The advent of technology and higher penetration has made things easier and convenient. However, as the internet becomes part of our everyday life, so are the dangers associated with it. Part of the danger stems from hackers. A hacker can be defined as a person who uses computers to gain unauthorized access to sensitive data with the sole aim of committing a crime. A hacker can, for example steal information to damage or bring down systems, identity theft or even hold systems hostage to collect ransom.
We all remember the WannaCry ransomware attack that occurred in May this year. The malware targeted computes running the Microsoft Windows operating system and worked by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency. The attack began on Friday, 12th May 2017 and within a day it had infected more than 230,000 computers in over 150 countries. The attacks only stopped when Marcus Hutchins a web security researcher from England figured out a kill switch for the malware which slowed it down and eventually stopped it. However, newer versions of the malware have been detected without this particular kill switch. It was estimated that the WannaCry cyber attack could have led to losses of upto USD 4 Billion.
Back in 2015, there was another cyber attack targeting banks which was not widely covered. The attack known as the Carbanak attack led to the financial institutions losing over USD 1 Billion. The attack started with the hackers sending phising emails to their victims. These emails contained malware and lured them to open. As soon as the victim opened the attachments in the email, the machines became infected with malware and a backdoor was installed into the victim’s PC. After obtaining control over the compromised machine, the hackers used it as an entry point. They then used the bank’s intranet and infected other PCs in a bid to determine which of them could be used to access critical financial systems.That done, the criminals studied the financial tools used by the banks, using keyloggers and stealth screenshot capabilities. Then, to wrap up the scheme, the hackers withdrew funds using the most convenient methods available. They did this via SWIFT transfer, creating faux bank accounts with cash withdrawn by ‘mules’ and via a remote command to an ATM.
These are just some of the examples of the threats that companies face due to cyberattacks. In Kenya an ICT security survey conducted by Kenya National Bureau of Statistics and Communications Authority of Kenya (CA) indicated we lost about Sh18 billion ($175 million). In this market, banks have been the main targets and they have lost substantial amounts of funds. However, they are not willing to admit it due to the reputational risk involved.
The growing risk of cyberattacks on Kenyan enterprises is what led Aon Kenya to launch their cyber risk solution. This is because organizations nowadays rely on systems to conduct their core businesses. In the event of a cyberattack, computer virus or malicious employee brings down these systems, a traditional business interruption policy would not cover the loss. The Aon Cyber Enterprise Solution provides an insurance cover for loss of profits associated with systems outage that might be caused by a non-physical threat like a computer virus.
So if you run or work in an organisation without this insurance i would suggest you get it asap. As it is not a matter of if you will be attacked but when and it is best to be prepared.