What Are We Talking About When We Talk About Cyber ​​Risk


Smart work. Teleworking. Teleworking. Since 9 March 2020 (which now seems so far away!), the first Ministerial Decree extended the ban on travel for unnecessary reasons to the whole of Italy, as well as the closure of cinemas, clubs, museums and every gathering centre, inaugurating what would go down in history as «the first quarantine», we have seen quite a few changes. Driven by the need to adapt to the new logic of social distancing, from that moment on the job market had to roll up its sleeves: it is precisely because of the measures put in place to contain the spread of the COVID-19 virus, in fact, that in the last two years there has been massive talk of the so-called «smart-working», or «agile working», to put it in Italian.

There is no doubt that smart-working, a very precious tool, has brought with it a long series of advantages, making it easier for workers and promoting greater flexibility in the organization of time, but every coin always has two sides. Alongside the positive sides, in fact, smart-working has exposed companies, large or small, to new forms of danger and professional risks: in particular to the phenomenon of Cyber ​​risk and more generally of cyber attacks.

The Strange Case of Dr. Jekyll and Mr. Hyde: the other side of the digital revolution

The future is digital. We’ve been hearing this for years. In an era in which everything (including Lokky’s insurance) is done and undone through a smartphone, it was only a matter of time before computer archives replaced the long dusty shelves full of folders, paperwork and documents in every office, even in the workplace. Digital tools have become the main means of survival for many businesses: bars, restaurants and take-aways have had to equip themselves to offer an entirely online booking service, just as shops and any commercial activity (from clothing brands to supermarkets) have had to adapt to digital marketing rules and home deliveries. In essence, the pandemic has only accelerated a change that was already inevitable.

For every Dr. Jekyll, however, there is also a Mr. Hyde: Cyber ​​Risk, which exposes all professional sectors to the possibility of being victims of a cyber attack.

According to what was established by the Institute of Risk Management, Cyber ​​Risk consists of any risk of financial loss, destruction or even simply damage to the reputation of a brand, company or commercial entity that is attributable to a malfunction of the IT system.

In other words, the Cyber ​​Risk (or IT risk) is the more than common risk of incurring huge economic losses due to the occurrence of some harmful events, whether accidental or actual malicious actions aimed at damaging the IT system of a company or commercial reality (hardware, software, databases, etc.).

Because Cyber ​​Risk is a danger that does not only affect large companies

The media is filled every day with news that tell of cyber attacks, both by human hands (hackers) and by means of malware (including ransomware), and their consequences. It is no coincidence that Cyber ​​Crime attacks are in seventh place in the World Economic Forum (WEF) ranking, which in addition to taking them into account also evaluates the severity of the impacts on the economic/financial lives of the victims.

It’s a fact: cyber risk is not a distant danger. You don’t need to be the owner of large companies to have experienced an episode of Cyber ​​Crime, as could be the case, for example, with a hacked profile. Cyber ​​Risk represents one of the greatest dangers for all commercial activities, large or small, and as such should not be underestimated.

What is an IT Risk?

Cyber ​​Risk, in more detail, can manifest itself in two main ways: firstly it could be a IT RISK, which consists of all the consequences resulting from accidental damage to computer systems. Think of the case of a fire, a short circuit, or why not, even a wrong decision or inaccuracy of the IT technician in question, or the most banal of occurrences, if the power were to go out. In this case, however high, the risk does not translate into a crime.

What is a Cyber ​​Crime?

The case in which a real event occurs is different CYBER CRIME, a computer crime, which consists of all the risks connected to real criminal activities carried out against the victim (whether it is a small or large company, but also a simple user) at the hands of a third party.

These are all those criminal phenomena linked to computer piracy whose name is very often not even understood: computer fraud, damage to data, programs and archives, unauthorized interceptions, up to the unauthorized reproduction of protected programs and documents, different types of operations carried out by the figure of a cyber criminalusually a hacker or computer pirate.

The main types of cyber attacks

Among the CYBER CRIME IT risks, some have forcefully entered everyday language. Among the most common (but no less dangerous), aimed at the violation of personal data (data breach) we note:

Malware: in computer language, malware indicates any computer program that is used for criminal purposes to disturb the operations carried out by a computer user, whether it is a commercial business or a private user. This is what until the 1990s was simply called a «virus», nothing more than a «malignant» application that is mainly used to access a third-party device, for example to collect private information, create malfunctions or encrypt data.

