The Threats Insurance Companies Face
Insurance companies have had little change in the current COVID-19 climate in terms of the running of their business, consumers still need insurance. However, threats to insurance companies have increased since we have entered this difficult time.
Threats that will stay
Infrastructure
There are always going to be hackers looking for a payday and they know insurance companies have the money to pay. Insurance companies can’t afford to be without their network for even an hour and hackers prey on such instances.
Social Engineering
Phishing is always going to be a constant in the insurance industry. Identifying an easy target and phishing/spear phishing is one of the easiest ways for a hacker to find their way into a network.
New Threats
Increase in attacks
With more people at home, more people losing jobs and more people needing more money the threat is increasing the longer we are quarantined. The increase includes insurance fraud and infrastructure attacks. Desperation could cause people to do dangerous things. As we are in a connected world it would not take long for any individual to find malware online and send it. Whether it be a disgruntled customer, disgruntled employee or a desperate individual the time to be extra vigilant is now.
What insurance companies will be at risk?
Quite simply, all of them. Any insurance company will come across individuals that are not happy, and these individuals could turn into huge threats for the business. To the extent they could try to maliciously attack a business, and with little to no knowledge be empowered by the web. Find like minded individuals, increasing the threat. The dangers then multiply, this is not a risk worth taking.
The measures the Insurance industry can take?
Our last blog included some of the threats insurance companies, but now we are going to look at how to mitigate those threats.
Compliance Mandates
The insurance industry is heavily regulated by different compliance mandates. Which does a lot to help the way they manage, store and use information that they have. Ensuring compliance in something like the ISO-27001 information management standard goes a long way to mitigate threats.
Penetration Testing
Insurance companies are also required to test their network infrastructure regular to ensure that their infrastructure is secure. This includes web application and infrastructure penetration testing.
What more can be done?
Phishing training and awareness is something that isn’t pushed down by compliance, but it is a huge threat to the insurance industry. Even with filters and security software to pick up malicious emails there is always something new that can get through undetected at which point the attack is dependant on the recipient. Often somebody that isn’t technically minded, and someone that may only know the basics of what to look for in a phishing email. Phishing training and awareness can help mitigate this risk, and help employees learn not to trust emails and ensure they check everything.