When it comes to cybersecurity in the insurance industry, there has recently been a dramatic rise in the number of successful cyber attacks.
This striking increase in attacks comes as insurance companies migrate toward digital channels to create sticky customer relationships, offer new products, and expand their share of their customer’s financial portfolios.
It is predicted that attackers have penetrated this sector to exfiltrate the personally identifiable information (PII) of hundreds of people all over the world.
Therefore, in this blog post, we are going to share with you a case study of cybersecurity in the field of insurance, what makes cybersecurity challenging and the cybersecurity solutions for the insurance industry.
Case study
Despite not being the top data breaches of the century, the insurance sector has garnered plenty of attention from cybercriminals. Even insurance companies that clearly understand the world of cyber threats are not immune from becoming victims themselves.
In 2020, a threat analyst from the New Zealand based web security firm Emsisoft publicized a ransomware attack against Chubb in an email to the news media. Emsisoft’s Brett Callow said the incident in question came from the so-called Maze ransomware.
Maze, an unusually sophisticated strain of Windows ransomware, steals data, and spreads through a network and infects every computer with which it comes in contact.
As an indicator that this attack was more about exfiltrating data than taking down the Chubb systems, Jeffrey Zack, a spokesperson for Chubb, said there was “no evidence” that the breach had hit the company’s own network, adding that it was “fully operational.” Zack did not say anything beyond that.
As proof of their success, Callow said the attackers posted a listing on their website claiming to have data stolen from Chubb.
This information included the names and email addresses of three senior executives, including CEO Evan Greenberg. Chubb has not disclosed if a ransom was demanded or if it was paid.
In 2019, the FBI privately warned businesses of an increase in Maze-related ransomware incidents.
It is interesting to note that last year Target filed a $74 million lawsuit against Chubb after the retailer claimed the insurance carrier failed to adequately compensate it for the costs incurred from its 2013 data breach involving the theft of 110 million customers’ data.
Just knowing the dangers is no protection against a cyberattack. In their 2019 “Cyber Attack Inevitability” report, Chubb wrote, “When an employee at a nonprofit accidentally visited a malicious website at work, the company’s shared server became infected with a virus that encrypted all of its files.
Cybercriminals then tried to extort money from the nonprofit in exchange for releasing their stolen documents.” It is easy to imagine that something very similar to this scenario happened in the case of the Chubb Maze attack.
What causes cybersecurity to be a challenge within the world of insurance?
The unique cybersecurity challenges faced by the insurance industry are interrelated and stem from the vast amount and varying types of sensitive data with which this sector deals.
It is also essential that insurers create and maintain trust relationships with their customers. Finding solutions to these challenges is critical for the health of the industry.
The nature of the insurance business dictates that the industry collects, processes, and analyzes massive amounts of structured and unstructured data.
Structured data is highly-organized and formatted such that it is easily searchable in relational databases. It is programmatically correct and machine-readable.
Examples of structured data used by insurers include name, address, vehicle information, medical history, dates, and claim history. However, unstructured data has no predefined format or organization, making it more difficult to use and protect.
Unstructured data is information insurers collect in a human-readable format. It can be used to fine-tune what an insurer will or will not cover, spot indicators of fraud, and provide a customized customer experience.
This data comes from email, written reports, photographs, multimedia, social media, and data analytics. It can be data that needs to be preserved for legal purposes, intellectual property, and customer PII.
Traditional security tools and technologies used for the prevention of cyberattacks are not sufficient for many insurance businesses, particularly those who handle large volumes of unstructured data.
Insurance company staff in charge of data analysis often do not have the required knowledge to respond effectively to potential threats that may arise from the use of varying types of data.
Paramount to the success of an insurance company is its reputation. Nearly everyone needs insurance, but there are many insurance companies from which to choose.
Trust is an essential factor weighed by consumers when deciding on an insurance carrier. They need to know that the insurance company will pay if they have a claim and that they will protect their private and sensitive data.
A highly publicized cybersecurity breach of customer data can undermine an insurer’s reputation and have severe repercussions in the marketplace.
Cybersecurity solutions for the insurance sector
Research for cybersecurity solutions for protecting Big Data generally and the insurance industry specifically is advancing rapidly. Large data sets, including financial and private data, are a tempting target for cyberattackers, and therefore protection of these assets is the focus of many new protection solutions.
Employing artificial intelligence (AI) and machine learning (ML) can significantly help insurance companies protect against malware, ransomware, and advanced persistent threats (APT).
Because these new technologies can analyze large amounts of data quickly, they are well suited to solutions that can detect any deviation from an expected or prescribed pattern in data behavior. They can be used to monitor data workflows and respond to attacks immediately.
Technical cybersecurity solutions for the insurance industry must focus on access controls, data behavior, the encryption of large data volumes, and the prevention of data leaks.
Big Data security solutions must offer real-time analysis and monitoring and be designed to avoid performance degradation, which leads to delays in data processing.
Takeaway
On the whole, Given the sheer size and scope of the insurance industry, what happens in this sector can shape even global economies. The majority of people have personally identifiable information (PII) stored with one or more of these insurance conglomerates.
The way they protect that information can have a massive effect on a large number of people.
The high levels of risk faced by the insurance industry, combined with the abundant resources of a lucrative business model, create an environment that attracts the best and the brightest in security solution research and development.
This sector offers many opportunities for security professionals at all levels. Trust is the very essence of insurance and is, therefore, crucial for the industry to thrive. Security professionals looking for a place to make a real difference in the lives of many people need to look no further than the insurance industry.