Ransomware: a «malicious» computer program, a type of malware that infects a device and prevents access, forcing the payment of a ransom («ransom» in English) to access it again. Ransomware can also arrive just through a simple email, an attachment, a link or an advertising banner, or an app to be installed, but also with websites created specifically to infect the system. Not to be underestimated: an «infected» device can also infect others connected to it.

Phishing: a type of computer scam which consists in trying to extort personal information from the victim, including sensitive data such as passwords or access codes, by pretending to be a reliable body (for example banks, insurance companies, post offices and others). They usually manifest themselves through “counterfeit” emails containing familiar signs and logos. This is a crime that falls within the broader family of social engineeringa Cyber ​​Crime technique that focuses precisely on the manipulation of people/users.

A curiosity: the term «phishing» is a variant of «fishing», which literally means «to fish» in English and refers to the invention of increasingly sophisticated techniques to «fish» for sensitive user data.

DoS/DDos attacks (Denial of Service): cyber attacks that attempt to interrupt the continuity of a service, thus making some services inaccessible.

Spam: the obsessive sending of messages (email messages, chats, tag boards, forums, Facebook and other social network services) repeated at high frequency or of a monothematic nature such as to make them unwanted (generally commercial or offensive), usually through generic, unverified or unknown addresses. Also known as «junk mail».

A curiosity? The term originated from a Monty Python comedy sketch, which aired for the first time on 15 December 1970 (season 2, episode 12), in which a waitress recites the list of a menu of dishes, but repetitively (to the point of becoming grotesque) intersperses the term «Spam», nothing more than a brand of canned meat. «Eggs and Spam, sausages and Spam, Spam, eggs and Spam, Spam Spam, bacon and Spam». The result? The customer quickly develops a real reluctance for the proposal.

The importance of Cyber ​​Insurance

Whether it is a human error (for example an oversight on the part of an employee who lets viruses and malware enter the system), an accidental event or a real cyber attack (Malware, ransomware, phishing, DoS/DDos attacks, spam), the gist does not change: Cyber ​​Risk is a real risk and underestimating it would mean leaving room for crime to infiltrate even the smallest, perhaps naive commercial activity. A risk that, nowadays, is just not worth taking, especially considering the quantity of solutions available on the market.

To deal with the growing threat of damage to the IT system (and all the consequences both in the short and long term), in recent years various insurance policies called «Cyber ​​Insurance» (literally «Cyber ​​Insurance»), or «Cyber ​​Risk policies» have been created: policies and insurance packages that offer different coverage options and focus both on the loss/violation of sensitive data (data breach) and on compromises of the IT system. Thanks to a Cyber ​​Risk policy, or Cyber ​​Risk Insurance, the professional or owner of any company has the possibility of transferring the risk to the insurance company and protecting himself in the event of interruption of his business.

latest posts published

Lokky, the Italian data driven insurtech for professionals and SMEs

Lokky, the Italian data driven insurtech for professionals and SMEs

EconomyUp interviews Paolo Tanfoglio and Sauro Mostarda, Co-founder and CEO of Lokky Awarded as 'Best ...
An ally for cyber security: Load Balancing

An ally for cyber security: Load Balancing

Having a fast, high-performance and reliable website is a non-negligible aspect for those who have ...
Business Trend 2023 for SMEs, professionals and commercial activities

Business Trend 2023 for SMEs, professionals and commercial activities

The main trends of 2023 that you will need to consider in your business Digital ...
Occupational risks for pastry shops

Occupational risks for pastry shops

The pastry chef's activity involves the production of confectionery products, from the preparation of the ...
How to read a pay slip

How to read a pay slip

In collaboration with our partner F2Dwe decided to delve deeper into the elements that make ...
What are the most common cyber risks and how to protect yourself

What are the most common cyber risks and how to protect yourself

“Houston, we have a problem."Who doesn't know the words of Jack Swigert, pilot of the ...
Clinical Risk: What it is and What are the consequences

Clinical Risk: What it is and What are the consequences

In recent years, the responsibility of healthcare facilities has increased significantly and with this also ...
Commercial activities most affected by theft

Commercial activities most affected by theft

Theft, shoplifting and armed robberies are a plague for Italian traders. In Europe, Italy is ...
October is European Cyber ​​Security Month

October is European Cyber ​​Security Month

October is the European month dedicated to cybersecurity, a good opportunity to acquire new awareness ...
Estimating cyber risk: importance and difficulties encountered

Estimating cyber risk: importance and difficulties encountered

The biggest challenge regarding cyber security is to estimate cyber risk in a credible, sustainable ...

Leave a Reply

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *