Hear from Neeraj Sahni at Cybersecurity Smarts: Protect Your Data Now on Friday, September 18 at The Wistar Institute to learn how to protect your operation, your customers and your partners with insights on how to mobilize your IT, legal, regulatory, sales and communications teams to minimize exposure to cyber-based threats and planning tips to mitigate damages from cybercrime.

By Neeraj Sahni,Vice President, Willis of Pennsylvania

When discussing cyber insurance, most common exposures at a company are usually associated with targeted attacks from hackers, employees losing laptops or vendor negligence leading to exposing personally identifiable data.

These simple errors can be expensive on the balance sheet due to multiple post-breach costs. Some of these incurred costs may be covered by today’s cyber insurance policies, such as:

  • computer forensics investigation
  • notification
  • regulatory fines
  • defense
  • legal liability

What’s changed? Since the value of sensitive data has become a multi-billion dollar industry within organized crime, hackers are finding ways to access this data outside of known technology channels.

Using Trust Against You

Social engineering is one of those avenues where it’s easier to exploit an employee’s natural inclination to trust than it is to discover ways to hack security software and gain unauthorized access. It’s defined as the art of manipulating people so that they give up confidential information. Techniques include phone elicitation (aka phishing), impersonation, and onsite engagements.

One Hacking Demo

DefCon is a popular annual conference among global hackers, and I had the privilege to attend this year. Social engineering was one of the most popular live hacker setups at the conference.

It was fascinating to see hackers in soundproof boxes calling Fortune 500 companies real time. The calls were made to local offices under the false identity of each company’s internal audit group. Each hacker would build a trust relationship with employees on the phone and ask them questions to gather sensitive information about th