Managing large volumes of sensitive information on policy holders and processing sizeable financial transactions have established insurance firms as lucrative targets for cyber criminals. A successful data breach will net cyber criminals with a vast store of personal data that can be used to sell on the Dark Web or to commit identity theft and launch highly targeted attacks on individuals.
The latest Verizon Digital Breach Investigation Report (DBIR) reveals that, last year, the financial and insurance industry globally experienced 1,509 cyber incidents, of which around a third resulted in a data breach.
The clock is ticking from the moment a breach occurs and every second can have a profound effect on the overall impact to the organisation. It is vital that insurance firms can identify a breach and track down stolen data quickly. Monitoring for threats outside the network can even help organisations to identify potential attacks before they occur.
As an industry primarily concerned with anticipating risk, insurance firms are well placed to adopt an approach based on risk mitigation when it comes to cybersecurity. However, this approach must be applied beyond internal networks, to the extended digital supply chain.
The challenge of third-party risk
Insurance firms are connected to dozens of third parties – advisors, brokers and investment firms – as well as vendors supplying cloud-based services such as databases, software, websites and applications. This interconnectivity comes with a price, as cyber risks can originate from any one of these partners in the supply chain. In fact, research from Accenture reveals that four out of 10 data breaches are associated with third party suppliers.
The complexities of the modern digital supply chain mean that the breach could occur one or two steps removed from the insurance firm itself. While insurance firms can account for their own security and those of their chosen partners, managing multiple layers of a supply chain is a complicated challenge. If any third party in the chain has weak security or lacks the capability to detect a breach, the firm’s data may be in the hands of criminals for weeks or months. However, the ICO and the FCA are clear that an organisation is held responsible for a breach of its data even if this originates from a third-party in the supply chain.
How cyber criminals target insurance firms
Aside from web application attacks, employee mistakes are the biggest reason financial and insurance firms experience a data breach according to the DBIR. This includes emailing sensitive information to the wrong person and the misconfiguration of applications, databases and devices, which can result in unauthorised people gaining access to them.
Cyber criminals will also exploit human nature using social engineering techniques to convince employees to reveal usernames and passwords. Business Email Compromise (BEC) is a specific type of email scam which takes this a step further using a more direct approach to defraud organisations. Cyber criminals will have carefully researched their target to be as convincing as possible and will trick unsuspecting users to send them an immediate payment by impersonating a CEO, supplier or another senior level executive requesting a transfer of funds.
Once cyber criminals have access to applications or the network, they can then use this to continue to commit further attacks repeatedly until they are stopped, known as the “long tail” of a cyber-attack. For example, if a threat actor can access an email account, they can clone it without the owner’s knowledge to send and receive emails. This is a huge concern as the threat actor could carry out criminal activities, including stealing information sent via email or sending out requests to customers for payments to their own accounts.
It is always better to get on the front foot and address these threats head on. One of the most effective ways of doing this, is by adopting a data-centric approach to security which goes beyond traditional network defences, using automated tools to monitor for data outside the networkThis way, insurers can detect suspicious activity and prevent it from becoming an issue.
Mitigating the risks
The first action insurers should consider is to increase employee awareness about how to spot a scam email and how to improve credential security. Automated password tools can take the responsibility of having to create and remember credentials away from users.
To improve the focus on cyber security, insurers need to monitor the internet for any indication that an attack might be on the horizon or has already occurred. This includes both open web sources like social media and pastebin sites, and closed web sources such as secretive Dark Web forums. Cyber criminals brag about attacks to enhance their status and drum up interest for any potential sale of stolen data. Using automated monitoring to rapidly uncover this information, regardless of location, is essential to combat increasingly sophisticated attacks.
When a cybercriminal posts stolen credentials online for sale, an organisation needs to be certain the data belongs to them before taking action. Identifying who owns a particular dataset can prove difficult especially if data breaches are compiled together or the breach contains thousands or even millions or records. Fortunately, insurers can use “watermarking” techniques, where unique synthetic identities are mixed in with the real data to show, beyond doubt, that the information is theirs and that they have been victims of a data breach.
Through watermarking and automated monitoring, insurers can detect immediately if they have been the victim of a cyber-attack and act quickly to prevent fall-out.
By Jeremy Hendy, CEO, Skurio