Chubb and Microsoft chart the evolution of cyber crime

By William Girling
A new white paper co-authored by Chubb and Microsoft tracks the mounting risks and dangers associated with cyber crime’s increase...

A new white paper co-authored by Chubb and Microsoft tracks the mounting risks and dangers associated with cyber crime’s increase.

With an increased emphasis on cybersecurity becoming particularly important in the wake of remote working practices, the companies opted to focus on emails in particular as a gateway to risk. 

Among the statistics cited in the report to emphasise the extent of the problem are:

  • 467,361 complaints forwarded to the FBI’s Internet Crime Complaint Center in 2019 alone (almost 1,300 per day).
  • Over US$3.5bn in individual and business losses.
  • One instance wherein $75m was redirected to a cyber criminal’s account following a Business Email Compromise (BEC) scam.

Combating sophisticated fraud

Regarding the latter point, Patrick Thielen, Senior VP at Chubb North America Financial Lines, commented, "BEC attacks serve as a prime example of how cyber crime is quickly evolving.

"As employees become savvier about not clicking on unfamiliar links or downloading unknown attachments, cyber criminals are just as quickly pivoting to different means—hijacking email accounts and impersonating executives. 

“These sophisticated fraud schemes often result in employees erroneously transferring money to criminals under the auspices of their bosses' supposed directions."

Indeed, the white paper notes that there are three primary ways to perpetrate email impersonation:

  1. Brute force using specially-developed software to crack email passwords.
  2. Credential harvesting by exploiting people’s general inclination to use the same (or similar) password for multiple functions.
  3. Phishing the information through fraudulent emails that often request the user to change or reveal their personal information.

Therefore, Chubb and Microsoft recommend the speedy adoption of multi-factor authentication that bolster baseline password security (which alone contributes to 80% of breaches). The report notes three aspects:

  1. The most simple is a password or verification code known only to the individual user.
  2. Next, a registered and secure device should be linked to all restricted activities. 
  3. Finally, some form of biometric authentication (such as a fingerprint) should be used, as this is the most difficult layer to overcome by remote hacking.

It makes sense that technologically sophisticated problems would require an equally sophisticated solution. Acting fast and making the investment, states Joram Borenstein, General Manager of Modern Work and Security Partnerships at Microsoft, is the optimal solution: 

"The old saw of an ounce of prevention being worth more than a pound of cure remains true in the cyber world. By layering authentication across multiple factors, consumers and employers make it harder for criminals to breach defences and get at your business and personal data."

Share

Featured Articles

Verisk 2024 Global Modelled Catastrophe Losses

Insurance and insurtech firms need to harness advanced risk modelling to tackle rising catastrophe losses, driven by climate change and urban expansion

ServiceNow and Deloitte Webinar: Maximising Productivity

Live on 12th September, ServiceNow and Deloitte will discuss how to boost productivity in financial services, highlighting 2024 strategies for success

Arch Insurance, Cytora Partner for Risk Intake Digitisation

Arch Insurance can leverage the scalability of the Cytora platform to implement these enhanced processes across its operations in North America

What is an Insurance API?

Technology & AI

Cyber Insurance & Robust Cybersecurity Measures: An Analysis

Insurtech

The Uncertain Future of Wefox: Mubadala’s Internal Dispute

Insurtech