Tag Archives: cybersecurity

3 Ways for Agencies to Improve Cybersecurity

In the current wave of ransomware attacks, large insurance agencies have a bright red target on their backs because they have lots of personally identifiable information (PII) and have the means to pay high ransoms. Smaller insurance agencies are just as vulnerable but might not have the means to secure or reclaim client information. Regardless of size, insurance agencies that do not properly educate their staff are leaving major gaps that can be exploited.

One of the most common ways for agencies to lose valuable information is through insider threats, which occur when employees or people with approved access to your systems take or leak information through sabotage, theft, espionage, fraud or just plain ol’ human error.

By preparing agents to be the first line of defense against cybercrime, insurance agencies can change employees from risks to guardians and minimize the chances of an attack that harms their clients, reputation and bottom line.

Improve email security with agency-wide policies and multi-factor authentication

Compromised emails are the entry point for 60% of cyber attacks and create opportunities for criminals to plant ransomware, steal funds and misuse sensitive information. Hackers have access to databases chock full of compromised email accounts. Agencies want to keep employee emails off these lists, but they also need to protect themselves if an agent’s accounts find their way there. Criminals can use these accounts to gain access to your agency network like a lily pad, leaping from a personal account to a work account to a company-wide breach.

Here’s an example: John Doe is unaware his Facebook credentials are in one of these illicit databases. Hackers have access to his full name, personal email address, password and place of work: ABC Insurance. They learn from the agency website that agents’ email format is firstnamelastname@abcinsurance.com. With this information, they can email John and other agents or attempt to log in to his work email. Whether or not he’s reused his password, an experienced hacker can get access in a matter of minutes.

See also: 6 Cybersecurity Threats for Insurers

There are multiple steps agencies can take to minimize the chances of compromised emails:

  • Don’t publish any employee emails on your website. Limit public emails to aliases such as info@abcinsurance.com<mailto:info@abcinsurance.com> or use a contact form.
  • Don’t let your agency’s security hinge on another site’s vulnerability. Ensure employees don’t use their work emails to sign up for other websites.
  • Use multi-factor authentication (MFA) for all email log-ins. While text messages are one way to add an authentication factor, SMS channels are vulnerable to hacking. MFA apps are the gold standard and are likely free to use with your agency management system, such as Microsoft 360.

Educate agents about phishing and safe email habits

All agents must be vigilant about phishing emails that steal PII by impersonating another person or organization. Phishing has become sophisticated enough to fool multiple employees within an organization, posing as legitimate emails from systems that criminals know an agency uses. Whether your agents are working on-site or remotely, all it takes is one successful phishing attempt for a bad actor to install malware or steal sensitive information.

Good email habits and open communication can thwart phishing attacks:

  • Err on the side of caution when opening links and entering log-in information. Agents should not log into a website directly through a form in an email.
  • Verify the domain name/URL of any link opened from an email. Cybercriminals create fake, nearly identical pages that can fool anyone not paying close attention to what website they’re really on.
  • If your agency uses Slack or a similar platform, you can dedicate a channel to report suspected phishing.

Encourage vigilance in and out of the workplace

A great way to ensure that agents are vigilant is to test employees with a mock-phishing email to see if they catch it. There is software available that can help with this, or you can have a close contact from outside your agency send an email asking agents to reply with a phone number or other piece of PII. If the email sounds urgent enough, many times people will reply with the requested information thinking they are helping in an emergency. Collect the emails that come back to your outsider contact and discuss them with the team as an opportunity for education on cyber security awareness. Once you have a baseline, repeat the test every few months and monitor how your agency’s cybersecurity improves (we hope) over time.

It’s also a good idea to educate agents on the value of regularly checking their personal account security to prevent a lily pad breach. Websites like Avast and haveibeenpwned inform you if there are PII leaks associated with your email address. Agents can check their personal accounts at these sites and keep on top of their own data security for the security of their agencies.

See also: Hidden Dangers for Cybersecurity

Insurance agents need to treat their emails like they’re the keys to the agency vault — because they are. Increasing email security through these simple methods makes your agency much harder to breach and will ultimately save money and prevent headaches, including lost goodwill among clients.

Premiums Climb as Ransomware Bites

Ransomware is on the rise and posing significant challenges for the insurance industry. Ransomware attacks soared by 485% last year compared with 2019, according to Bitdefender. Cybercriminals and state-sponsored hackers alike are employing ransomware to line their pockets and cause mayhem. The Colonial Pipeline, the Harris Federation, CNA Financial and Acer are just a few of the high-profile victims so far this year. 

