From ransomware to cloud breaches, there’s no shortage of threats currently targeting the insurance sector, and over the course of the last few years, such methods of attack have become increasingly more prevalent.
In addition to this enticing factor, new insurance products, solutions and services are arriving every day, which unintentionally creates new areas of weakness and fresh hotspots of vulnerability.
As initially outlined by Eleanor Barlow, content manager for the global managed security service provider (MSSP) SecurityHQ, the pervasiveness of cybercrime throughout the insurance sector is primarily being exacerbated by the fact that the industry holds a vast amount of monetary wealth.
Often the purpose of an attack is to reach the customer’s financial portfolios, and the information held by policyholders is, understandably, extremely valuable.
Insurance companies can bolster their security by getting to grips with the varying vulnerabilities that wait at their door, and by recognising and implementing steps that will effectively mitigate these threats.
What cyber threats should insurance companies be made aware of?
Cloud exploits – The insurance sector’s ready adoption of cloud-based technologies has unwittingly opened the door to increased vulnerabilities, especially in the form of distributed denial of service (DDoS) attacks. Typically, cybercriminals can access and tamper with an organisation’s data while blocking employees from accessing it.
But what this issue really highlights, is that there is a blind trust that organisations place in cloud service providers. This brings into question the inherited resiliency risk that organisations acquire from cloud service providers. If there is a critical dependency, be sure that you have a plan b to fall back on in case of a system failure or cyber incident.
Where possible, seek to protect yourself contractually with service-level agreements (SLAs) and assurances from your service provider on their resiliency and disaster recovery (DR) procedures.
Ransomware – In its most basic form, ransomware is a type of malware used by a bad actor to threaten the victim into paying a ransom, in exchange for their valuable data/access to their assets. For a ransomware attack to be possible, a breach needs to be made.
To create a breach, bad actors need to target an organisation or individual through the distribution of malicious phishing emails. Once a phishing email attack has proved to be successful, a breach can be made possible. Then, through this breach, and without the victim knowing, a malicious payload is dropped.
A malicious payload is the element of the attack which causes the actual harm to the victim and contains the malicious code. Once the attacker has access to the victim’s networks, this leads to data exfiltration. Which is what the victim is held ransom to.
Third-party exploits – The use of third-party vendors is becoming increasingly preferable to insurance agencies. The issue with this is that many of these third-party businesses do not have the right security measures in place, which leaves them vulnerable. So, while your security may be comparably fantastic, the third-party may have little in place, which means your sensitive data is still at risk.
The real cost of a ransomware attack and how to mitigate ransom threats
SecurityHQ goes on to describe how participants within the insurance sector can better protect themselves and the interests and assets of their business:
Compliance and regulatory systems – The insurance industry has a multitude of compliance, regulatory systems and requirements in place that are very different to security requirements in other industries. Whatever these may be, controlling the users, the logs and the security is essential to meet requirements. This is especially true when regarding data protection and information security. Even more so when this data concerns the handling of financial, personal and/or client-sensitive information.
Mitigate risks, block malicious IPs and suspend rogue users – By dealing with issues that are a high priority first, you deal with the challenges that have the biggest impact on closing out security loopholes and protecting your organisation. The quicker you can get something contained, the safer and better it is for all.
This is why it is necessary to orchestrate and automate a response to block or isolate an infected machine. Skilled managed service provider (MSP) experts are trained to identify attacks and mitigate threats before any impact is made.
To mitigate against the aforementioned cloud exploits, ensure that you have managed detection and response (MDR) capabilities in place and that you have the latest threat and risk intelligence to cover key threat intelligence use-cases.
To prevent and spot third-party exploits, user behaviour analytics are essential to understanding the actions within an organisation and highlighting and stopping unusual activity before the damage is done. By using machine learning (ML) algorithms, expert analysts can categorise patterns of user behaviour, understand what constitutes normal behaviour, and detect abnormal activity.
If an unusual action is made on a device on a given network, such as an employee login late at night, inconsistent remote access, or an unusually high number of downloads, the action and user is given a risk score based on their activity, patterns and time.