Smart work. Teleworking. Teleworking. Since 9 March 2020 (which now seems so far away!), the first Ministerial Decree extended the ban on travel for unnecessary reasons to the whole of Italy, as well as the closure of cinemas, clubs, museums and every gathering centre, inaugurating what would go down in history as «the first quarantine», we have seen quite a few changes. Driven by the need to adapt to the new logic of social distancing, from that moment on the job market had to roll up its sleeves: it is precisely because of the measures put in place to contain the spread of the COVID-19 virus, in fact, that in the last two years there has been massive talk of the so-called «smart-working», or «agile working», to put it in Italian.
There is no doubt that smart-working, a very precious tool, has brought with it a long series of advantages, making it easier for workers and promoting greater flexibility in the organization of time, but every coin always has two sides. Alongside the positive sides, in fact, smart-working has exposed companies, large or small, to new forms of danger and professional risks: in particular to the phenomenon of Cyber risk and more generally of cyber attacks.
The Strange Case of Dr. Jekyll and Mr. Hyde: the other side of the digital revolution
The future is digital. We’ve been hearing this for years. In an era in which everything (including Lokky’s insurance) is done and undone through a smartphone, it was only a matter of time before computer archives replaced the long dusty shelves full of folders, paperwork and documents in every office, even in the workplace. Digital tools have become the main means of survival for many businesses: bars, restaurants and take-aways have had to equip themselves to offer an entirely online booking service, just as shops and any commercial activity (from clothing brands to supermarkets) have had to adapt to digital marketing rules and home deliveries. In essence, the pandemic has only accelerated a change that was already inevitable.
For every Dr. Jekyll, however, there is also a Mr. Hyde: Cyber Risk, which exposes all professional sectors to the possibility of being victims of a cyber attack.
According to what was established by the Institute of Risk Management, Cyber Risk consists of any risk of financial loss, destruction or even simply damage to the reputation of a brand, company or commercial entity that is attributable to a malfunction of the IT system.
In other words, the Cyber Risk (or IT risk) is the more than common risk of incurring huge economic losses due to the occurrence of some harmful events, whether accidental or actual malicious actions aimed at damaging the IT system of a company or commercial reality (hardware, software, databases, etc.).
Because Cyber Risk is a danger that does not only affect large companies
The media is filled every day with news that tell of cyber attacks, both by human hands (hackers) and by means of malware (including ransomware), and their consequences. It is no coincidence that Cyber Crime attacks are in seventh place in the World Economic Forum (WEF) ranking, which in addition to taking them into account also evaluates the severity of the impacts on the economic/financial lives of the victims.
It’s a fact: cyber risk is not a distant danger. You don’t need to be the owner of large companies to have experienced an episode of Cyber Crime, as could be the case, for example, with a hacked profile. Cyber Risk represents one of the greatest dangers for all commercial activities, large or small, and as such should not be underestimated.
What is an IT Risk?
Cyber Risk, in more detail, can manifest itself in two main ways: firstly it could be a IT RISK, which consists of all the consequences resulting from accidental damage to computer systems. Think of the case of a fire, a short circuit, or why not, even a wrong decision or inaccuracy of the IT technician in question, or the most banal of occurrences, if the power were to go out. In this case, however high, the risk does not translate into a crime.
What is a Cyber Crime?
The case in which a real event occurs is different CYBER CRIME, a computer crime, which consists of all the risks connected to real criminal activities carried out against the victim (whether it is a small or large company, but also a simple user) at the hands of a third party.
These are all those criminal phenomena linked to computer piracy whose name is very often not even understood: computer fraud, damage to data, programs and archives, unauthorized interceptions, up to the unauthorized reproduction of protected programs and documents, different types of operations carried out by the figure of a cyber criminalusually a hacker or computer pirate.
The main types of cyber attacks
Among the CYBER CRIME IT risks, some have forcefully entered everyday language. Among the most common (but no less dangerous), aimed at the violation of personal data (data breach) we note:
Malware: in computer language, malware indicates any computer program that is used for criminal purposes to disturb the operations carried out by a computer user, whether it is a commercial business or a private user. This is what until the 1990s was simply called a «virus», nothing more than a «malignant» application that is mainly used to access a third-party device, for example to collect private information, create malfunctions or encrypt data.
Ransomware: a «malicious» computer program, a type of malware that infects a device and prevents access, forcing the payment of a ransom («ransom» in English) to access it again. Ransomware can also arrive just through a simple email, an attachment, a link or an advertising banner, or an app to be installed, but also with websites created specifically to infect the system. Not to be underestimated: an «infected» device can also infect others connected to it.
Phishing: a type of computer scam which consists in trying to extort personal information from the victim, including sensitive data such as passwords or access codes, by pretending to be a reliable body (for example banks, insurance companies, post offices and others). They usually manifest themselves through “counterfeit” emails containing familiar signs and logos. This is a crime that falls within the broader family of social engineeringa Cyber Crime technique that focuses precisely on the manipulation of people/users.
A curiosity: the term «phishing» is a variant of «fishing», which literally means «to fish» in English and refers to the invention of increasingly sophisticated techniques to «fish» for sensitive user data.
DoS/DDos attacks (Denial of Service): cyber attacks that attempt to interrupt the continuity of a service, thus making some services inaccessible.
Spam: the obsessive sending of messages (email messages, chats, tag boards, forums, Facebook and other social network services) repeated at high frequency or of a monothematic nature such as to make them unwanted (generally commercial or offensive), usually through generic, unverified or unknown addresses. Also known as «junk mail».
A curiosity? The term originated from a Monty Python comedy sketch, which aired for the first time on 15 December 1970 (season 2, episode 12), in which a waitress recites the list of a menu of dishes, but repetitively (to the point of becoming grotesque) intersperses the term «Spam», nothing more than a brand of canned meat. «Eggs and Spam, sausages and Spam, Spam, eggs and Spam, Spam Spam, bacon and Spam». The result? The customer quickly develops a real reluctance for the proposal.
The importance of Cyber Insurance
Whether it is a human error (for example an oversight on the part of an employee who lets viruses and malware enter the system), an accidental event or a real cyber attack (Malware, ransomware, phishing, DoS/DDos attacks, spam), the gist does not change: Cyber Risk is a real risk and underestimating it would mean leaving room for crime to infiltrate even the smallest, perhaps naive commercial activity. A risk that, nowadays, is just not worth taking, especially considering the quantity of solutions available on the market.
To deal with the growing threat of damage to the IT system (and all the consequences both in the short and long term), in recent years various insurance policies called «Cyber Insurance» (literally «Cyber Insurance»), or «Cyber Risk policies» have been created: policies and insurance packages that offer different coverage options and focus both on the loss/violation of sensitive data (data breach) and on compromises of the IT system. Thanks to a Cyber Risk policy, or Cyber Risk Insurance, the professional or owner of any company has the possibility of transferring the risk to the insurance company and protecting himself in the event of interruption of his business.
latest posts published
Lokky, the Italian data driven insurtech for professionals and SMEs
An ally for cyber security: Load Balancing
Business Trend 2023 for SMEs, professionals and commercial activities
Occupational risks for pastry shops
How to read a pay slip
What are the most common cyber risks and how to protect yourself
Clinical Risk: What it is and What are the consequences
Commercial activities most affected by theft
October is European Cyber Security Month