Without proper planning and protection, a ransomware attack can sink a company. The average ransom cost is now $154,108, according to Coveware, and the average downtime caused is 21 days. 

As more and more victims pay up, cybersecurity insurance carriers are changing their products, increasing premiums, and limiting coverage. 

Attackers Targeting Insurance Providers

While cybersecurity policies covering ransomware used to be relatively easy to find and offer generous potential payouts, that’s no longer the case. Ransomware gangs have been doing their homework. They gain access to insurance company client lists and hack into networks to study individual policies for the purpose of uncovering maximum policy limits of targeted companies.

An anonymous spokesperson for the REvil ransomware gang was recently asked about targeting insurers in an interview for The Record, and said, “Yes, this is one of the tastiest morsels. Especially to hack the insurers first—to get their customer base and work in a targeted way from there. And after you go through the list, then hit the insurer themselves.”

Any insurer that responds to this onslaught with a blanket policy of not paying ransoms is soon under siege. Cybercriminals unleash coordinated attacks designed to make examples of these carriers and warn off other insurers that may be considering a similar no-pay policy. Inevitably this has impacted the coverage carriers offer. 

Insurers Building Experience

The silver lining here is that the cyber insurance industry has a vested interest in keeping costs, risk and recovery time down. To that end, insurers engage the very best incident responders with a proven track record. For a victim seeking a ransomware recovery specialist, a cybersecurity carrier might be the fastest and easiest route to the top talent. 

As insurers build a knowledge base and deal with the aftermath of more and more ransomware incidents, they are also gaining a deeper understanding of how to guard against such attacks. 

Organizations seeking consultation on what they might do to prevent ransomware infiltrating their networks, how to cope during an attack, and the fastest path to recovery can get solid advice from carriers. But all this experience comes at a price.

See also: 6 Cybersecurity Threats for Insurers

More Stringent Requirements and Fewer Options 

Any organization shopping for cyber insurance will find the market very different than it was just a few years ago. Many carriers are now refusing to insure for ransomware and those that do require solid proof that strong security controls are in place before they will issue any policy. Coverage scope and optional add-ons have been drastically reduced across the board, but particularly in industries with high exposure and susceptibility.

Even with every box ticked, the amounts that insurers are offering now are relatively limited. Premiums in general are higher, but for organizations considered to be high-risk with large limit requirements, policies may be prohibitively expensive. It’s important to remember that even with the climbing costs, cybersecurity insurance will still be cheaper than a breach for most organizations. A third-party assessment and strict requirement for strong controls can also prove invaluable in strengthening your security posture.

No Substitute for Proper Cybersecurity Planning

Ultimately, cybersecurity insurance is a complementary product that can help reduce business risk. It’s crucial to take appropriate steps to guard against ransomware and to fully plan and practice how to deal with an incident. Consider that the most likely way for ransomware to break in is through social engineering. Train your staff to spot phishing attacks and build response plans to investigate and deal with them.

Other smart protective actions include a regular patching procedure to ensure software is kept up to date, a comprehensive asset list that gives you a complete picture of company hardware, and properly protected off-site backups from a variety of points in time. Craft incident response and recovery plans to clearly delineate correct procedures and responsibilities and then test them in a mock attack to ensure you’re ready for the real thing.

If you are operating without coverage or your policy is coming up for renewal soon, make sure you dig into the details and fully assess your options. You may find that the budget you have allocated based on previous policies is no longer suitable. Just remember, the stronger your defenses are, the easier and cheaper it will be to secure a cybersecurity insurance policy that gives you the cover you need.

Aggressive Response to Ransomware

Ransomware attacks are increasing at an alarming rate — Colonial Pipeline, JBS and now McDonald’s, where cybercriminals stole some data. And those are just a few of the growing number of cybersecurity breaches being reported.

According to the Institute of Security and Technology, victims paid $350 million in ransom in 2020, more than four times the amount in 2019. Around 2,400 government organizations, healthcare facilities and schools in the U.S. were reportedly attacked.

The economic impacts from these evolving cybercrimes are massive. Apart from the loss of money paid in ransom, companies and governments have to go through several additional challenges, such as service downtime, loss of private data and recovery cost. 

This surge in ransomware attacks highlights the urgency in dealing with the national security threat before it gets out of control. Businesses should carefully evaluate every potential alternative available before paying the ransom. When hackers succeed in extortions, these kinds of crimes become more attractive. And there is no guarantee that the hackers would give the decryption keys even if a ransom is paid.

