Like many industries, insurance companies are in midst of a digital transformation, adopting new channels and services in order to conduct their business virtually and enhance their customers’ experiences. Digital claims, mobile apps, connection to the Internet of Things (IoT), and strategic integrations with third-party portals all open the door to cyber criminals looking to steal data for financial gain. As insurers continue to modernize their operations using Big Data and AI analytics, their exposure to potentially malicious data-filled files will only increase.
Cybersecurity and the threat to the insurance industry
As other high-profile sectors – like banking – become more secure, hackers are turning their attention toward more vulnerable targets: insurance companies. Insurers maintain a huge database of personally identifiable information (PII) about policyholders that make an enticing target for identity thieves, including names, birthdates, social security numbers, street and email addresses, health data, and employment data such as income. Information about policyholders’ personal property, such as homes, cars, and other valuables can also be a target.
Over the years, many insurers have invested in security tools that offer a false sense of security. In truth, attackers are advancing faster than traditional cybersecurity tools such as firewalls and anti-virus software, and are now leveraging encryption and other advanced attack techniques that can evade detection. In fact, according to the KPMG Global CEO Outlook survey, only 43% of insurance executives said their organization was prepared for a cyber-attack on their insurance company.
This is a dangerous risk as attacks on insurance firms can result in significant financial damages such as fines and lawsuits, as well as reputational damage and loss of trust, a factor that will negatively impact an insurer’s brand and market value.
How do cyber-criminals carry out cyber-attacks against insurance companies using weaponized files?
Malware can be injected into an insurance company’s network or infrastructure in several ways.
Attachment-based phishing: A common method used by attackers to exploit vulnerabilities is phishing: sending email messages that contain a malicious attachment but look harmless to the recipients. When a recipient opens the attachment, malware is deployed, and the targeted attack begins. During COVID-19, cyber-criminals took advantage of the increased propensity and interest in the news to carry out phishing attacks, using pandemic-themed messages to lure unsuspecting users into opening malicious attachments. It only takes one insurance agent to click on a malicious attachment, and the entire insurance network can be compromised.
According to FirmGuardian, spear phishing attacks that target a specific individual in an insurance company are on the rise. For example, a hacker may send an email impersonating a company executive asking a specific employee in the company’s financial department to pay an attached invoice, unleashing malware on the network when the file is opened.
Large amounts of files processed: Insurers accept a large number of files from a wide range of senders, either directly or through marketplaces and client-facing portals. Whether it is a policy form, claims document or certificate of coverage, insurance companies open themselves up to file-borne threats from any device or system involved in the file exchange. There doesn’t even have to be malicious intent involved: for example, if a customer’s home computer has been infected with malware, that infection could easily spread to a file sent by the customer hoping to obtain car insurance coverage, which is then opened and processed by the insurance company.
Collaboration with third-parties: The same risk occurs when insurers collaborate with third-party vendors to service their customers. Every time a customer or a vendor connects with the insurer network, there is a risk for malware to be injected along with the legitimate data. These services, such as actuarial services and litigation administrators, expand the industry’s potential attack surface.
Examples of cyber-attacks in insurance companies
The insurance industry has suffered a number of cyber breaches over the years due to weaponized files and phishing schemes. Here are a few examples:
Anthem Healthcare: Notorious for holding the record for the biggest data breach in the history of the entire healthcare system, health insurer Anthem Healthcare experienced the theft of 78.8 million records in January 2015. Highly sensitive data was stolen, including names, Social Security numbers, dates of birth and addresses. Hackers used spear-phishing to trick employees into revealing usernames and passwords, which allowed them access to the insurer’s systems. Anthem was recently ordered to pay almost $40 million in damages, on top of the $115 million they paid out to victims for breach of privacy claims.
Chubb Corporation: Chubb, the 12th largest property and casualty insurer in the United States, became a target of cyberattack in March 2020 that resulted in unauthorized access to data held by a third-party service provider. Though no official details were disclosed, security researchers believe Chubb was hit by a ransomware attack, which encrypts files, and exfiltrates the data to the attackers’ servers where it is held for ransom. The attackers claimed to have data stolen from Chub, including the names and email addresses of senior executives.
Pacific Specialty Insurance Company: In March 2019, Pacific Specialty Insurance Company, an automotive and home insurance provider, fell victim to a phishing attack that resulted in hackers gaining access to employee email accounts. The exposed names, social security numbers, government-issued IDs, financial data, and health insurance information.
Netherlands-based Insurer: In the Netherlands, an insurer suffered a breach after falling victim to the “CEO hack,” which is a phishing attack that impersonates a CEO. Employees of the insurance company received emails from a hacker pretending to be a CEO of a well-known commercial customer, requesting they transfer money into a compromised account. These types of researched hacks are often a result of infected malware that gives the cyber-criminals data insights into the target’s operations.
How to protect against weaponized files in insurance company cyber attacks
In an interview for Insurance Journal TV, Scott Fouts, vice president of Hub International’s Risk Services division, stated that with many insurers’’ employees working remotely due to COVID-19, “the likelihood of having a cyber-attack right now is pretty high.” Insurance companies must take action to protect themselves against weaponized files.
The only way to ensure a file is truly safe while maintaining its usability is by looking at content risk and file security in a whole different light than before.
The way that companies currently vet the security of files is detection-focused. Antivirus solutions scan the files for malicious code and compare the code to their databases of known attacks. Sandboxes quarantine a file and wait for it to execute its attack (if said threat isn’t on a sandbox-busting time delay or deploying a sandbox evasion technique with VBA referencing).
This focus on detection is ineffective because threats are constantly evolving. Zero-days are not listed in antivirus databases until they’re discovered, and threat actors continue to be more creative with their evasion techniques. Plus, when malicious documents make it past detection-based defenses, then their activation is left up to the end user, who likely have had some ineffective security awareness training.
Blocking the bad doesn’t work…because you’ll never know what all the bad is. Instead, insurance companies should focus on allowing only known good content in.
With Votiro Cloud, complete protection against weaponized files is guaranteed. Unlike detection-based file security solutions that scan for suspicious elements and block some malicious files, Votiro’s revolutionary Positive Selection technology allows through only the safe elements of each file, ensuring every file that enters the organization is 100% safe.
To learn more about Votiro’s innovative approach to file security, click here.