Insurance: The cybercriminal’s target of choice

To cybercriminals, the insurance industry represents a virtual treasure trove of invaluable information and, with it, potential profit. Like companies in the financial services and healthcare spaces, insurance industry providers gather, process, and manage vast volumes of PII (Personally Identifiable Information), making them high-value targets for cyberattacks. And insurance industry cybersecurity is a priority for IT teams.

The story of cybersecurity in insurance

Ironically, cyberthreats present both challenges and opportunities for insurers. On the one hand, insurers are prime candidates for attack and significant damage can be done in the form of fines, customer attrition, and irreparable reputational damage. On the other, cybersecurity is a growing business for insurance companies. The revenues for insurance organizations are set to grow from $6.4 billion in 2020 to $10.6 billion in 2025.

This is yet another reason why cybercriminals view insurance companies as high value targets. A cyberattack on an insurance company, and access to cyber liability insurance data, can provide hackers with just the kind of information and insights that they need to launch an attack against one – or more – of that insurer’s corporate clients. Needless to say, this type of stolen information is extremely valuable.

Over the past years, phishing and ransomware have become the most rampant forms of cybercrime and, together, represent the greatest threat to organizations. Ransomware is a form of malware designed to extort money from victims, and phishing is the delivery mechanism of choice for ransomware and other malware.

A survey conducted in 2022 by the World Economic Forum confirmed, not surprisingly, that ransomware attacks are at the “forefront of cyber leaders’ minds, with 50% of respondents indicating that ransomware is one of their greatest concerns when it comes to cyber threats.”

Cybercriminals are phishing – and you’re the phish they’re after

Phishing emails are almost as old as the internet itself. And over the years, cybercriminals have become very, very good at crafting them. Their goal? To gain unauthorized access to proprietary information. Phishing is, unfortunately, beautiful in its simplicity.

Often sent to hundreds of recipients at a time, the phishing email will contain a compelling message with a link such as, “Your account has been charged $599. Click here if you think this charge is incorrect.” That click then leads to the installation of malware, such as ransomware, on the victim’s computer which the victim must pay to have removed. Until the ransom is paid, the victim is denied access to their system.

Cybercriminals attack businesses in much the same way… but, with a bit more sophistication and a tactic that has come to be known as “spear phishing.” Spear phishing attacks are targeted at specific individuals, typically select groups of people who have something in common… such as an organization.

Spear phishers need something to start with… inside information. This inside information starts with a knowledge of the company’s brand, as well as a company-wide email alias, giving the email a look of legitimacy. Often the inside information takes the form of impersonation, with the sender claiming to be an executive’s personal assistant, or a company IT manager.

In short, the email will look nearly identical to what the target is used to receiving. The spear phishing email then “lures” the recipient into providing the cybercriminal with access to information they should not have.

Ransomware attacks grew and destructive attacks got costlier

The bad news: The share of breaches caused by ransomware grew 41% in the last year and took 49 days longer than average to identify and contain. Additionally, destructive attacks increased in cost by over $430,000. The good news (for some insurers, anyway): Organizations that had a fully deployed AI and automation program were able to identify and contain a breach 28 days faster than those that didn’t, saving $3 million in costs.

However, it’s not all or nothing. Organizations with a partially deployed AI and automation program fared significantly better than those without.

Addressing the human [error] factor

External criminal agents are not the only threats to insurance industry cybersecurity; companies must also contend with their own “human touch” processes. The 2022 World Economic Forum points out that a staggering 95% of cybersecurity breaches are due to human error.

As recently as July of 2021, the SEC reported that First American Financial Corp., a real estate title insurance company, inadvertently exposed more than 800 million personal and financial records that included social security numbers, bank account numbers, mortgage and tax records, wire transaction receipts, and driver’s license images.

The SEC subsequently brought charges and fined First American “for disclosure controls and procedures violations related to a cybersecurity vulnerability that exposed sensitive customer information. The fine was not due to cybercrime. It was due to human error.

How can organizations reduce the kind of human error, along with accidental information mismanagement, that can lead to a breach and with it, significant penalties, customer loss, and brand damage? With training.