The government organizations and the private sector should work hand in hand to deal with cyberattacks and ensure data is recovered without paying a ransom. Companies should keep law enforcement agencies in the loop when tackling a ransomware attack and support the administration in disrupting the hackers’ network. There should be an aggressive, joint strategy and an unbreakable security network to combat these cybersecurity challenges.

Meanwhile, a collaborative global effort involving governments and security agencies is crucial in the fight against cybercrimes. Nations should aggressively investigate and prosecute cybercriminals operating from their land. Governments should use strategies, such as sanctions, to pressure countries refusing to act against cybercriminals.

See also: What’s Next for Ransomware

The increasing number of cybercrimes could also be exposing the security loopholes in the companies’ network with employees working away from the office. Most businesses are operating remotely these days. It is important to note that not all business has the right security system in place, as they were unprepared for a sudden work-from-home migration when coronavirus struck. Organizations should implement security protocols, such as multifactor authentication, endpoint detection and response and data encryption, as well as prepare a plan to deal with these kinds of security threats before it strikes.

Another aspect to note in the recent cyberattacks is that the criminals seem to prefer cryptocurrency, which makes it difficult for law enforcement agencies to track criminals behind transactions. It is high time that the government enforces strict guidelines to ensure that the crypto exchanges follow processes such as Know Your Customer.

Wake-Up Call on Ransomware

The ransomware attack that shut down the 5,500-mile Colonial Pipeline, the largest fuel pipeline in the U.S., contains two important seeds of opportunity.

First, the federal government looks like it may get much more involved in preventing or at least prosecuting cyber attacks, specifically for important infrastructure like pipelines and electric grids, but perhaps more broadly, too.

Second, the attack raises the profile of the ransomware problem to the point that insurance clients may no longer be able to ignore it — which they mostly have even as ransomware activity quintupled globally between the first quarter of 2018 and the fourth quarter of 2020, according to Aon. This higher profile will create the opportunity for insurers to work with clients to finally step up their defenses.

Let me be clear, lest I come across as Polyannaish: This was a serious assault on a major piece of infrastructure and will likely result in higher gasoline prices, at least in the eastern half of the U.S. The attack also raises the prospect of devastating assaults on other pieces of key infrastructure, both in the U.S. and around the world. In addition, because the ransomware attack was arranged by a criminal ring in Russia, the attack brings into play all sorts of geopolitical issues that go well beyond what happens when some lone criminal hacks his way into a single corporation.

I’m merely suggesting that good things could also come out of the attack by the DarkSide group in Russia, because it underscores two problems that have long been obvious but that have somehow been ignored. The actions spurred by the attack won’t be perfect solutions by any means, but they should help.

The main action looks to be an aggressive response by the federal government, which has struck me as too passive as criminal gangs have greatly stepped up their ransomware attacks. There are limits to what the government can do against international gangs like DarkSide — it’s not as though President Biden can just call Vladimir Putin to complain and have him say, “Oh, sure, I’ll get right on it” — but having the Feds in the game should help a lot.

The other main action — the big opportunity for insurers — will occur because companies will increasingly see their vulnerability (finally!) and request help from the experts: the insurance companies that deal with cyber issues every day.

Thought leaders have been warning about ransomware for ages here at ITL — look at “5 Questions That Thwart Ransomware,” “A Dangerous New Form of Ransomware” and “Ransomware Becomes More Pernicious.”

Look, in particular, at this recent article: “How to Combat the Surge in Ransomware,” from Tokio Marine HCC’s Cyber and Professional Lines Group. It describes what I think is the ideal approach for insurers assisting their clients, not just by selling insurance but by helping them reduce their risks — steering clients toward state-of-the-art tools (priced based on the insurer’s bulk discount) that monitor vulnerabilities, toward using multi-factor authentication, toward training, etc.

As long as the bad guys have shown they can work together and take down big targets like the Colonial Pipeline, the good guys need to work together, too. That surely means more help from the federal government on what is a national and, increasingly, international problem but also means insurers need to step up and deliver the sort of expertise and counsel that they possess uniquely and that define the industry’s noble purpose.

Cheers,

Paul

P.S. Here are the six articles I’d like to highlight from the past week:

Workers Comp Trends for Technology in 2021

An efficient workflow passes 60% to 70% of medical bills straight through; workers’ comp has a long way to go.

Are Your Healthcare Vendor’s Claims Valid?

This article, the first in a series, looks at how regression to the mean is often misused to justify false claims about the success of wellness programs.

4 Ways to Seize the Latent Demand

Consumers recognize now more than ever the importance of adequate insurance coverage. Now is the time to seize on this opportunity.

