Business Email Compromise Overtakes Ransomware with Insurance Claims
By virtually every metric, phishing scams have been increasing in frequency and sophistication this year, making them one of the most prominent cybersecurity risks for any business. That reality was reiterated this week when insurance provider AIG published its most recent statistics on cyber-insurance claims.
Business email compromise (BEC) has surpassed ransomware and data breaches as the primary reason that companies file a claim. These vulnerabilities, which include everything from credential stuffing to phishing campaigns, account for 23% of all cyber-related claims.
The main culprit is weak passwords and a lack of employee training as the primary reasons that BEC claims are on the rise.
Moreover, regardless of the methodology, cyber-insurance claims have risen precipitously in the past several years.
United States – Artesia General Hospital
Exploit: Phishing scam
Risk to Small Business: Severe: An unauthorized third party compromised an employee’s email account, which included patient information. Hackers had access to the account between June 11th and June 18th, but it’s unclear if the patient data was viewed. Artesia General Hospital is prioritizing staffing training about suspicious emails, but a reactive response will not restore the exposed patient data or lessen impending fines that almost always follow a healthcare-related breach
Risk to Exploited Individuals: Severe: Patient data was exposed in the breach, including names, dates of birth, medical record or account numbers, health insurance information, and treatment information. In addition, some patients had their Social Security numbers compromised. Personally identifiable information has an established market online, and it can be difficult to prevent its distribution once accessed. Those impacted by the breach should be especially mindful of unusual communications or account activity, as those can be indications of data misuse
Customers Impacted: 13,905
United Kingdom – Monster.com – Job recruitment website
Exploit: Exposed database
Risk to Small Business: Severe: A database belonging to a former Monster.com partner was discovered online. The file contained the personal information from thousands of US and UK users who uploaded their CVs to the job recruitment website. The breach applies to those who uploaded their CVs between 2014 and 2017, but the server wasn’t secured until last month. Since many of those impacted by the breach reside in the EU, the company will face serious GDPR fines along with less quantifiable consequences.
Risk to Exploited Individuals: Severe: The personal information of users, uploaded as part of their CVs, was readily available online. This includes names, addresses, phone numbers, email addresses, and work history. This data is often used to facilitate other cybercrimes including advanced phishing attacks and identity fraud. Therefore, those impacted by the breach should enroll in credit and identity monitoring services to ensure that their information isn’t being misused.
Customers Impacted: Unknown
Being proactive in developing a cybersecurity plan can be the difference in successfully defending a breach or losing millions to a harmful attack.
Protect your data, privacy and reputation, talk to a TCT sales team member today.
Follow us on LinkedIn: