"Business owners and entrepreneurs can increase their protection from cybercrime by hiring a Fraud Insurance Program helping them to mitigate any economic damages if their company falls victim to a scam or fraud."

COVID-19 is not the only issue impacting health, economic, political, and social systems. There is a stronger pandemic spreading across the world — cyberattacks and social engineering fraud. The general public feels more preoccupied and fearful of COVID-19, creating the perfect distraction for cybercriminals to seize upon.

Ransomware as a Service

Ransomware as a Service, a new form of cybercrime, is on the rise. To understand this practice, it's best broken down into two parts.

• Ransomware is a form of cyber extortion in which the attacker gets the victim to install malware encrypting the victim's files, after which the attacker demands a ransom from the victim to restore access to the files upon payment. The cost of the ransom can range from a few hundred to thousands of dollars.

• Ransomware as a Service (Raas) refers to the practice of somebody hiring the services of a cybercriminal to launch a ransomware attack on a victim. Both the hired cybercriminal and the hirer pocket the profits. Ransomware as a Service means an increasing number of people who have never engaged in cybercrime today enter the Dark Web. They hire these attacks for profit, thereby becoming cybercriminals themselves.

A growing number of them feed on the public's fear of COVID-19 by falsely offering applications for a quick COVID-19 test, temperature check, virus mapping evolution follow-up, etc. The application is in reality malware, encrypting the information stored in a computer. It activates ransomware, asking for a ransom in return for access to the encrypted files.

What Is Social Engineering Fraud

Ransomware as a Service has evolved beyond the cyber extortion of individuals, penetrating the sphere of large organizations. It's known as Social Engineering Fraud.

• It typically refers to the practice where hackers pose as somebody in a position of trust within the organization, tricking an employee into disclosing private data. For example, the attacker might email an employee and pose as an IT support person with the aim of tricking the employee into revealing his password, giving the hacker the means to part with company or client money.
• Communications typically tend to be emails and phone calls that urgently prompt the execution of an urgent payment or to execute an account change by an alleged vendor.
• It's a form of psychological manipulation to exert pressure on the employee to comply, with fear of professional reprisals if they don't. Given the economic and the COVID-19 impacts, including job insecurity, cybercriminals take advantage of people's fear of losing their jobs by coercing their victims into taking a certain action.

Many victims also comply due to confusion rather than fear. With a reduced workforce following COVID-19, the remaining employees tend to take on a bigger workload, leading to confusion about the correct protocols to follow and hierarchy to consult before disclosing sensitive data. This leaves them vulnerable to fall prey to fraudulent practices that they would have otherwise detected.

Fraud Management Tools

Even though most companies are aware of social engineering fraud, it's a risk that can be reduced with controls and procedures that all employees must comply strictly with to protect the company from any attacks.

A good starting point is to identify, assess and set out the controls and company procedures around nine specific control and impact areas:

1. Corporate Governance
2. Internal Control
3. Auditing
4. HR
5. Transfer of Funds
6. Physical Security
7. Stock and Inventory
8. Purchasing and Vendors
9. Information Systems

ARPA Risk Assessment Tool

ARPA Risk Assessment is a tool based on knowledge, experience, and data analytics that Aon uses to detect risks and threats, providing the company with:

• A global maturity level to act against fraud in each analyzed control area
• Identification of existing risks
• Proposals to improve business processes
• Synergies among departments

Fraud Insurance Program (Crime)

Business owners and entrepreneurs can increase their protection from cybercrime by hiring a Fraud Insurance Program (such as Crime), helping them to mitigate any economic damages if their company falls victim to a scam or fraud.

At Aon, ARPA's work helps us to implement control steps, thereby maintaining premiums and excesses at a competitive level.

It is worth emphasizing that the insurance market seeks to minimize risk by avoiding a lack of procedures and controls. That is why we insist on the importance of implementing the best risk management practices, where we assess the company's current situation against recommendations for improvement. Tools such as ARPA are crucial to reduce and isolate risk.