Cybersecurity in the insurance arena is a big necessity that cannot be overlooked. With a high spike in cyber attacks, organizations need protection against threats.
With the huge store of personally identifiable information (PII) about policyholders, the insurance industry has become an enticing target for cybercrime. Data breaches at insurance companies over the last few years have exposed the personal information over 100 million people. According to the reports, on February 04, 2015 an infamous data breach had happened at health insurer Anthem’s servers and accessed 80 million company records – that contains policy holder details like names, addresses, social security numbers, medical identifications and personal information – which cyber criminals could use for identity theft ploys such as accessing bank accounts and credit cards, or even to commit health insurance fraud.
How Cybercriminals Attack?
Cybercriminals use different types of malware to attack the financial and insurance companies. For instance they use ransomware – which will block a company’s access to its systems and data until a ransom is paid. Trojan horse malware such as Emotet and Trickbot – which were originally designed to break into banking systems – have become a growing threat to insurance companies.
Also, phishing attacks are often used to gain unauthorised access to an insurance company’s information.
Phishing is a fraudulent attempt to trick users into disclosing confidential information, typically by clicking a link in an email or by responding to text or phone call.For instance, lately, a phishing attack on Pacific Specialty Insurance Company – an automotive and home insurance provider, gained access to employee email account credentials – which exposed names, social security numbers, government issued identifications, financial data and health insurance information.
Protecting Against Cyber Threats
Here are some things insurance companies should do to protect their system and data from cyber threats:
- Risk Assessment:
Insurance industry and financial services are a regulated sector – and regardless of your feelings on regulation, it does get some interesting results. A risk assessment determines what data and systems need to be protected and the threat of exposure.
A risk assessment should cover:
- Where and how sensitive information is stored, who uses it and how it is used
- How email is used
- How data is remotely accessed
- What approaches are used to protect information
- When and where mobile devices are used
- Create a comprehensive security plan:
A comprehensive security plan should address security vulnerability and specify approaches – to protect against and recover from security breaches. It should not be only protecting an insurance company’s vital data from hackers and cyber criminals but also protect against inadvertent data exposure from insiders – also, the plan needs to be tested to verify that it works well.
- Implement a defence in depth:
A rock solid defence against cyber security threats can be created by implementing a solution – which implements a mix of proactive and reactive technologies. One of the approaches is endpoint detection and response (EDR) – which continuously monitors and rapidly response to cyber security threat. And EDR solution can be overly complex, producing large amounts of data and alerts.
Also, many EDR solutions rely on AI – that sometimes misses capturing key information. A better approach is managed EDR – which combines 24/7 threat monitoring, incident response and alert filtering. Managed EDR provides deeper investigation, analysis and validation of threats than EDR through a combination of advanced analytics, threat intelligence, forensic data collection and human expertise.
- Take advantage of security services:
The growing volume and sophistication of cyberattacks are making it difficult for insurance companies and their IT department to devote the time and attention needed to counter these threats. And in response to this, it‘s important to take advantage of services providers who have the expertise to develop and implement security plans.
- Establish a security culture:
A great security program needs to include training policies – that educate C-suite executives about the company’s security policies and plans and heightens their security awareness. Employees who are vigilant and motivated to protected sensitive information are the most valuable armour in the defence against cyber security threats. An important facet of security awareness training are simulations – that mimic malicious social engineering approaches such as phishing and spear phishing designed to trick employees into divulging sensitive information.
Cyber security has been of great importance in the insurance industry because of the amount of regulation in the industry. Even if you are not subject to regulations – your vendors can be and their organization could be breached compromising your data. Regulation is not the only reason, it is critical but it also because you are in the business of trust – if your customers lose faith in your ability to protect your information or provide a service reliably, your reputation and business may suffer as a result.
For more such updates and perspectives around Digital Innovation, IoT, Data Infrastructure, AI & Cybsercurity, go to AI-Techpark.com.