"Business owners and entrepreneurs can increase their protection from cybercrime by hiring a Fraud Insurance Program helping them to mitigate any economic damages if their company falls victim to a scam or fraud."
COVID-19 is not the only issue impacting health, economic, political, and social systems. There is a stronger pandemic spreading across the world — cyberattacks and social engineering fraud. The general public feels more preoccupied and fearful of COVID-19, creating the perfect distraction for cybercriminals to seize upon.
Ransomware as a Service, a new form of cybercrime, is on the rise. To understand this practice, it's best broken down into two parts.
Ransomware is a form of cyber extortion in which the attacker gets the victim to install malware encrypting the victim's files, after which the attacker demands a ransom from the victim to restore access to the files upon payment. The cost of the ransom can range from a few hundred to thousands of dollars.
Ransomware as a Service (Raas) refers to the practice of somebody hiring the services of a cybercriminal to launch a ransomware attack on a victim. Both the hired cybercriminal and the hirer pocket the profits.
Ransomware as a Service means an increasing number of people who have never engaged in cybercrime today enter the Dark Web. They hire these attacks for profit, thereby becoming cybercriminals themselves.
A growing number of them feed on the public's fear of COVID-19 by falsely offering applications for a quick COVID-19 test, temperature check, virus mapping evolution follow-up, etc. The application is in reality malware, encrypting the information stored in a computer. It activates ransomware, asking for a ransom in return for access to the encrypted files.
Ransomware as a Service has evolved beyond the cyber extortion of individuals, penetrating the sphere of large organizations. It's known as Social Engineering Fraud.
Many victims also comply due to confusion rather than fear. With a reduced workforce following COVID-19, the remaining employees tend to take on a bigger workload, leading to confusion about the correct protocols to follow and hierarchy to consult before disclosing sensitive data. This leaves them vulnerable to fall prey to fraudulent practices that they would have otherwise detected.
Even though most companies are aware of social engineering fraud, it's a risk that can be reduced with controls and procedures that all employees must comply strictly with to protect the company from any attacks.
A good starting point is to identify, assess and set out the controls and company procedures around nine specific control and impact areas:
ARPA Risk Assessment is a tool based on knowledge, experience, and data analytics that Aon uses to detect risks and threats, providing the company with:
Business owners and entrepreneurs can increase their protection from cybercrime by hiring a Fraud Insurance Program (such as Crime), helping them to mitigate any economic damages if their company falls victim to a scam or fraud.
At Aon, ARPA's work helps us to implement control steps, thereby maintaining premiums and excesses at a competitive level.
It is worth emphasizing that the insurance market seeks to minimize risk by avoiding a lack of procedures and controls. That is why we insist on the importance of implementing the best risk management practices, where we assess the company's current situation against recommendations for improvement. Tools such as ARPA are crucial to reduce and isolate risk.