and financial information before they reply with the requested information. Employees should also ensure the “Reply To” address is, in fact, the email address of the requesting employee, and send this type of information via an encrypted email message.” Beware time-sensitive requests, as social engineers sometimes use a sense of urgency to compel victims into unsafe behavior.

#2 The Spear Phisher

Social threats factored into just under one-third of confirmed data breaches, with phishing the tactic used in 92 percent of social-related attacks.1 An email can appear to be from a legitimate sender, but actually contain a malicious attachment or link that can give spear phishers access to banking credentials, trade secrets and other information that they are able to access.

“Companies can have employee training that both prepares and tests employees to recognize and respond to malicious phishing attempts,” says Tim Francis, Travelers Enterprise Cyber Lead. If a phishing attempt is successful, having the proper security in place provides another line of defense: protecting the rest of your network by segmenting the network and implementing strong authentication between the network and important data.

#3 The Hacker

Nearly two-thirds of confirmed data breaches involved leveraging weak, default or stolen passwords.2 Malware poses a serious threat, as it can capture keystrokes from an infected device even if employees use strong passwords with special characters and a combination of upper- and lower-case letters. Still, strong passwords are the first line of defense against hackers, according to Tim Francis.

“Use multi-factor authentication, enforce strong password requirements, patch operating systems, software and apps, and increase redundancy and bandwidth,” Francis says.

#4 The Rogue Employee

Disgruntled employees present an insider threat to data. Insider threats accounted for 15 percent of breaches across all patterns,3 and they can be especially challenging for companies because employees often have both access to data and knowledge of what is stored and where.

Restricting access to sensitive data to only employees with an immediate need to use the data can help reduce the threat. Companies can limit, log and monitor internal account usage to protect against rogue employees, as well as protect against external attackers disguising themselves as legitimate users.

#5 The Ransom Artist

Bad actors have been modifying codes and implementing new ransom attack methods, sparking a rise in ransomware as the fifth most common form of malware, up from the 22nd most common in the 2014 Verizon Data Breach Incident Report.4 Many companies are paying ransom, often via anonymous bitcoin payments, to have their data restored.

“The people who fall victim to ransomware are not following the information security rules, including encryption and frequent backups,” Pascal Millaire, Vice President and General Manager of Cyber Insurance at Symantec. If you are able to independently restore the data, you will be less affected by the ransom attempt, but you will still need to determine how the cyber thief gained access to your network before making their ransom attempt.

View All News Articles

What Our Customers Say!

Fletcher, I wanted to just send you a note to let you know how thankful we are to Linda Welborn for all of her work on our homeowner's and auto policies. This is the first time I can honestly say that someone took the time to explain the different levels of insurance to me and discuss what we actually needed, rather than what they wanted to sell me. I learned so much from this experience! In addition to the "education" she provided, she provided a proposal to us very quickly and was able to finalize everything in a very timely manner. We are thrilled to be working with your team going forward! Sincerely, Laura Blythe

Laura Blythe

Read what others have to say.

What's New

Why every Board of Directors should carry D&O Insurance

12/3/2019

Directors & Officers Liability insurance provides coverage for your own “wrongful act” while performing duties as a Director of Officer of the insured entity, or the "wrongful acts" of other board members.

Why Do You Need Director’s & Officers Liability Insurance?

While an organization is legally permitted to cover the costs incurred as a result of personal liability stemming from the activities performed on behalf of the organization, this ability, called indemnification, may not apply to every situation. The director or officer may become personally liable in their duties performed for the organization.

What You Should Know About Rental Car Insurance

11/13/2019

There are some very serious contractual gaps in coverage for rental vehicles. Even if you purchase their Collision Damage or Physical/ Loss Damage Waivers, many rental car contracts exclude the following:

Theft of the Vehicle
Tolling, or Turning the Vehicle Over
Lease Gap coverage
Loss of Use
Glass, Tire and Undercarriage Damage
Animal Collision
Flood and Hail Damage
Damage above the Windshield
Individuals who rent personal vehicles for extended periods and do not have a Personal Auto policy in force
Drivers who rent, and do not own another vehicle insured elsewhere, need to be expecially careful here

5 Types of Cyber Criminals and How to Protect Against Them

11/3/2019

Understanding the types of cyber criminals and their techniques can help protect your organization from a data breach. Here are some common threats and steps a business can take: