www.insurancebusinessmag.com
Open in
urlscan Pro
2606:4700:10::ac43:ca7
Public Scan
Submitted URL: https://t.kmnewsletters.com/ga/click/2-3312338-135-59745-118389-1621573-a80fe1ef0d-lae4cc3056
Effective URL: https://www.insurancebusinessmag.com/asia/risk-management/cyber/professional-service-firms-facing-increased-cyber-risks-427885.aspx?u...
Submission: On November 24 via api from SG — Scanned from DE
Effective URL: https://www.insurancebusinessmag.com/asia/risk-management/cyber/professional-service-firms-facing-increased-cyber-risks-427885.aspx?u...
Submission: On November 24 via api from SG — Scanned from DE
Form analysis
0 forms found in the DOMText Content
CONTINUE TO SITE CONTINUE TO SITE * UK * US * CA * AU * NZ * Asia * * * Toggle navigation * News * Breaking News * Columns * Broker Perspective * TV * Features * Interviews * Opinion * Broker focus * Business strategy * Risk Management * News * Profiles * Geo-Political * Financial * Cyber * Operational * Regulatory * Resources * Premium content * IB Talk * Diversity & Inclusion * White papers * Featured content * Guides * Insurance Companies * Best insurance * Specialty * Construction * Cyber * Environmental * Hospitality * Marine * Motor * Natural Catastrophe * Professionals Risks * Property * SME * Technology * Contact us * Contact us * E-newsletter * Authors * Regular Contributors PROFESSIONAL SERVICE FIRMS FACING INCREASED CYBER RISKS by Gabriel Olano 18 Nov 2022 SHARE PROFESSIONAL SERVICE FIRMS FACING INCREASED CYBER RISKS | INSURANCE BUSINESS ASIA The professional services sector has seen significant growth over the past few years, spurred by globalization. However, this growth is also accompanied by increased exposure to risks, especially those of a technological nature. Beazley’s latest Cyber Services Snapshot report revealed that professional service firms are increasingly being targeted by cyberattacks. According to the report, professional services companies have seen a higher volume of fraudulent instruction attacks and almost as many business email compromise incidents so far in 2022 compared to the whole of 2021. Bala Larson (pictured above), head of client experience at Beazley, told Corporate Risk and Insurance that professional services firms are lucrative targets for cybercriminals due to their data-rich environments, including data about their own B2B clients. “In some cases, they might hold onto data for very long periods of time, even after it is no longer useful,” Larson said. “This is especially dangerous because some of that data might be sensitive, such as passwords and access to business clients’ IT systems and infrastructure. If leveraged, this data could give a threat actor a good idea as to who their next targets should be.” Hackers may also exploit a professional services firm’s good name and reputation to bypass the defenses of that firm’s clients, as they are often part of trusted email domains and other whitelists. “This is one of the reasons why fraudulent instruction and business email compromises are so common with these organizations,” Larson said. “Not only are these firms often trusted by other parties, but they also usually have intimate knowledge of legitimate transactions with large financial consequences. These transactions present lucrative opportunities for threat actors to hijack conversations and misappropriate the trust of these firms for their financial gain.” WHAT ARE FRAUDULENT INSTRUCTION ATTACKS? According to Larson, fraudulent instruction occurs when someone is tricked into making a payment or transferring money by someone purporting to be a vendor, client, or authorized employee. These often involve spoofed emails and communications from compromised vendors. “What makes this form of attack so appealing to threat actors is the low barrier for entry,” Larson said. “Rather than attack computers, most of these deceptions target the relationships between people. Because attackers leverage the bonds of trust in these attacks, some people may not push back on unusual requests to redirect funds because these are unusual times. Resistance to these attacks may also be lower in relationships when there is significant trust, or when a new relationship is in its early stages and there is a greater desire to make the other party happy.” Larson provided several tips on how professional services firms, as well as other businesses, can mitigate risks related to fraudulent instruction. These are: 1. Always verify requests for changes to payment instructions or sensitive data through a separate, trusted channel (e.g., for an email request, call your contact at a number you know is accurate; don’t trust info that a criminal may have supplied). 2. Conduct anti-phishing training for your team. 3. Implement multi-factor authentication. 4. Do not wire funds to bank accounts whose details have changed during the past 24 hours. Larson also highlighted general cybersecurity guidelines contained in the Cyber Security Snapshot report. Risk managers and decision-makers should not only understand these but also communicate these to the entire organization. 1. Know your assets – many organizations think they have good asset management capabilities, only to discover after an incident that this was not the case. Asset management tools can help you understand your system, leading to informed longer-term decisions. Your organization’s asset management inventory system should include an asset discovery tool that continuously maps devices on your internal network, an up-to-date asset database, and an up-to-date configuration management database. 2. Don’t just rely on what you think you know based on previous inventories. Keep doing continuous discovery on your network to find new or modified endpoints. When you discover a new asset, proactively investigate to understand why it's not in the inventory and take steps to ensure this doesn't happen again. 3. Don’t forget to install security patches and factor in end-of-life planning. Vendors commit to sending regular updates to fit security flaws until the promised period ends – after that, organizations can continue using the version, but there will be no further fixes for vulnerabilities or performance issues. It’s essential that organizations plan for this. 4. Remember that this is not just a technology issue – it’s about people and processes. Your people have to know what assets they have and divide the responsibilities for managing those assets appropriately. The key is having leadership in place that understands the importance of asset management, knows how to maximize the technology they have or are likely to purchase, and is willing to plan out future changes over time and execute consistently. SHARE Fetching comments... Please enable JavaScript to view the comments powered by Disqus. LATEST IB TALK INSURANCE - THE WEEK IN REVIEW NOV. 14-18 LATEST NEWS * GENERALI APPOINTS CEO OF HONG KONG BUSINESS Executive has held underwriting roles in the US, Europe, and Asia * CLIMBING BENEFITS COSTS TOP CONCERN OF APAC BUSINESSES – AON Pandemic has caused significant shift in employee work motivations * ALLIANZ REVEALS KEY TRENDS DRIVING MARINE CLAIMS ACTIVITY Economic and geopolitical pressures show significant effect on claims values Submit a press release SPECIAL REPORTS 5-STAR INSURANCE INNOVATORS 2022 View report * UK * US * CA * AU * NZ * Asia * People * Terms & conditions * Privacy policy * Conditions of use * About us * Contact us * Sitemap * RSS * * * * Copyright © 2022 KM Business Information Australia Pty Ltd × We Value Your Privacy Settings NextRoll, Inc. ("NextRoll") and our advertising partners use cookies and similar technologies on this site and use personal data (e.g., your IP address). If you consent, the cookies, device identifiers, or other information can be stored or accessed on your device for the purposes described below. You can click "Allow All" or "Decline All" or click Settings above to customize your consent. NextRoll and our advertising partners process personal data to: ● Store and/or access information on a device; ● Create a personalized content profile; ● Select personalised content; ● Personalized ads, ad measurement and audience insights; ● Product development. For some of the purposes above, our advertising partners: ● Use precise geolocation data. Some of our partners rely on their legitimate business interests to process personal data. View our advertising partners if you wish to provide or deny consent for specific partners, review the purposes each partner believes they have a legitimate interest for, and object to such processing. If you select Decline All, you will still be able to view content on this site and you will still receive advertising, but the advertising will not be tailored for you. You may change your setting whenever you see the Manage consent preferences on this site. Decline All Allow All Manage consent preferences