Time to Reimagine the Finance Function

What’s possible for finance has been redefined: Comprehensive data makes it easier to connect performance across the business.

Tapping Into Life, Health Innovation

Those who welcome outsider participation in innovation can unlock new solutions without needing to reinvent their current businesses.

Insurance and Financial Protection

If the life insurance crisis is hard to understand, we must make it easy to comprehend. The insurance industry must lead us through this crisis.

6 Cybersecurity Threats for Insurers

The connectedness of everything – assets, people, business and commerce – has increased the severity and frequency of cyber attacks. The insurance sector faces a bigger threat than most industries because insurers deal with extremely sensitive data. Several insurance companies, such as Premera Blue Cross and Anthem, have experienced significant data breaches over the past years. However, these are not the only insurers affected. A report by Accenture shows that an average insurance company receives over 100 cybersecurity attacks each year, with 30% of the attempts being successful.

As an insurance leader, being aware of the potential cybersecurity threats puts you in a better position to adopt the right prevention measures. Here are the top cybersecurity threats in the insurance sector that you should know.

6 Cybersecurity Threats for Insurance Leaders

1. Cloud Vulnerabilities  

Cloud data access and storage has become a common practice for many people. However, this practice can increase the risk of a data breach. You can be susceptible to denial of services (DoS) and account hijacking attacks. With such attacks, hackers can access and tamper with your company’s data while preventing your team from accessing it. This threat can be prevented by implementing an extensive cyber risk management plan.

2. Patch Management

If your insurance company is using outdated software, you have a higher risk of cyberattack. Most cybercriminals exploit software vulnerability to access and steal company information. Failing to update your software patches makes your organization vulnerable to numerous data breaches.

Cybercrime vulnerability can be through something you consider as minor as the computer operating system. For instance, most organizations became exposed to cyber-attacks in 2018 for failing to update their Microsoft Office software following a patch release for Eternal Blue vulnerability. Therefore, it is advisable you stay up-to-date with any software you are using in your organization to avoid costly attacks.

3. Social Engineering

With the increase in social interactions, cybercriminals are exploiting such opportunities to launch social engineering attacks. Deception is the major aspect of such attacks. Usually, these criminals use trickery and manipulative approaches to lure individuals into taking various actions. For instance, you can be lured to disclose sensitive information or even bypass set security measures.

Social engineering threats are high because targets simply give hackers access to the system. Thus, it is hard for you to prevent these crimes with cybersecurity systems. However, regular training on cybersecurity is necessary for ensuring that your team members know how to detect and prevent such crimes.

See also: A Novel Approach to Cybersecurity

4. Ransomware Threats

If you thought it was only individuals who can be held hostage, think again, because your computer systems and data can, too. Ransomware attacks are some of the serious cyber threats you should worry about in the modern era. A report by the U.S Depart of Homeland Security reveals a rising number of ransomware attacks. The hackers attack your network and prevent you from accessing any data in it until a certain amount is paid. Such attacks are associated with significant losses. For example, besides the immediate losses, a ransomware attack can lead to huge monetary damages because of lost data and loss of productivity.

5. Third-Party Exposure Threats

The use of third-party services is a common practice nowadays, especially for payment processing. Most organizations do not take the necessary precautions when engaging in third-party transactions. Even where the party you are transacting with does not handle personal data directly, it can put your organization at risk of attack.

Hackers are using malware to access personal data, such as credit card numbers and Social Security numbers, through third-party companies. Therefore, it is important to take all the necessary precautions when dealing with a third-party vendor. For instance, inquire about their policy on data breaches and find out whether they have any measures in place to prevent cybersecurity attacks.  

6. Outdated Hardware

There is a common misconception that cybersecurity threats have to come from software. If you are using outdated hardware, your company data is vulnerable, too. With the increasing rate of software updates, some hardware may find it challenging to keep up. Obsolete hardware may be difficult to accept the latest security measures and patches. In such cases, your organization’s data is exposed; hence, at a high risk of cyberattack. Therefore, it is critical to regularly check your devices and replace any obsolete ones to avoid outdated hardware-related cyber-attacks.

See also: The Missing Tool for Cyber Resilience

Holistic Risk Management Plan

There you have it – a comprehensive overview of some of the top cybersecurity threats in the insurance sector. Evidently, as technology advances, insurance companies will continue to face different forms of cybersecurity threats.

While there might not be a one-size-fits-all approach to address or prevent cyber threats, being knowledgeable on the various cybersecurity vulnerabilities can help you adopt better risk detection and prevention measures. Therefore, make sure to adopt a holistic management plan to stay away from most of these threats.