“Hacker Lab” Event Shows How Cybercriminals Attack Small Businesses — and How to Stop Them HSB and Trail of Bits Offer Risk Mitigation Tips

HSB and Trail of Bits Offer Risk Mitigation Tips

September 11, 2014

7 Min Read


September 11, 2014 10:05 AM Eastern Daylight Time

NEW YORK--(BUSINESS WIRE)--At a recent “Hacker Lab” event, “white hat” hackers revealed how cybercriminals work — and what businesses can do to protect themselves. The September 9 multimedia presentation used a simulated small business system to demonstrate how hackers choose their targets, how they enter the system and what they do post-infiltration.


“Reacting to new threats is too slow and too expensive. These days, you have to pre-empt criminal activity by thinking like a hacker and concentrating on the methods of attack”


Key takeaways for small business owners included:

  • Cybercriminals view your small business both as a target and as a conduit to attack your clients.

  • Identify your assets and the data you have that’s valuable to others; keep only what you need and use a dedicated device for financial activity that’s not used for email or social media.

  • Most cyber attacks enter your company through your email and browser. Ensure you’ve taken steps to secure both.

The “Hacker Lab” was presented by HSB, a leading specialty insurer of data and information risks that is part of Munich Re, and Trail of Bits, a New York City-based cybersecurity firm. It was designed to help educate and provide risk mitigation resources for small business owners.

“No business is ‘too small’ for a hacker. All businesses are vulnerable,” said Eric Cernak, vice president, strategic products, HSB. “In a study HSB conducted with the Ponemon Institute, we found that more than half of all small- and mid-sized businesses experienced a data breach and nearly three-quarters can’t restore all their data. The problem is big and growing. The good news is that businesses can take steps to protect themselves from destructive criminal intrusions.”

Dan Guido, Hacker in Residence at NYU Engineering and founder and chief executive officer of Trail of Bits, agreed that businesses need to get out ahead of the hackers.

“Reacting to new threats is too slow and too expensive. These days, you have to pre-empt criminal activity by thinking like a hacker and concentrating on the methods of attack,” said Guido. “Fortunately, attackers are just as fallible as everyone else and they can be disrupted.”

Alexander Sotirov, founder and chief technology officer, Trail of Bits, participated with Guido in the demonstration.

The “Hacker Lab” also featured a robust risk management discussion with Cernak and Tim Zeilman, vice president and counsel, strategic products, HSB. The discussion included insights from Cernak and Zeilman about ways to prevent a cyber attack; the legal, financial and reputational costs of an attack; and what businesses must do if/when they’re hacked.

HSB and Trail of Bits provided the following risk-management tips:

10 Ways to Prevent a Data Breach

1. Outsource payment processing. Avoid handling card data on your own. Reputable vendors, whether it’s for Point-of-Sale or web payments, have dedicated security staff that can protect that data better than you can.

2. Separate social media from financial activity. Use a dedicated device for online banking. Use a different device for email and social media. Otherwise, just visiting one infected social site could compromise your banking machine and your savings account.

3. Think beyond passwords. Never reuse them and don’t trust any website to store them securely. You can never tell when a website has already been hacked and your password has been exposed. Set up a two-factor authentication; this sends a secret code to your phone verifying your identity.

4. Educate and train employees. Establish a written policy about data security, and communicate it to all employees. Educate employees about what types of information are sensitive or confidential and what their responsibilities are to protect that data. Also, most scams and malicious attacks arrive through email so be sure your team is prepared and alerts others when they are received.

5. Stay informed. Evaluate the entire chain of events in a potential attack. From assessing your email infrastructure to your users’ responsiveness to your browser’s vulnerability, identify where your organization is most at risk. Then, question the security posture of your business lines, vendors, suppliers or partners.

6. Stop transmission of data that is not encrypted. Mandate encryption of all data. This includes data at “rest” and “in motion”. Also consider encrypting email within your company if personal information is transmitted. Avoid using Wi-Fi networks; they may permit interception of data.

7. Secure your browser. With the growing popularity of watering holes – malicious code installed on trusted websites – how do you know which websites you can trust? Forget individual patches. Focus on keeping up to date with the latest version of your browser. Then, test your browser’s configuration for weakness.

8. Secure your operating system. It’s far easier to break into older operating systems like Windows XP or OS X 10.6. Take advantage of major security improvements baked into newer operating systems.

9. Secure your router. It connects your computer to the Internet. Make sure someone can’t intercept all the data sent through it. It’s important to set a strong admin password on your router and a WPA2 password on your Wi-Fi.

10. Secure your data. Whether you lose data to an accident or an attack, you’ll always be glad to have a backup. Ideally, your backups should be encrypted and off-site in case there’s a fire or burglary.

About HSB
Hartford Steam Boiler (HSB), a member of Munich Re’s Risk Solutions family since 2009, is a leading engineering and technical risk insurer providing equipment breakdown insurance products, other specialty coverages, and related inspection services and engineering consulting. Founded in 1866, HSB's difference is grounded in extensive technical knowledge with over 50 percent of its staff engineers, inspectors and technical personnel around the globe. We leverage our knowledge to anticipate future risks and develop a range of specialized solutions that enable our clients to build deeper and more profitable customer relationships. HSB holds A.M. Best Company’s highest financial rating, A++ (Superior). For more information, visit www.hsb.com and connect on Twitter, Facebook and LinkedIn.

About Trail of Bits
Founded in 2012, Trail of Bits enables enterprises to make better strategic security decisions with its world-class experience in security research, red teaming and incident response. The Trail of Bits management team is comprised of some of the most recognized researchers in the security industry, renowned for their expertise in reverse engineering, novel exploit techniques and mobile security. Trail of Bits has collaborated extensively with DARPA on the agency’s acclaimed Cyber Fast Track, Cyber Grand Challenge and Cyber Stakes programs. In 2014, the company launched its first enterprise product, Javelin, which simulates attacks to help companies measure and refine their security posture.

About Munich Re
In the U.S., Munich Re provides access to a full range of property and casualty reinsurance and specialty insurance products through Munich Reinsurance America, Inc., American Modern Insurance Group and Hartford Steam Boiler Group. Munich Re stands for exceptional solution-based expertise, consistent risk management, financial stability and client proximity. This is how Munich Re creates value for clients, shareholders and staff. In the financial year 2013, the Group – which combines primary insurance and reinsurance under one roof – achieved a profit of €3.3bn on premium income of over €51bn. It operates in all lines of insurance, with almost 45,000 employees throughout the world. With premium income of around €28bn from reinsurance alone, it is one of the world’s leading reinsurers. Especially when clients require solutions for complex risks, Munich Re is a much sought-after risk carrier. Its primary insurance operations are concentrated mainly in the ERGO Insurance Group, one of the major insurance groups in Germany and Europe. ERGO is represented in over 30 countries worldwide and offers a comprehensive range of insurances, provision products and services. In 2013, ERGO posted premium income of €18bn. In international healthcare business, Munich Re pools its insurance and reinsurance operations, as well as related services, under the Munich Health brand. Munich Re’s global investments amounting to €209bn are managed by MEAG, which also makes its competence available to private and institutional investors outside the Group.



Dennis Milewski, +1-860-722-5567
Media Relations
Prosek Partners
Kristen Prestano, +1-212-279-3115, Ext. 217
Media Relations

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights