Another high profile cyber attack was publicised over the new year, when Travelex, the world’s largest network of bureaux de change with more than 1,000 stores and 1,000 ATMs around the world, announced that some of its services were compromised by ransomware. As a precautionary measure, Travelex immediately shut down all its systems to prevent further spread of the malware across its networks.
Ransomware is a type of malware that prevents or limits users from accessing their systems, either by locking system access or by locking the users’ files unless a ransom is paid. More advanced iterations of ransomware include encrypting certain file types on infected systems and forcing users to pay the ransom through cryptocurrency.
The ransomware attack has had a knock-on impact on foreign exchange services, affecting banks like Lloyds, Barclays, HSBC and RBS. When everyone tallies the financial impact in the aftermath of the ransomware attack on Travelex, it may reach to tens of millions of dollars if not into the hundreds of millions.
In the last few years, there have been several major cyber security breaches involving large organisations. One of the common elements among these targeted organisations is that they host considerable amounts of personal information. Unauthorised access to personal information could lead to illicit financial gain which is the most common driver of data breaches.
Data breaches
The 2019 Verizon Data Breach Investigations Report (DBIR) provides a crucial perspective on cyber threats that organisations face today. The 12th edition of the DBIR is built on real-world data of security incidents and data breaches provided by 73 data sources, both public and private entities, spanning 86 countries worldwide.
Incident refers to a security event that compromises the integrity, confidentiality or availability of an information asset. Breach refers to an incident that results in the confirmed disclosure (not just potential exposure) of data to an unauthorised party.
To combat this, organisations can deploy anti-ransomware technology such as block executables at their email gateway, disable macro-enabled office documents, stopping malicious JavaScript starts and keeping browser software up to date to remove vulnerabilities.
Additionally, staff awareness and training on cybersecurity is also crucial. However, the most important task any organisation could do is make sure that they back up critical data regularly and consistently, at the same time filtering out malicious emails and websites. If a ransomware attack is successful, these organisations would at least have their important data elsewhere for recovery.
According to the Verizon 2019 DBIR, 52% of breaches featured hacking in which 70% are web-application attacks (any incident in which a web application was the course of attack, this includes exploits of code level vulnerabilities in the application as well as thwarting authentication mechanisms), 33% included social attacks, 28% involved malware, miscellaneous errors account for 21% of breaches, 15% were misuse by authorised users, physical theft and loss were 4% of breaches. Many of these actions overlap, hence the percentages are over 100%.
Best practices
Some best practices to prevent breaches are establishing asset and security baseline around internet-facing assets like web servers and cloud services, can include:
- network segmentation: many breaches are a result of poor security and lack of attention to detail;
- performing web application scanning and testing to find potential vulnerabilities: web application compromises now include code that can capture data entered into web forms;
- implementing 2FA (two-factor authentication) on everything, while 2FA is not perfect, there is no excuse for lack of its implementation;
- tracking insider behaviour by monitoring and logging access to sensitive data;
- protecting systems from DDoS (Distributed Denial of Service) which include guarding against interruptions with continuous monitoring and capacity planning for abnormal traffic.
DDoS attacks are designed to overwhelm systems, resulting in performance degradation or interruption of service; staying socially aware, social attacks are effective ways to capture credentials, monitor email for links and executables, conduct awareness training for your staff to report potential phishing or pretexting; last but not least, applying timely patches to your operating and application systems are critical.
In relation to the Travelex cyber attack, a number of interrelated topics have arisen for interesting argument and debate. One topic is, should a ransom be paid? The European Union Agency for Law Enforcement Cooperation (Europol) has regularly stated that paying fuels criminal activities. Initiatives like the “No More Ransom Campaign” encourage victims not to give in to hackers’ demands. However, companies could spend a lot more in recovering operations than in paying the hacker.
It is critical that any organisation implements a cybersecurity framework like the one published by the National Institute of Standards Technology (NIST), as it is intended to help organisations to manage and mitigate cybersecurity risks.
The NIST Cybersecurity Framework is organised into five functions:
- Identify: develop the organisational understanding to manage cybersecurity risk to systems, assets, data, and capabilities.
- Protect: develop and implement the appropriate safeguards to ensure delivery of critical infrastructure services.
- Detect: develop and implement the appropriate activities to identify the occurrence of a cybersecurity event.
- Respond: develop and implement the appropriate activities to take action regarding a detected cybersecurity event.
- Recover: develop and implement the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity event.
Irrespective of the type and amount of data an organisation maintains, there is always someone who is trying to steal it. Having a good understanding of the vulnerabilities and threats that an organisation and its peers face, how they have changed over time, and which hacking tactics are being employed could help to prepare the organisation to manage these risks more effectively and efficiently.
This article was written by Patrick Rozario, managing director, Moore Advisory Services Hong Kong.
-
IFRS 17: Making your financial controls automation truly work for you
- September 26
Shifting towards a more automated and streamlined workstream can free up time for insurers to critically analyse results that inform future financial planning.
-
Flood resilience: Water, water everywhere…
- September 11
Floods are one of the most complex natural perils with highly localised impacts, making them challenging to insure and data is key to the effective design of an affordable product to protect the vulnerable.
-
Maritime energy transition: Data dialogue key to achieving decarbonisation goals
- August 3
Collaboration and shared learning amongst stakeholders will be vital to getting full value from the data captured as well as in achieving regulatory goals. The International Maritime Organisation’s (IMO) greenhouse gas (GHG) strategy is to reach net-zero emissions from international shipping by or around 2050, and there are various checkpoints to meet along the way. […]
-
Contentious losses: Evidence-led forensic investigations stand the test of time
- May 17
Even minor cracks in evidence capture will become exposed when it comes to recovery and repudiation. Forensic investigations form part and parcel of many insurance claims in the Asia-Pac region. Whether a loss is complex, costly, or if there are expected to be questions down the line around causation and liability, insurers and their loss […]
-
AXA XL | Low and no-cost cybersecurity actions for companies
Considering the increasing frequency of attacks, the evolving threat landscape, including the use of AI to launch more sophisticated attacks, companies today can’t afford to ignore the possibility of being targeted by cybercriminals.
-
BHSI | Managing non-Asian exposure in long-tail lines
While US-exposed business can look attractive to Asian carriers, managing the volatility around the long-term results and the ability to model those losses are crucial, say BHSI’s Marc Breuil and Marcus Portbury.
-
Sedgwick | To Handle CAT Claims Well, Multi-Step Preparation is Key
When it comes to risk, it’s not a matter of “if” it’s a matter of “when” an event will occur.
-
HSBC Asset Management | Is it time to relook at Asian currency bonds?
With diversification and performance high on investors’ agendas, it seems a good time for global portfolios to revive allocations in Asian local currency bonds – including Hong Kong dollar (HKD) bonds.
Patrick Rozario, Moore Advisory Services
The lessons from Travelex’s cyber troubles
Patrick Rozario, Moore Advisory Services