Recent breaches have highlighted the threat originating from third parties and supply chains. Here, AJ Thompson, CCO, Northdoor plc takes a look at how cyber attacks on vital supply chain infrastructure are becoming a growing problem for insurance brands.
A recent report from Identity Theft Resource Center found that 2022 saw supply chain attacks surpass the number of malware-based attacks by 40 percent. The report also found that ten million people were impacted by supply chain attacks targeting 1,743 entities.
It is clear then that the threat from supply chains is a very real and increasing one. It crosses sectors and business types and the insurance sector is no exception. Indeed, recent events have shown that the insurance sector is now under attack from cybercriminals using third parties and supply chains as their route into data.
IE Note; You can read some Cloud security case studies at Oxeye.io by the way.
The threat to the insurance sector
The very nature of the data held by the insurance sector means that it is an incredibly tempting target for cybercriminals.
Whilst the threat of data breaches and ransomware attacks are now generally recognised by the sector as a real threat with most investing in front-line defences, the place where the attack originates now also needs to be taken into consideration.
In a recent breach, the Davies Group, a professional services and technology partner for the insurance sector and other highly regulated industries, saw services to its UK operations hit by a cyberattack. As the Davies Group connects directly into customers’ systems it is likely that cybercriminals attacked the company to gain access to multiple companies’ data – many of which were those in the insurance sector. The initial breach took place in July 2022, but the group was still dealing with consequences to customers’ systems and the backlog to services at the beginning of 2023.
This particular attack highlights the nature of the threat facing the insurance sector. With so many partners now connected to systems and infrastructure, any breach of weakness in their defences means that you are also very much at risk.
Essentially, this type of attack means it does not matter how much a company spends on their front-line defences, if their partners have vulnerabilities within theirs. You are securing the front door but leaving the backdoor wide open.
Closing the backdoor
To ensure that your front-line defence spending is not negated by vulnerabilities in your partners’ network insurance firms have to get a grip on where these potential vulnerabilities lay and shut them down.
The traditional methods of checking on partners’ cybersecurity defences are based almost entirely on trust. Whilst this is a ‘nice’ way to do business, in an age where a successful breach can have a huge impact on a business, insurance firms have to do more to ensure their partners are doing all they can to shut down vulnerabilities.
Sending out surveys for partners or potential partners to fill-out, has up until relatively recently the only way of gaining insight into what cybersecurity they have in place. This relies upon the honesty of your partners, the assumption that those filling out the forms have enough knowledge of the systems to give an accurate overview and with the sophistication of the attacks increasing all of the time, the defences currently in place may well be out-of-date and vulnerable by the time of the next audit.
Having the ability to gain insight into potential vulnerabilities can, therefore, make a huge difference to your security.
Some are turning to AI-powered solutions to gain a 360-degree, consistent, real-time view of potential vulnerabilities within partners’ systems. This means that any ‘open-doors’ can be quickly shut before cybercriminals are able to take advantage. It also means that as the threat to insurance firms becomes more sophisticated, companies are able to consistently monitor vulnerabilities as they become apparent.
Such is the urgency to gain an understanding of potential vulnerabilities we are offering companies a free consultation and vulnerability report (on themselves and three partners) to start the process of closing the backdoor, shutting down vulnerabilities and keeping cybercriminals out.
Be the first to comment