• Business

• news

Worst of all before them: the bleak future of Shirbit and its customers

Insurance company Shirbit suffered from what appeared to be a rather planned and aggressive cyber attack.

The details of the attack (or breach) are not yet visible, but it does not really matter.

The consequences of the case can be devastating for the company, with customers also having many reasons to worry

Tags

• Shirbit

Yotam Gutman

Thursday, 03 December 2020, 01:13

• Share on Facebook

• Share on WhatsApp

• Share on general

• Share on general

• Share on Twitter

• Share on Email

0 comments

• The Tel Aviv Museum opens for the first time since the closure: "This is the place ...

• Director of the Biological Institute: Vaccine Made in Israel in the Summer of 2021 ...

• Documentation: Anti-drug smuggling on the Egyptian border, July 2020 ...

• Trump: If the voters vote for Biden - I'll leave the House ...

• Dubai

• Ganz: Blue and white will vote tomorrow in favor of the proposal to dissolve the Knesset 1 ...

• The reception for Shira Isakov, who was seriously injured by her husband's stabs ...

• The UK has approved the use of the Pfizer vaccine for Corona ...

• Hanukkah in the Negev

• The cost of food loss in Israel is NIS 23.5 billion ...

• Merchants in the Carmel market demand to open the stalls in the market: ...

Edited by Nir Chen

Implications for society

An event of such magnitude as a cyber hack into a wand has direct and indirect implications for companies.

The direct consequences include theft of information or money, recovery time from the event, ransom and other expenses paid - including fines.

It seems that no money was stolen from the company in the attack, but the explanation was that the attackers would demand ransom - and that is what really happened.

Judging by similar cases from around the world, companies prefer to pay a ransom and recover the information (and also avoid embarrassing publication of stolen information).

Such a ransom cost can reach millions of shekels, with the kidnappers' opening demand being 50 bitcoins (close to a million dollars) and if these are not paid by the deadline - 100 bitcoins.

In addition, such an event requires the use of means that the company does not have on a regular basis - information security experts, technical experts, PR people and lawyers. Sometimes these expenses are covered by cyber insurance, but usually the insurance does not cover all direct expenses and the company has to cover it.

In addition, during the attack, the company's website is inaccessible, and it is assumed that internal information systems are also disabled for treatment purposes or to prevent attackers from harming them. This period of time (known as downtime) means damage to the company's functional and business continuity. From abroad, they state that the average cost of this time loss equates to an expense of about $ 740,000, on average).

More on Walla!

NEWS

Hacking: Hackers demand a million shekels in Bitcoin for not distributing the information

To the full article

A lot of money, time and information will be lost.

Shirbit (Photo: Tamar Mitzpi, Globes)

Shirbit is a relatively small insurance company with several tens of thousands of customers.

As an insurance company, it is under the supervision of the Capital Market, Insurance and Savings Authority.

The same authority issued a directive in 2016 regarding "cyber risk management in institutional entities" (which came into force in 2017) that binds Shirbit and other insurance companies.

The instruction is quite detailed and instructs insurance companies on how to conduct risk surveys, what cyber and cloud technologies to use and what role holders are required to staff as part of cyber threat assessments.

The announcement issued by the National Cyber ​​Network indicates that the Capital Market, Insurance and Savings Authority is involved in handling and investigating the incident.

Although the regulation does not specify the penalties to be imposed on companies that did not comply with the guidelines, it can be assumed that if failures occur in the company's behavior, the regulator will fine it (as happened to Shirvit in 2013 and 2010, when it was fined NIS 3 million for violating regulations and conflicts of interest).

In addition, it is very possible that the company's customers will not be satisfied with a sixth penalty imposed on it by the regulator, and will decide to sue for damages in court (in a private or class action lawsuit), which will add legal expenses (and perhaps even additional fines).

In terms of indirect damages, these are damage to reputation, abandonment of existing customers and additional expenses that the company must incur as part of the recovery process.

Shirbit was unlucky and was attacked while the media and the public were already well aware of the cyber risks, due to a large amount of incidents that have happened in recent years.

The nature of the break-in and the fact that the incident is being intensively reviewed will mean that she will probably suffer from a damage to her reputation.

Various surveys conducted in recent years around the world show that two-thirds of respondents will stop purchasing products and services from a company that has suffered a serious cyber attack.

In addition, it is very likely that existing customers will choose to leave the company and thus it will suffer twice - existing customers will also leave it and it will also have difficulty recruiting new customers in their place.

Following the break-in, the company may have to invest in computing infrastructure and defense equipment (which may prevent the next attack), and it is likely that the costs of its insurance policy will also increase.

Implications for customers

As for the company's customers, they too are exposed to direct and indirect damage at the moment, despite a cloud of uncertainty surrounding the incident it is quite clear that the company was hacked, and it can be assumed that details and documents related to customers were stolen and used by various criminals and crooks.

It seems that no payment details have been stolen, so it will not be possible to steal money directly from the accounts of those customers, but the information that has been stolen (names, addresses, full details of identity cards, car registration details and more) can be used by different crooks to identify different sites and perform different actions. Of economic damage to customers.

Nor can it be ruled out that criminals will use this information to commit various scams (impersonate the account holders on the phone and perform various actions using their identifying information), as well as the possibility that criminals will use the information to blackmail victims (style - we know you were drunk) Will not pay will be told to your bosses).

In terms of indirect damages, those same customers are currently experiencing a lot of distress.

Studies around the world show that victims of cybercrime suffer from symptoms of anxiety, depression and distress, which can last for many months after the incident itself.

Some testify that they feel "perverted" and insecure.

The details have been revealed and who knows who will use them and how

The bottom line

Once every few years, another event of a magnitude engraved in the collective memory occurs as a "national-scale cyber event."

It is very possible that this incident will be tagged in the future as such an event, and will be remembered for many years to come (similar to the big break-in to Leumi-Kard or the "Saudi hacker").

In any case, the incident is expected to have a significant impact on Shirbit and many of its customers.

• Share on Facebook

• Share on WhatsApp

• Share on general

• Share on general

• Share on Twitter

• Share on Email

0 comments