Cyber Security Alert For Insurance Brands

There are many threats currently targeting the Insurance Sector, and these threats have grown over the last few years significantly. This is primarily due to the fact that the industry holds a vast amount of monetary wealth. In addition to this enticing factor, new products, solutions, and services are created every day to support and improve the assets within the industry. But, with many new applications comes many new vulnerabilities.

Here are a few extracts from a recent Security HQ blog, you can read the full piece here btw.

Cyber Threats Insurance Companies Should Be Aware Of

Third Party Exploits – The use of third-party vendors is on the rise within Insurance agencies. The issue with this is that many of these third-part businesses do not have the right security measures in place, which leaves them vulnerable. So, while your security may be comparably fantastic, the third-party may have little in place, which means your sensitive data is still at risk.

Cloud Exploits – The rise of cloud usage within the Insurance sector has increased the risk of vulnerabilities, especially in the form of DDoS attacks. Typically, cybercriminals can access and tamper with your organisations data while blocking your employees from accessing it. But what this issue really highlights, is that there is a blind trust that organisations place in cloud service providers. This brings into question the inherited resiliency risk that you acquire from cloud service providers. If there is a critical dependency, be sure that there is a Plan B, in case of failure or cyber incident.

Where possible protect yourself contractually with SLAs and assurances from your service provider on their resiliency and DR procedures.

Ransomware – Ransomware is, in its simplest form, a type of malware used by a bad actor to threaten the victim into paying ransom, in exchange for their valuable data/access to their assets. ‘For a ransomware attack to be possible, a breach needs to be made. To create a breach, bad actors need to target an organisation or individual, and send out phishing emails. Once a phishing email attack is successful, this makes a breach possible. Then, through this breach, and without the victim knowing, a malicious payload is dropped.

A malicious payload is the element of the attack which causes the actual harm to the victim and contains the malicious code. Once the attacker has access to the victim’s networks, this leads to data exfiltration. Which is what the victim is held to ransom to.’- The Real Cost of a Ransomware Attack and How to Mitigate Ransom Threats

Compliance and Regulatory Systems

The insurance industry has a multitude of compliance, regulatory systems, and requirements in place, that are very different to security requirements in other industries. Whatever these may be, controlling the users, the logs and the security is essential to meet requirements. This is especially true when regarding data protection and information security. Even more so when this data concerns the handing of financial, personal and/or client-sensitive information.

For more information, speak to an analyst, here.


About alastair walker 8741 Articles
20 years experience as a journalist and magazine editor. I'm your contact for press releases, events, news and commercial opportunities at Insurance-Edge.Net

Be the first to comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.