Like many industries, insurance and financial agencies are in the midst of a digital transformation, adopting new channels and services in order to conduct their business virtually and enhance their customers’ experiences.
Digital claims, mobile apps, connection to the Internet of Things (IoT), and strategic integrations with third-party portals all open the door to cyber criminals looking to steal data for financial gain, and their exposure to potentially malicious data-filled files will only increase.
Cybersecurity threats to the industry
As other industries, like banking, become more secure, hackers are turning their attention toward more vulnerable targets: insurance agencies. Insurance agents may maintain a huge database of personally identifiable information (PII) about policyholders that make an enticing target for identity thieves, including names, birthdates, social security numbers, street and email addresses, health data, and employment data such as income. Information about policyholders’ personal property, such as homes, cars, and other valuables can also be a target.
Over the years, many agencies have invested in security tools that offer a false sense of security. In reality, attackers are advancing faster than traditional cybersecurity tools such as firewalls and anti-virus software, and are now leveraging encryption and other advanced attack techniques that can evade detection.
This is a dangerous risk as attacks on insurance agencies can result in significant financial damages such as fines and lawsuits, as well as reputational damage and loss of trust, a factor that will negatively impact an agency’s brand and market value.
How can cybercriminals carry out attacks?
Malware can be injected into an insurance company’s network or infrastructure in several ways.
Attachment-based phishing: A common method used by attackers to exploit vulnerabilities is phishing: sending email messages that contain a malicious attachment but look harmless to the recipients. When a recipient opens the attachment, malware is deployed, and the targeted attack begins. It only takes one insurance agent to click on a malicious attachment, and the entire insurance network can be compromised.
Large amounts of files processed: Insurers accept a large number of files from a wide range of senders, either directly or through marketplaces client-facing portals. Whether it is a policy form, claims document or certificate of coverage, insurance companies open themselves up to file-borne threats from any device or system involved in the file exchange. There doesn’t even have to be malicious intent involved: for example, if a customer’s home computer has been infected with malware, that infection could easily spread to a file sent by the customer hoping to obtain car insurance coverage, which is then opened and processed by the insurance company.
Collaboration with third-parties: The same risk occurs when insurers collaborate with third-party vendors to service their customers. Every time a customer or a vendor connects with the insurer network, there is a risk for malware to be injected along with the legitimate data.
Examples of cyber-attacks
The insurance industry has suffered a number of cyber breaches over the years due to weaponized files and phishing schemes. Here are a few examples:
Anthem Healthcare: Notorious for holding the record for the biggest data breach in the history of the entire healthcare system, health insurer Anthem Healthcare experienced the theft of 78.8 million records in January 2015. Highly sensitive data was stolen, including names, Social Security numbers, dates of birth and addresses. Hackers used spear-phishing to trick employees into revealing usernames and passwords, which allowed them access to the insurer’s systems. Anthem was recently ordered to pay almost $40 million in damages, on top of the $115 million they paid out to victims for breach of privacy claims.
Chubb Corporation: Chubb, the 12th largest property and casualty insurer in the United States, became a target of cyberattack in March 2020 that resulted in unauthorized access to data held by a third-party service provider. Though no official details were disclosed, security researchers believe Chubb was hit by a ransomware attack, which encrypts files, and exfiltrates the data to the attackers’ servers where it is held for ransom. The attackers claimed to have data stolen from Chub, including the names and email addresses of senior executives.
Pacific Specialty Insurance Company: In March 2019, Pacific Specialty Insurance Company, an automotive and home insurance provider, fell victim to a phishing attack that resulted in hackers gaining access to employee email accounts. The exposed names, social security numbers, government-issued IDs, financial data, and health insurance information.
How to protect against weaponized files cyber attacks
The only way to ensure a file is truly safe while maintaining its usability is by looking at content risk and file security in a whole different light than before.
The way that companies currently vet the security of files is detection-focused. Antivirus solutions scan the files for malicious code and compare the code to their databases of known attacks. Sandboxes quarantine a file and wait for it to execute its attack.
This focus on detection is ineffective because threats are constantly evolving. Zero-days are not listed in antivirus databases until they’re discovered, and threat actors continue to be more creative with their evasion techniques. Plus, when malicious documents make it past detection-based defenses, then their activation is left up to the end user, who likely have had ineffective security awareness training.
At CyberFin, our goal is prevention versus reaction, so we operate behind the scenes to protect businesses by managing threats before they get in. This saves our clients time and tens of thousands of dollars dealing with costly problems associated with simply reacting to threats and data breaches after they occur.
CyberFin is a cybersecurity Next-Gen MSSP. CyberFin actively manages the systems and data to keep out cyber criminals and provide guidance and tools for staying compliant. We have our own hand-picked tools, proprietary technology and in-house experts managing all of it for our customers. We are a holistic approach to keeping the cyber criminals and fines out of your office. Contact us today to learn more.