Interest in cyber coverage is atan all-time high, and those who previously thought it a luxury—ornot a necessity—are taking a much closer look at theirexposures.

A recent Marsh report shows that cyber insurancepurchases grew 32 percent in 2014 when compared with 2013, and wereup 21 percent in 2013 over 2012. “The yearly increase shows thatorganizations see cyber as a risk to be managed, not merely aproblem to be fixed by IT,” the report asserts.

Damian Caracciolo, vice president and practice leader atCBIZ Management& Professional Risk, said that cyber attacks affect allindustries, but the type of attack deployed depends on the industryto which the company being targeted belongs. In 2015, the healthcare, financial services, retail and education sectors were thosethat saw the greatest number of cyber incidents.

Caracciolo said that cyber attacks come in many different forms,and the type of attack on any particular company depends on thetype of information the intruder is looking for. Here are the fivemajor types of attacks to which your organization might bevulnerable:

Brute Force Attack

This is a very sophisticated software or algorithm that iswritten to do whatever it can to attack your system, by searchingfor vulnerabilities. In many cases, the malware attacks apassword-protection mechanism.

The brute force attack will use specially designed software togo through hundreds of thousands of different words, combinationsof words, and numbers to try to crack your password, saidCaracciolo. He added: “They will even go through every word in thedictionary to see if they can access something like apassword.”

Social Engineering/Cyber Fraud

“If you're in the treasury department, and I send you an emailthat looks like it's coming from the CEO or CFO requesting that you'wire funds on the merger acquisition that we have pending, I wouldlike that money wired today—this is your authorization to get itdone,' whoever is working in that accounting or treasury departmentwill wire the money,” said Caracciolo.

He added that the thieves are not attacking your system; they'reattacking individuals and the company's wire-transfer policies andprocedures: “We're seeing a prevalence of that today, and that'ssignificant because the losses tend to be in the seven figures.This type of attack doesn't target data, it targets the money, andonce it's transferred it's unlikely that you're able to retrievethat money.”

Distributed Denial of Service (DDoS)Attack

This happens when a server is overloaded with connections, witha goal of ultimately shutting down the target's website or networkinfrastructure. “This is just where [hackers] are overloading yoursystem, hoping it will shut down your network and you will not beable to operate your business,” Caracciolo said.

Phishing Attacks

Phishing may be the most commonly reported form of cyber attack,said Caracciolo, and keeping up with the methods of some phishingattacks is proving to be very difficult.

There are various types of phishing attacks, and the type thatis used usually depends on the industry. “Hackers send out hundredsof thousands of emails [with an attachment or link] hoping thatsomeone will click on them,” he added. “That's the hacker's meansto access your system.” Once you open it, you're giving them accessto your computer system and the information on it.

“Once they're in, then they're able to really attack thesoftware's vulnerabilities, whether it's personal passwords,firewall or lack thereof, or unpatched status securitysoftware.”

Viruses, Worms, Spyware, and Ransomware

Each of these types of attack has its own objectives. All areattacks on your software, your systems, your theft preventionsoftware—getting access through any one of the malware-typeattacks.

“It's basically a malicious software with the intent to gainunauthorized access, and that could include viruses, spyware,”Caracciolo explains. “More recently, we've see ransomware, wherethey'll lock down your system and essentially say 'We have yourdata; if you want it back you're going to pay a ransom and we'lllet you gain access back to your information.'” Caracciolo addedthat there are also Trojan horses and key loggers that trackkeystrokes to gain access to passwords or gain access to yoursystem.

Some malware erases all the information contained on the user'shardware. And malware often targets individuals who aren't with theIT department and may not have the same level of sophistication, ormay not even be paying attention, he noted. “You're busy, you getan email, you don't pay much attention to who it's from or if it'san accurate email address. You click and allow them access to yoursystem. It's as simple as that. Whether it's a link or anattachment, you basically provide that malware into your system,which will then accomplish whatever the objective is.”

Spyware is software that hackers introduce into your system thatlooks for the simplest way to track keystrokes to get passwordsor electronically spy on your network, whether to gain accessto confidential information or to gain access to unidentifiableinformation.

A “worm” is similar to a virus, but it spreads differently. Inorder to affect your files, a worm eats into your system and runson its own. If a worm is introduced into your system, it couldreplicate by resending itself from your system to everyone in yourcontacts list; so one person lets it in and then it just compoundsitself. Depending on how it's written, it could get back to everycontact on your list.