A Financial 'Field Guide' to Cyberattacks

Have you ever wondered why cybercriminals attack small businesses? While some hackers infiltrate SMB networks to test their chops or vandalize webpages, the majority of attackers use their skills to make money. So, in a way, it is helpful to view cybercrime as a type of (illegal) business strategy.

For instance, if a successful cyberattack cost the victim tens of thousands of dollars in business loss or extortion, but cost the hacker only a few bucks to launch, then the return on investment is simply too profitable to pass up; especially knowing that small business' lack the security protocols to stymie cybercrime.

The key is to understand that hackers are highly motivated to hurt your company because it is rewarding and lucrative. Defend yourself by investing in cyber insurance from CyberPolicy.

Below are a few common cyberattacks and how much you can expect to lose if you are hit.

The Dangers of a Distributed Denial-of-Service Attack
Perhaps you've heard of a distributed denial-of-service or DDoS attack. For those who don't know, a DDoS attack utilizes an army of malware-infected computers or 'bots' to flood a site or service with phony web requests until it crashes, preventing legitimate visitors from reaching your site.

Launching a DDoS attack is incredibly easy thanks to free online software programs (often disguised as 'network stress testing') or for-hire services (which can cost as little as $5 per hour).

The damages to businesses, of course, is much higher. Incapsula estimates that 49 percent of DDoS attacks last between 6 to 24 hours, and 36 percent cost between $5,000 and $19,000. Could your business handle those kinds of losses?

DDoS attacks can be used as part of an online protest, a 'smokescreen' for additional attacks or as a method of digital extortion (similar to ransomware).

A Ransomware Scare
Ransomware, on the other hand, is a specialized form of malware which uses encryption to lock a device or network from the inside until a lump sum is paid. Since employees are unable to access their own tools and services, some organizations decide to pay the ransom, rather than suffer the downtime of such an attack.

Again, ransomware software is available on the dark net for only a few dollars and is often spread through spam email campaigns which are virtually free to implement. According to Dark Reading, average ransom fees range from $200 to $10,000.

Dark Web Data Dump
But crashing your operations isn't the only way hackers can make money victimizing your SMB. Another lucrative method is to steal your data and resell it on the dark web.

There are dozens of ways to pilfer information, including social engineering scams, spear phishing emails and password cracking, just to name a few. Each of these attacks are relatively inexpensive for the cybercriminal, and free tutorials are available for newbie hackers or script kiddies.

Depending on the data stolen, the hacker can make a lot of money. For example, a single medical record averages a $60 payout. But cyber crooks rarely steal just one record. They typically swipe hundreds or thousands at a time.

The cyber victim's business, conversely, could face exorbitant class-action lawsuits for leaking customer information or suffer reputational damages (which are hard to quantify). According to the Ponemon Institute, the cost per stolen record averages between $154 and $217.

So, ask yourself... Would you rather pay pennies a day for a cyber insurance policy to protect your small business, or, fork over tens of thousands of dollars to a hacker? Do the smart thing and invest in CyberPolicy today!

© 2016-2020 CyberPolicy, Inc. All rights reserved. CyberPolicy®, "Plan. Prevent. Insure."™, and "CyberCheckup"™ are trademarks of CyberPolicy, Inc.
DBA: CyberPolicy Insurance Solutions CA License No. 0L13180
DBA: CoverHound Insurance Solutions CA License No. 0H52375