The Expert Podcast

πŸ” Episode Description: 
  • Unlike traditional business risks (like fire, theft, or personal injury), cyber risks are constantly evolving β€” often changing weekly or monthly.
  • Cybersecurity threats such as phishing and ransomware are rapidly increasing in frequency and complexity.
  • Phishing is a form of cybercrime that uses social engineering and technical tricks to steal identities and financial information.
  • Attackers often impersonate executives, accountants, or attorneys to trick employees into giving access to login credentials or sensitive systems.
  • Once inside, attackers may launch ransomware attacks or lock down your system entirely.
  • Phishing attacks nearly doubled from April 2021 to March 2022 β€” from 200,000 to almost 400,000.
  • For the first time ever, over 1 million phishing attacks were recorded in a single quarter.
  • While ransomware attacks have declined in some sectors, financial services and phishing incidents remain high.
  • Emerging threats vary by industry β€” social media, e-commerce, webmail, crypto, and logistics are all heavily targeted.
  • Ransomware is especially high in manufacturing, making up 25% of attacks.
  • Staying updated on current and future cyber risks is essential.
  • Cybersecurity strategies must be dynamic β€” not static β€” and should evolve alongside new threats.
  • Cyber insurance carriers that serve multiple industries can provide valuable insight and updates about the latest trends and attacks.
  • Good cyber insurance partners will notify you of vulnerabilities β€” like new routers being targeted β€” so you can take preventive action.
  • Attackers often use common domain registrars like Namecheap, GoDaddy, and Google to make phishing sites look legitimate.
  • Knowing where a domain is registered can help identify possible threats β€” though it’s not foolproof.
  • For best results, consider outsourcing cybersecurity monitoring to a trusted I.T. provider or ensure your internal team is up to date.

What is The Expert Podcast?

The Expert Podcast brings you firsthand narratives from experts across diverse industries, including private investigators, general contractors and builders, insurance agencies, vehicle specialists, lawyers, and many others.

Unlike other types of risks for your business, cybersecurity and cyber prevention is something which changes on a very frequent basis. Look, the risk you have in your business for things like fire or theft or personal injury pretty much stays the same from year to year. Things having to do with cybersecurity change on a week-by-week or month-by-month basis. Here's a report from the Anti-Phishing Working Group which goes into one area of cybersecurity β€” which is phishing.

Phishing is described as a crime employing both social engineering and technical subterfuge. It basically steals consumers' identity and financial account credentials. So as a company, you may get a message sent to one of your employees that looks like it comes from somebody in authority. It may even look like it comes from somebody's boss or an executive. It may look like it comes from an accountant or an attorney, and it asks that employee to give them a login or give them access to something. And once they get that access, now they can get in.

And lock down your system or do ransomware. And the frequency of this type of crime has gone up dramatically. Look β€” in April of 2021 it was barely 200,000. In March of 2022 it was almost 400,000. So this is almost a doubling of the phishing attacks in a year. In fact, the last quarter was the first time, according to their research, that there were over a million total attacks. There had never been over a million attacks before.

Now here's an important factor: the number of sectors that have seen a decrease in overall ransomware attacks is lower, but the financial services industry is higher β€” and phishing is higher. Most sectors saw a decrease in ransomware. So for the last year or so, ransomware was the big thing to watch out for in cybersecurity. Even in the last few months, that trend has gone down. So these cyber risks are going to be changing on an ongoing basis.

So if you're a company and you have a cybersecurity or cyber insurance interest, you want to stay on the cutting edge of what the current trends are. Six months from now, the risk for cyberattacks or cyber losses may be completely different than what it is now. And that prevention factor is huge. So your cybersecurity efforts have to be dynamic. And if you have cyber insurance, you want to be with a carrier that's giving you constant updates. And that carrier is going to be exposed to the wider range of different industries outside of yours.

What are those industries? Well, look at the breakdown. These are the most targeted industries. It's not one large area. Certainly, financial companies are the biggest percentage, but that’s even only 23 percent. There are many industries that are in the double-digit range: social media, e-commerce, webmail, crypto, logistics β€” they're all significant factors. There’s no very small slices; everything is pretty much evenly distributed. So unless you're in all these industries, you're not going to know what the new emerging trends for cybersecurity are.

And in ransomware, it's even more broken up. Manufacturing is higher at 25 percent, but everything else is 12, 10, 8 percent. There's nothing that's significant other than manufacturing for ransomware. So as you're monitoring your company's risk profile and your loss footprint, you want to make sure that you're staying aware of what the common and emerging losses and attacks are. You're not going to be able to do that unless you hire full-time people to monitor the threat exposure.

A good cyber liability policy will connect you almost as a partner with an insurance company that is insuring all these industries. They have policies in all of these sectors, so they'll know what the emerging trends are, and they can give you a heads-up. Look β€” be aware that this type of router is being attacked, and you might want to lock down yours.

If you really want to scroll down deep into some other trends: registrars used to register attack domains. What this means is all of these hackers use a website that makes it look like they're a legitimate business. These websites are normally hosted on free registrars β€” Namecheap, GoDaddy, Google, these other registrars. So if you see a company that's trying to connect you with a login, you can look to see where their domain is registered to get a perspective on what's the probability that it's a hacker domain.

It’s not foolproof because there are some legitimate companies on Namecheap and GoDaddy, but you want to make sure that you're looking at the odds and percentages β€” if you're going to do this in-house and not outsource it to an I.T. company.