AXA, one of the largest international players in the GCC and the no. 1 global insurance brand* for the 10th consecutive year, has some helpful advice for businesses worried about cyber-attacks affecting their operations.
Despite having one of the highest internet penetration rates in the world (91.9% in 2017 in UAE), there is very low awareness of cyber risks in the region.
Businesses that are trying to cut costs and save money, by not taking proper security precautions, can face serious consequences should they fall victim to a cyber-attack.
In the past, attacks were mainly focused on individuals and their credit card data; however, increasingly attacks are becoming larger in scope and are now threatening organisations of all sizes. These highly sophisticated, well-thought-out attacks are causing businesses owners throughout the region to sit up and take notice. Many organisations regardless of their size, are beginning to consider insurance for their systems and data, much in the same way that they protect their physical assets from thieves.
To this end, AXA advises all businesses to look out for the following five most common types of cyber-attacks:
- SPEAR-PHISHING: Spear-phishing is a targeted attempt to steal sensitive information such as account credentials or financial information from a specific victim. Attackers disguise themselves as a trustworthy source to acquire sensitive information, typically through email or other online messaging platforms. This is currently the most successful form of acquiring confidential information on the Internet, accounting for 91% of attacks.
- BRUTE FORCE ATTACK: Brute force attacks are used by criminals to crack encrypted data. This type of attack is a trial-and-error method used to obtain information such as a user’s password or personal identification number (PIN). In this attack, automated software generates a large number of consecutive guesses as to the password needed to access data.
- CROSS SITE SCRIPTING (XSS) ATTACKS: Cross Site Scripting (XSS) is a common attack that injects a malicious code into a vulnerable web application. XSS does not directly target the application itself. Instead, the users of the application are the ones at risk. Depending on the severity of the attack, user accounts may be compromised, misleading users into willingly surrendering their private data.
- DISTRIBUTED DENIAL-OF-SERVICE (DDoS) ATTACKS: A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt normal traffic to an organisation’s computers or network by overwhelming the target with a flood of Internet traffic. A DDoS attack is like a traffic jam clogging up a highway, preventing regular traffic from arriving at its desired destination.
- MALWARE ATTACKS DISTRIBUTED BY EMAIL VIA ZERO DAY VULNERABILITIES: A vulnerability can pose serious security risks because malware can infect a computer through otherwise harmless web browsing activities; such as viewing a website, opening a compromised message, or playing infected media. The term “zero-day” refers to a newly discovered software vulnerability and the developers have “zero days” to fix the problem that has just been exposed. Vulnerabilities can be the result of improper computer or security configurations and programming errors. If left unaddressed, vulnerabilities create security holes that cybercriminals exploit.
AXA recognises that cyber insurance may be perceived as complex, and as such are actively trying to bring a greater simplicity and transparency to their products.
Ricardo Arroyo, Chief Commercial Lines Officer at AXA in the Gulf, advises; “According to the World Economic Forum (WEF) and Marsh, cyber risk is the number one concern of business leaders in the Middle East.
“We recently launched our Cyber Insurance product in the UAE and we want business leaders to recognise that cyber insurance can offer them peace of mind, protecting their organisation, their customers and their shareholders.
“We also recommend that customers be clear on what cover they are getting, as not all cyber insurance is the same. Of utmost importance is knowing exactly how an insurer will deal with a claim should it arise.”
“AXA offers a risk assessment and eligibility checks to inform you about the security level of your existing cyber set-up and provides you with round-the-clock assistance in the case of a cyber-attack in order for your business to go back to normal at the earliest.
“In the event of a suspected attack, a customer can call 800 AXA CYBER. We would then deploy the necessary experts to investigate and remedy the attack on-site as necessary.”