James Cotis, Freight & Trade Alliance (FTA) insurance advisor, compiled the following summary from members who agreed to supply details of their experiences on the basis of anonymity:
- A member suffered a ransomware attack. A staff member innocently clicked on a link contained within an email entitled Children’s Birthday Party Photos and released a ransomware virus into their IT systems, locking all of their files. They had backups of their data and thought they would be OK. They were horrified to learn that their backup procedures hadn’t been working correctly for around 18 months…which meant they didn’t have viable data backups. In desperation, they paid two lots of ransom moneys totalling $42,000 in an effort to obtain the decryption keys for their data. Unfortunately, the encryption keys worked for only 85% of their data files. To help make up the 15% of missing data, the member has been contacting their clients, suppliers and others for assistance. Apart from the ransom paid, the member has experienced significant, disruption & labour costs in attempting to recreate the lost data, some of which they believe will never be recovered. The member estimates it will take around seven months to completely resolve.
- A member suffered a phreaking incident. Their phone lines were hacked and expensive calls were made to overseas destinations, including USA, Europe, Asia & the sub-continent. Coincidentally, the business regularly made calls to these regions at that time of the year, so the spike in calls wasn’t seen as unusual activity. It was three months before the fraud was detected, the cost being c. $28,000.
- Two members suffered social engineering/phishing scams. In the first instance, a staff member was tricked into transferring two payments (within a few days of each other), totalling USD$120,000 to a USA bank account by a cyber-criminal impersonating the logistics business’s managing director. Even though the staff member thought both requests were unusual, she noted the words and intonation used in the bogus emails were identical to that used by the managing director, so she didn’t give any further thought about transferring the funds…twice. Clearly the criminals had been watching the MD’s email traffic over a period of time and then simply replicated the MD’s methods of communicating via emails.
In the second instance, a senior staff member was tricked into transferring USD$57,000 to a European bank account by a cyber-criminal impersonating one of the logistics business’s overseas partners. The staff member was suspicious about the transaction and commenced an email dialogue with the “supplier” (who was really the cyber-criminal), asking a series of questions to satisfy himself as to the bona fides of the request. The cyber criminal’s responses were accepted and the money transferred.
Although it seems trite to say, and time zone issues can apply, a simple phone call and conversation with the MD and the overseas business partner to verify the requests would have detected the criminal activity.
When discussing these incidents with the FTA members, recurring themes were evident:
- They were shocked that the incidents had happened;
- They were convinced that their risk management systems and processes were adequate to prevent attacks such as these and used words like “robust”, “foolproof”, “bulletproof” and “couldn’t happen” to describe their systems and the likelihood of a successful fraud against them;
- Their existing information technology service providers did not possess the necessary skills and experienced to be of much help.
Unfortunately, these members did not have insurance policies in place to cover cyber related crime.
Is it time to contact your insurance broker to implement a carefully constructed Cyber insurance program?
Paul Zalai is a director at Freight & Trade Alliance (FTA) www.FTAlliance.com.au