The insurance industry is an attractive target for cybercriminals for a number of reasons. Chiefly insurance companies are hit because a successful attack will yield significant and profitable results. These organisations typically generate high volumes of data containing personal and financial data about customers, which is valuable on the black market. In addition, the nature of technology systems within insurance organisations creates loopholes and vulnerabilities that can be exploited to perpetrate an attack, making them something of an easy target. Insurance companies need to have effective solutions in place, as well as a plan of response, to mitigate the negative effects of cyber attacks on their organisation.
Information is currency
Any information has value on the black market, but data that can be gleaned from a breach into insurance databases can be a veritable goldmine for cybercriminals. This data may contain personal information such as ID numbers, physical and postal addresses, telephone numbers, medical history and more – which commands a high price in the cyber underworld. Even more valuable than this is financial information such as banking and credit card details. All of this information can be bought and sold on the dark web, and the potential for large volumes of saleable data from a single breach makes insurance companies a very attractive target.
Complex integrations create loopholes and vulnerabilities
The nature of the insurance model requires that many components be integrated, from underwriting to brokerages to distribution, all often geographically dispersed. This creates complex systems that have as many potential points of vulnerability at their points of integration. While the main insurance organisation may have top-notch security in place, securing each of these potential back doors can prove to be challenging, which makes insurance organisations appealing targets. For example, if a hacker manages to penetrate one brokerage or small outlying branch, they could potentially have access to the entire network of that particular insurer, without having to run up against the sophisticated security system of the main organisation.
The anatomy of an attack
Some of the most successful methods used to infiltrate insurance organisations include phishing and impersonation. Phishing is a common approach used to target many organisations, by sending out numerous emails at once in an attempt to get just a single response. Phishing relies on human error and fallibility, is fairly generic in nature, and has a high risk to reward ratio since it only requires one successful hit from hundreds or even thousands of attacks.
Impersonation is a more highly targeted approach, selecting one or a few targets, and is particularly effective within large organisations. This is because it is easier to successfully impersonate an executive in larger organisations, as many employees will not know enough about the person to be able to identify that a communication is fake. Impersonation can become highly sophisticated, because most people share what appears to be harmless and insignificant personal details on social media, which can then be used to bait an attack. An impersonation attack begins with a hook to try and engage the target in a conversation and earn their trust. If the target responds, the attacker begins a discussion before requesting the target to provide some sort of information or instructions to perform a task that will give them access to the network, perform a payment, send information and so on.
Protecting against an attack
Phishing can often be easily detected by technology solutions, and infected links can be flagged as dangerous and stopped before they reach users. However, cybercriminals are constantly evolving their attacks, so security systems need to be kept up to date. In addition, as mentioned successful phishing attacks rely on human error. People need to remain vigilant at all times in order to avoid falling victim to a phishing scheme.
Protecting against a highly targeted impersonation attack is a more challenging prospect. There are certain technologies and techniques that can be used to detect patterns of language and flag potentially fraudulent emails, and some intelligence can be applied to detect whether an email is ‘actually’ being sent from a specific person’s real email address. However, the more restrictive these solutions become the more they will block genuine emails and can negatively impact the business. Protecting against this type of attack is a delicate balancing act and once again requires vigilance on the part of individual employees.
It’s not about if – it’s about when
Given the increasingly targeted nature of attacks as well as the increased frequency thereof, it would be irresponsible to assume that any threat protection will block all attacks. Insurance organisations need to build up layers of defence, implement the proper controls, and map out their integrations to identify potential points of weakness. Yet, in today’s world it is no longer about ‘if’ you will be attacked, but ‘when’. It is essential to have adequate threat prevention and protection in place, but this alone is not enough.
The ability to detect a breach quickly, and respond to it effectively, is absolutely critical to managing the breach, minimising its impact and the volume of data stolen, and controlling the damage. A response plan needs to be put into place and tested to ensure its effectiveness, people need to be properly trained to recognise threats and respond correctly to them, and systems must be updated and tested regularly. Threats evolve and change, as does the business landscape, so incident plans and responses need to keep pace.
A reactive approach to security and incident response can sink a business. Ultimately, waiting until a serious breach occurs, and then taking a ‘lessons learned’ approach, may prove to be too little too late.