Companies across the globe have been fighting cyber attacks for years, but the sophistication, frequency and intensity of attacks is increasing.

Due to the skill level required to execute attacks, these attacks were previously focused on larger organizations as they represented the deep pockets necessary to finance a return. As the tools have become more ubiquitous, however, the targets have trended heavily toward small to midsize companies of less than 1,000 employees and $1B in revenue—where many environmental services companies live.

There are many reasons why the environmental services industry is vulnerable to cyber attacks, but there are a few key issues.

• It has become incredibly easy for cyber criminals to execute attacks. These attacks once required specialized knowledge, but the rise of the hacking business model of ransomware-as-a-service has brought effective hacking tools to the hands of criminals that previously lacked the knowledge to execute such attacks.
• Business rely on online tools more than ever before, and have become more willing to quickly pay to restore their business operations. The rise of privacy laws and associated lawsuits has offered attackers an additional incentive to request quick or even double payment as a company’s liability has expanded from network breach to data privacy protection.
• Many organizations have not updated their security approach. They continue to rely on traditional preventative methods instead of a more layered approach that combines preventative measures with proactive solutions. This is either due to lack of awareness or the impact of the perceived “inconvenience” it causes their end users.
• Many companies cannot afford to hire dedicated cyber security professionals to architect solutions to the issues above.

Common Cyber Attack Methods

There are a multitude of ways cyber criminals operate, but there are probably a few efforts you’ll recognize, such as:

• Phishing: providing a false website or link to extract your credentials or other important information that will be used in other attack vectors
• Spoofing: mimicking a trusted resource within your company to affect a bank change, payment or gift card fulfillment
• Business email compromise: where a hacker will use your email to phish or spoof a partner
• Network or data breach: where hackers will gather information within your environment for sale on the dark web or provide addition vectors of attack

The reality is that hackers are showing much more sophistication in not simply executing the above, but leveraging this into more complex and long life end goals where they monitor and learn your behavior to send false invoices into your AP department, request false direct deposit/bank requests into your finance department, or even attack your partners with false bank change information to siphon off your receivables.

For more environmental information, contact INSURICA today.

This article is not intended to be exhaustive nor should any discussion or opinions be construed as legal advice. Readers should contact legal counsel or an insurance professional for appropriate advice. © 2022 Zywave, Inc. All rights reserved.