Within the Insurance Industry, it is evident that there is an escalation in cyber security breaches. Consequently, organizations within this field are compelled to take extreme measures to ensure the safeguarding of the personal data of their customers which they store within their systems.

It is imperative to implement preventive tactics in order to avert any possible attacks. Integral to formulating a successful preventative plan is establishing a stringent Zero Trust system. Taking these precautions will ensure that potential risks are mitigated.

What is Zero Trust?

Taking on a comprehensive Zero Trust approach in the rapidly evolving insurance sector requires far more than basic security measures. This entails fortifying workplace safety, creating reliable connections, and employing automated monitoring and response protocols to minimize risk and maximize efficacy.

Marsh's Cyber Catalyst program evaluates a range of cybersecurity products and services to determine if they can provide an effective safeguard against potential risks. This evaluation is conducted by industry-leading insurers, who examine the offering for six key aspects.

  • Ransomware
  • Supply Chain Management
  • Cloud Migration
  • Social Engineering
  • Monitoring of Contained Environments
  • Privacy Regulation

The insurance industry is in the throes of a digital revolution, embracing new techniques and technologies to execute their operations remotely and augment the customer's experience. Digital claims, mobile applications, connectivity to the Internet of Things (IoT), and collaboration with external platforms all put insurers at risk of cybercriminals trying to acquire data for illicit profits. As insurers advance their procedures by taking advantage of Big Data and AI analytics, the chance for malicious actors infiltrating the system through nefarious files will only grow.

Cybersecurity and the Insurance Industry Threat

As cybersecurity in banking firms continues to grow, cybercriminals are increasingly focusing their malicious efforts on the insurance industry. Insurance companies store vast amounts of personal information related to policyholders, including names, contact details, dates of birth, social security numbers, health records and salary data. Additionally, these companies are also vulnerable to attacks aiming to gain access to policyholders’ information about valuable items such as homes, cars and other possessions.

Over the years, insurers have invested in many security measures that make them believe they are secure when cyber criminals are using more sophisticated approaches such as encryption and other advanced attack methods. A recent survey conducted by KPMG Global CEO Outlook indicated that only 43% of insurance business leaders were ready for a cyber-attack on their organization. It is important to note that traditional firewalls and antivirus software may not be enough to stop such cyber-assaults.

Taking on this type of risk can have profound consequences for insurance companies, including costly fines and legal action, not to mention potential damage to their reputation and lost customer confidence. This could detrimentally affect their brand image and market worth.

How can cybercriminals use weaponized files to launch cyberattacks on insurance companies?

Malware may infiltrate an insurance company's network or infrastructure in a variety of ways.

Attachment-based phishing: Phishing is a prevalent approach used by attackers to exploit vulnerabilities. It involves sending email messages with a malicious attachment that appears innocent to the receivers. When the receiver opens the attachment, malware is installed, and the targeted attack starts. During COVID-19, cybercriminals used the heightened proclivity and interest in the news to launch phishing attacks, utilizing pandemic-themed communications to trick unsuspecting users into downloading infected attachments. It just takes one insurance agent to open a malicious attachment to infect the whole insurance network.

Recent reports from FirmGuardian suggest a spike in spear phishing assaults aimed at individuals within an insurance firm. For instance, malicious actors could dispatch emails posing as an executive of the company, imploring a specific employee from the finance segment to settle an attached invoice - thereby enabling infiltration of the network should the document be opened. It is paramount that companies remain vigilant against such attacks.

Large number of files processed: Insurance companies face a multitude of potentially harmful files coming from various sources, such as policy forms, claims documents, and certificates of coverage. Without even needing to be maliciously intended, these cyber threats are at risk of being distributed via the file exchange – for example, if a customer’s computer is infected with malware, it could easily spread when they apply for car insurance. Therefore, insurance companies must take protective measures to fend off any cyber-related risks.

Collaboration with third parties: When insurance companies partner with vendors to offer their customers services, they open themselves up to the risks of malware and other malicious code being injected into their system. Services such as actuarial work and litigation management can cause a massive increase in the amount of attack points in this sector, putting customer data at greater risk. Being aware of the full extent of these threats is vital for anyone engaging in this activity.

Examples of cyber-attacks in insurance companies

In recent years, the insurance industry has experienced numerous cyber-attacks, typically as a result of malicious files and phishing scams. Examples include:

  • Anthem Healthcare, known for holding the dubious title of suffering the largest data breach in the healthcare system's history, had 78.8 million records stolen from its systems in January 2015. Hackers were able to gain access using spear-phishing, a method used to trick employees into revealing their usernames and passwords, exposing personal information including names, Social Security numbers, dates of birth, and residential addresses. The repercussions of the incident resulted in Anthem having to pay a hefty sum amounting to nearly $40 million in damages on top of the $115 million they were required to dispense as compensation for invasion of privacy claims.
  • Chubb Corporation, America's 12th largest property and casualty insurer, experienced a cyberattack in March 2020 that enabled intruders to access sensitive data stored with a third-party service provider. Security experts investigating the incident hypothesize it as a ransomware attack - designed to encrypt confidential files and transfer them to the attackers' servers for monetary compensation. Allegedly, information was taken from Chubb, including names and emails of top executives.
  • In March 2019, Pacific Specialty Insurance Company, a leader in automotive and home insurance services, suffered a phishing attack which yielded unauthorized access to email accounts belonging to the company's employees. This attack resulted in the exposure of personal data, including names, social security numbers, government-issued IDs, financial information and health insurance details.
  • An insurance provider located in the Netherlands recently experienced a malicious breach as a result of a CEO phishing scam. In this type of attack, employees are tricked into believing the emails in their inbox have been sent from a senior leader within a legitimate client business, prompting them to move money into a fraudulent account. These cyber-crimes can be attributed to malware that infiltrates the target’s system and provides the hackers with confidential information about their processes.

How to protect against weaponized files in insurance company cyber attacks

Scott Fouts, Vice President of Hub International Risk Services division, recently shared with Insurance Journal TV that the risk of cyberattacks is highly elevated given the current climate. With many insurers’ personnel now working from home considering the COVID-19 pandemic, insurance companies must implement proactive measures to protect their data from malicious files.

To safeguard both the integrity and usability of a file, it is necessary to adopt a more comprehensive approach to content risk and file security.

Companies use a detection-based approach to evaluate the security of files. Antivirus programs monitor for malicious code, cross-checking it against their databases of known threats. Sandboxes can detect potential attacks by keeping the file in isolation while waiting for its execution - unless the threat uses sandbox evasion strategies or is on a time delay. This enables businesses to identify malware before it inflicts damage.

With threats changing daily, traditional virus detection fails to keep up. Unidentified malicious programs - known as zero-days - are not listed in antivirus databases until after they've been discovered by users. Further, threat actors are growing increasingly more advanced and sophisticated when it comes to evading the most secure defenses. For those malicious documents that manage to make it past the defensive measures set in place, the end user has the ultimate responsibility for their activation; many, however, lack sufficient security awareness training and are thus unable to properly identify the risks involved.

Ensuring your organization total security from malicious files, Affinity Technology Cloud uses Positive Selection technology to guarantee only safe files enter your system. Unlike detection-based file security systems that can block some threats, the revolutionary Positive Selection technology makes sure every file is free from any potential risks - meaning you'll always be absolutely protected.

Discover Affinity Technology's cutting-edge solution to safeguarding your files. To find out more, click here!