If you’re not familiar with the dark web, it’s a pretty scary place. You would probably just as soon never know what’s there, but then, the only way to protect yourself from bad people doing bad things is to understand who those people are, what they want, and how much damage they can really do.
Cyber-crime is very diverse. There are hackers who work alone, and there are large and small hacker networks. Some are run like businesses, meaning that they are simply looking to make a buck however they can. Others are politically motivated, meaning that they are trying to disrupt the business systems of particular organizations that they target for ideological reasons.
Of course, whether a hacker works alone or as part of a crew, there can be a certain amount of ego involved as well. Hackers may consider it a point of pride to take a well-known business or government agency offline for a period of time, and certainly there are hackers who will use their skills to carry out vendettas against anyone that they believe has slighted them.
Every business needs to be worried about hacking and other cyber-attacks. It’s well-documented that any computer or network that is connected to the Internet is constantly being probed for vulnerabilities by other computers. It’s impossible to know what the people controlling those computers intend to do if they discover a vulnerability in your system, but suffice to say that it’s probably not good. At best, they may want details about your business in order to target you with marketing materials. At worst, they want to take over control of your network and extort money from you.
You know your business, so you probably know if someone might want to intentionally target you for an attack, whether it be a disgruntled former employee, dissatisfied customer, or someone who disagrees with your political views. The likelihood of a targeted attack of this kind is fairly low for most businesses, but can’t be completely discounted.
The more likely scenario is that your business will become the victim of a hacker network that is run like a business, sending out thousands of phishing emails at a time to random email addresses, and hoping that someone will click on a link or attachment in that email. If you or one of your employees clicks on one of these links (which probably looks like they are from a legitimate source), you could be allowing the online bad guys to install software in your network, and that could set off a chain reaction of events, none of them good.
There are a number of different scams, using a number of different malware. Here is one example that’s quite common these days:
You click on a link in an email that seems to be from your bank. That link installs keylogger software on your computer, which allows the bad guys to see everything you enter on your keyboard. Eventually, they will capture your passwords for key business systems. Then they will log in as you, and install ransomware. This will completely freeze you out of your system, and the only way you’ll be able to get back in is by paying a ransom (usually in the form of Bitcoin), of several thousand dollars. Paying the ransom may not even be the end of your problems, as malicious code may remain on your system for a future attack.
In this case, all the hackers want is money, maybe $25,000, but the cost to your business will certainly be much more than the ransom they’re asking for. For starters, you’ll need to call in an IT forensics expert to scan your system to make sure that the malicious software is completely gone. Then there’s the cost of having your website and/or other systems down for a day or more while you deal with the problem.
Of course, given Canadian rules about the privacy of personal information, if there is any evidence that the cyber-attack exposed your customers’ personal, health or financial information, then you’ll be on the hook for notifying those customers of the potential risk. You may be required to offer customers free credit monitoring, and even with those precautions, you could get sued if your customers suffer damages as a result of the breach. A $25,000 ransomware attack can easily cost your business hundreds of thousands of dollars, and could even drive you out of business.
Sometimes a hack doesn’t play out that way at all. Your systems could become compromised, and the hackers could do nothing with that information at first. Instead, they can try to sell your passwords and other sensitive information, or that of your customers, on the dark web, and that’s where people holding a grudge against your business could find it. Perhaps more worryingly, several different strands of your companies private information which are harmless in themselves, can be aggregated and compiled into a much more dangerous weapon over a few years in the dark web.
At Mitchell & Whale, we have considerable resources available on cyber-crime, cyber-security and of course, cyber insurance, to help your business take the necessary precautions to avoid a significant data breach or other hack. We also partner with the very best cyber insurers in the business, who can provide affordable coverage that will protect you financially in the event of a hack, and give you access to an elite cyber-recovery team that will help to minimize the impact on your business should you fall victim to cyber-crime. Give us a call today.
Want to add to this story? Let us know in comments below! Mitchell & Whale is a fast-growing insurance brokerage in Ontario, striving to make insurance _not suck_ one customer at a time. Give us a call today to discuss any of your insurance needs at 1.800.731.2228.