Written on behalf of the IISA by Peter Olyott- Director
This is intended for those in our sector who still feel that cyber crime is something we hear about and read about but it won’t happen to us or our clients!
With the ever-increasing move to digitalization across the sector, the points of entry for would be cyber sleuths increase exponentially. For those old enough to remember way back when, there was not much scope for points of entry into client information – for starters, administrators completed data sheets which were sent to the computer department to load the client policy information which was gained from faxed or original proposal forms. Most policies were still paid annually, so no debt order information was required, and….. that was about it.
Fast forward to today: Most clients bank electronically using their phones which double as banking cards where I can transact at will. Not only that, but I can access my insurance digitally, make some policy changes, submit claims and even make sure my claims payments are made to me and I can buy online, trade online and even travel and plan and pay for my holiday online! Insurers have access to my bank details for debit orders and my credit rating via the credit agencies, who themselves hold reams of personal financial and other data about me. So, all in all, there are numerous points of vulnerability for me – from my identity number and details, my banking details, my financial information and standing and my assets and even my wealth and health information and not just locally but internationally as well! For a clever cyber sleuth who puts all of this together, I could become a target for some nefarious move to defraud me through identity fraud, business email compromise, vishing, phishing, other -ings and the list of cyber-crime moves goes on and on.
So what exactly is cyber-crime? Many definitions and explanations abound, but simply put, it is the act of committing a crime using a computer(s), the internet, or a mobile device connected to the internet and employing and deploying specialized software such as exploit kits and ransomware amongst others. The scope of cyber-crime varies from the theft of personal information, illegal access to personal information and or assets right the way through to the illegal distribution of copyright or protected tangible and intangible property
The one aspect that fascinates me as a relative novice is just how many types of cybercrime there are. According to the experts, essentially there are three primary categories of cyber-crime, namely:
- Individual – cyber criminals target individuals and the methods include hacking an email account, sending of spam emails, spying on people, hacking into personal information and then using this to commit theft or fraudulent acts.
- Property – cyber criminals use methods to access or damage or control a person’s computer, mobile device and or other connected devices. This can occur through various means such as deploying ransomware and then holding the user to hostage by denying them access to their own information. Other examples include a denial of access which prevents someone from accessing their systems and or being able to use them.
- Government – the third category includes hacking into government sites and denying them access, deploying trojans and other viruses and holding them to ransom and also stealing classified information.
WHAT’S THE BUZZ ABOUT OUR EXCITING NEW PARTNERSHIP?
UK-based, tech-driven financial services provider, YuLife, has chosen to partner with Guardrisk Life in South Africa – a collaboration that’s set to take the local employee benefits market by storm. The cornerstone of this partnership is Guardrisk Life’s agility and appetite for innovation.
YuLife’s approach to wellbeing in the workplace aligns with Guardrisk Life’s approach to employee benefits programmes. Both believe that employers should provide a holistic solution of protection, prevention and engagement to enhance their employees overall productivity and wellbeing, while still mitigating risk.
Guardrisk Life Limited is an authorised financial services provider (FSP No 76) and a licensed life insurer. YuLife SA Ltd is an authorised financial services provider (FSP No 52478).
There are approximately 17 and 20 known or identified types of cybercrime and, since the pandemic, there has been an estimated 600% increase in the number of cyber-attacks across the globe. Without going through the whole list of these cyber-crimes, here are a few well known and less well known ones.
- AI powered cyber attacks – fairly new on the block but with the potential to cause absolute havoc across all three categories of cybercrime. Examples can include AI-enabled phishing attacks, data poisoning, and malware attacks.
- Copyright infringements – Basically the stealing or illegal use of copyrighted materials without the owner’s permission. In today’s world the biggest losses of copyright cyber crime are music, videos and other content made available online through multiple channels.
- Cyber Harassment – The use of technology to cause someone else stress through the use of offensive language and /or images. This can occur through email or, increasingly, social media. Unfortunately, this form of cybercrime is prevalent amongst our youth, creating mental health issues arising from cyberbullying, amongst others.
- Cyber Stalking – The act of stalking a person online and /or bombarding them with unwanted messages. Typically social media platforms are notorious for this.
- Cyber Vandalism – Typically this includes infesting computer systems with malware and viruses either with the aim of causing files to become corrupted or using them to access and steal confidential information or records.
- Cross-Site Scripting- Commonly referred to as XSS. It is one of the internet-related crimes in which hackers may inject malicious code into a website. This code may be difficult to detect for the owners of the site and its effect is to steal visitors data such as their usernames and passwords.
- Cyber or Turbo Squatting – This is where parties masquerade as the actual owners of a website and dupe unsuspecting users into believing they have actually reached an official site. Often done in order to access personal details and passwords. Also difficult to detect by unsuspecting users.
- Cyberterrorism – This is generally performed via the internet with the intent of causing harm and damage in a way which may inspire fear or disruption of services. Typically these attacks are performed on government databases or websites.
- Denial of Service Attacks (DOS )- are essentially concerted attacks using the internet to make a website or other online service unavailable or unusable to other users. This can be achieved by flooding a website with requests causing it to slow down or crash.
It should be clear then that as our moves to digitalisation increase and we aim to make things easier, more efficient and effective that, conversely, our exposure to cyber crimes (and that of our clients) will increase exponentially. It is evident that subject matter training is required to enable all personnel to be better equipped to deal with the identification and evaluation of risk, and for organisations to continue to improve their cyber security into the future.
In closing, a humorous quote from Brian Krebs, “I’ve come to the conclusion that if you give a data point to a company, they will eventually sell it, leak it, lose it or get hacked and be relieved of it. There really don’t seem to be any exceptions….”