The popular press is flooded with news that hackers have violated HBO’s cybersecurity and stolen more than 1.5 terabytes of data, including scripts from undirected episodes of Game of Thrones. As fascinating as this news is to consumers of popular culture, it hides more serious news about the cyberattack, which has far deeper consequences. Consider, for example, the five most significant network hacks in the last few years.
- In 2014, hackers exploited a vulnerability in OpenSSL, using a tool known as Heartbleed, to infiltrate a virtual private network (VPN) that a large corporation used to encrypt data and communications. Individuals and businesses regularly rely on the added encryption provided by VPNs to ensure the confidentiality of communications. This recent hack reveals that even VPNs have their weaknesses.
- A foreign government is believed to be behind a hacker attack in 2015 against insurance giant Anthem Health. This hack has compromised more than 78 million consumer health and insurance records. Most recently, the governments or government representatives of North Korea, China, Russia and the United States have been accused of involvement in hacking activities.
- The ransomware attack on Petya crippled more than 60% of computers and networks in Ukraine in early 2017. Subsequent analysis of the attack suggests that although the attackers wanted a ransom to freeze frozen systems, the attack may have had a sinister moire target. deactivation of the technological infrastructure of Ukraine.
- The Dyn Distributed Denial of Service (DDoS) The attack, which hit a significant number of computers and networks in North America and Europe in late 2016, was the largest cyber attack launched on the Internet. The attack lasted several days, affecting servers used by Twitter, Netflix, CNN and other major web players.
- The Wannacry ransomware the attack in early 2017 was stopped earlier by luck and quick thinking on the part of the people who first noticed it. However, the cyberattack crippled parts of the UK’s National Health Service and enriched hackers who demanded and received more than $ 100,000 to launch various systems and networks.
The scope and scale of these massive cyber attacks must force all businesses, regardless of size, to reevaluate their cybersecurity strategies. In all likelihood, like HBO, the entities affected by these cyberattacks have raised protections against hacking and provided their employees with at least some basic education and training to eliminate human error and behavior that exposes a network of cyberattacks. Yet, as these attacks suggest, even the often-recommended cybersecurity strategies, such as VPNs, are not fully effective against certain groups of hackers, especially if those hackers have government resources behind them.
This does not mean that businesses should give up all hope and give up their cyber defense. Rather, they need to confirm that these strategies are up-to-date and in line with the latest tools and techniques to repel cyberattacks. However, recognizing that none of these tools and techniques will be reliable, businesses must also develop a response plan when they experience a successful attack. Cybersecurity insurance is a mandatory part of this plan.
Cybersecurity insurance will cover the direct loss of a business when a cyber attack damages data and hardware, giving the business some reassurance that its profits will not be fully absorbed by the need to recover these items. Insurance can also protect businesses against third party obligations and regulatory fines that may be imposed when a business loses the personal or financial information of its customers. Depending on the size of the business, a cyber attack can cost from $ 30,000 to $ 2 million or more. Few companies are equipped to bear this type of cost directly. Cybersecurity insurance can cover these losses and allow the business to continue its business with a minimum of interruptions after surviving a cyber attack.