As the fashion and apparel industries begin to recover from the wake of the pandemic, a focus on organizational resilience has never been more important. Developing true resilient organization means considering even newer and ever-evolving risks like cyber security. While increased reliance on technology has helped improve operations across industries, it has also increased cyber risk, leading to the compromise of clients’ financial data, costly recovery and potential damage to your reputation.
As the cost of data breach recovery continues to rise each year, the risk of cyber threats will also continue to rise across industries throughout 2022. According to the 2022 Allianz Risk Barometer, an annual report identifying the top corporate risks for the next 12 months and beyond, cyber incidents top the barometer for only the second time in the survey’s history, with business interruption dropping to a close second. When addressing concerns about your operation’s online safety, the first step is to acknowledge the existing cybersecurity risks that expose an organization to a hacker’s malicious attacks. Some of the most common cyber risks and threats for businesses are:
Malware
Malware is malicious software that cybercriminals insert into a company’s web pages or web files after they’ve penetrated the business’s site. Bad actors then use malware to steal sensitive corporate data. Malware can also redirect a company’s web pages to other sites and insert pop-up ads onto a company’s web pages or website. Common malware examples
are viruses, trojan viruses, ransomware and spyware that exfiltrate data in mass amounts. Removing malware requires constant network scanning so hackers can be identified quickly, and malware can be removed from the company’s network.
Ransomware
Ransomware is malicious software that gains access to sensitive information within a system, encrypts the information so the user cannot access it and then demands a financial payout for the data before it is released. The first step in a ransomware attack is infection, which occurs when a user visits a security- compromised website. Ransomware is typically part of a phishing scam; by clicking a disguised link, the user downloads the ransomware. Ransomware infections are specifically focused on users with higher levels of permissions, such as administrators, to inject malicious code.
Once the code has been delivered and executed on a system, either locker ransomware shuts users out of a system or crypto ransomware encrypts data using advanced mathematical encryption keys. In almost every case, the user or owner of a targeted system will receive instructions on how to regain access. A ransom is clearly presented, along with preferred denomination and payment method and sometimes a deadline for payment.
Phishing
Phishing is a cybercrime in which a target is contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details and passwords. The phished information is then used to access important accounts and can result in identity theft and financial information. Other forms of phishing include vishing (voice phishing), smishing (SMS phishing) and whaling, which utilizes emails purportedly from one of a company’s senior figures.
Data breaches
A data breach exposes confidential, sensitive or protected information to an unauthorized person who then views or shares the files in the data breach without permission. Data breaches happen most often because of weaknesses in technology or in user behavior and are not always caused by an outside hacker.
Serious damage is possible if a hacker steals and sells personally identifiable information (PII) or corporate intellectual data for financial gain or to cause harm. Common vulnerabilities targeted in data breaches include weak and stolen credentials, compromised assets, payment card fraud, third-party access and the use of personal mobile devices in the workplace.
Best practices to avoid a data breach include patching and updating software, high-grade encryption for sensitive data, upgrading devices when a manufacturer no longer supports software, enforcing “bring your own device” security policies, enforcing strong credentials and multi-factor authentication and educating employees on best security practices and ways to avoid socially engineered attacks.
Working with a knowledgeable insurance specialist who understands these emerging risk and compliance exposures and negotiates coverage that is customized toward your needs is key in procuring protection and preventing additional disruption to your business.
Frank DeLucia currently serves as senior vice president of Hub International Northeast, a leading, full-service global insurance brokerage. With over three decades of experience, Frank specializes in building insurance and risk management programs for the real estate and apparel industries and is a long-time active member of the Fashion Service Network. Frank can be reached by phone at (212)338- 2395 or at frank.delucia@hubinternational. com. For more information on Hub, visit www. hubinternational.com.