Unfortunately, employees continue to be the weakest link in the cybersecurity chain. Training them to recognize, report, and avoid phishing, social engineering, and ransomware threats is vital, along with fostering a security culture and building processes that help eliminate the likelihood of human error. After all, there’s a reason that phishing and social engineering are as prevalent as they are — they work.

Making up for lost tech professionals

As Forrester reported in Predictions 2023: Insurance, “IT spend will rise by a modest 2% year-on-year — half of what tech teams had planned, as reducing costs will be one of the top insurance business priorities as firms head into 2023.” 58% of respondents in Forrester’s 2022 survey said that cutting IT costs would be an IT objective for their firms over the coming 12 months.” This, of course, means that insurers, will be looking to do “more with less.” In response, organizations are looking to augment and strengthen their IT teams by partnering with managed cybersecurity services companies.

Bringing Shadow IT to light

Those third-party managed IT service providers can also help in managing those devices, applications, and technologies that many companies have implemented over the past few years without the knowledge of their IT department. How did this happen?

For many organizations, 2021 forced an investment in technology that, frankly, they weren’t quite ready for. Faced with an onslaught of lean, new competitors, as well as a “pandemic transformed” consumer with an appetite for instant gratification, organizations ventured out into the tech solutions world by “lugging on” – often via Shadow IT – solutions to their legacy systems.

Did some of these solutions – cloud-based applications, such as GoogleDrive™, DropBox®, or OneDrive™ to name just a few – help a virtual workforce communicate, organize, and stay productive? Yes, they did. Do they also represent massive security and compliance risks? Yes, they do.

Keeping those doorways shut

Today’s workplace is comprised of a combination of office-based, remote, and hybrid workers. From a data management standpoint, each of these users constitutes an endpoint, with each endpoint serving as a “doorway” through which your employees access your corporate data. These doorways are also entry points for a cyberattack.

Just how significant has the issue of endpoint security become? The problem is so severe that in May of 2022, the Cybersecurity and Infrastructure Security Agency (CISA) issued an alert titled, “Weak Security Controls and Practices Routinely Exploited for Initial Access” (AA22-137A). The warning outlines those areas of a network that cybercriminals most often exploit and warning organizations to guard against poor endpoint detection and response, “as cyberattacks are getting harder to detect and protect against.

When it’s not enough, Zero Trust

Many organizations already have traditional insurance industry cybersecurity solutions in place, solutions such as e-mail scanners, corporate firewalls, web gateways, EDR, and XDR. But, with the increased sophistication of cyberattacks, these preventative solutions are simply not enough. They can prevent known malware threats, but they struggle to detect new malware strains.

The solution? A Zero Trust approach in which their traditional “prevention” solution is augmented by a post-breach one. Sometimes referred to as perimeter-less security, Zero Trust is a security framework where every user or device must be authenticated and validated before gaining access to any business system, application, or asset.

Driven by AI, endpoint response and detection tools can proactively block and isolate malware and ransomware threats.

Protection in a borderless digital ecosystem

The last two years have accelerated the need for cloud applications that can keep everyone connected, productive, and communicating anytime, anywhere. With that acceleration, of course, came new points of vulnerability, along with the dramatic number of threats to insurance industry cybersecurity. With employees working everywhere, hackers can quickly –and easily – gain access to an insurer’s network through a remote connection, then deploy ransomware or steal valuable customer data, resulting in a breach and loss of business operations. A secured infrastructure is needed to allow virtual employees to safely work, connect, and collaborate from anywhere.

About Ricoh’s ransomware containment solution

RansomCare, powered by BullWall, provides multi-layered security to protect your business from threats, halting a ransomware attack as soon as it’s detected. Enjoy a simple deployment, easy maintenance, real-time reporting, and more. All with zero impact on network performance and minimal demands on an already stretched IT department.

Built on the Zero Trust model, our ransomware containment solution delivers a 24/7 automated response to ransomware outbreaks — with built-in reporting. Enjoy a simple deployment with the following benefits:

• Hassle-free remote installation
• Halts a ransomware attack as soon as it’s detected
• Is easily maintained when updates are needed
• Deploys quickly, simply, and easily without disruption
• Provides real-time reporting
• Has zero impact on network performance, and
• Puts minimal demands on already-stretched IT resources. 

Source:  RICOH USA