Cyber Attacks Against Insurance Institutions
Cyber-attacks against insurance institutions are becoming increasingly frequent and often very sophisticated. 2015 and 2016 have seen some of the biggest cyber-attacks ever on Global Insurance Providers.
Data breaches at healthcare insurers such as Anthem, Premera, Blue Cross, and CareFirst, resulted in a total loss of personal information of over 100 million US policyholders.
At a time of unprecedented cyber-attacks on insurers and an expanding cyber insurance market, US insurance supervisors have taken
the lead in addressing insurers’ cybersecurity risks.
All insurers share with third parties
All insurers, regardless of their size, complexity, or lines of business, collect, store, and share with third parties (e.g., service providers,
reinsurers) substantial amounts of private and confidential policyholder information, including in some instances sensitive health-related
Information obtained from insurers through data breaches or data loss may be used for financial gain through extortion, identity theft, misappropriation of intellectual property, or other criminal activities. Exposure to private data can potentially result in severe and lingering harm for the affected policyholders, as well as reputational damage to insurer sector participants. Similarly, malicious cyber-attacks against an insurer’s critical systems may impede its ability to conduct business.
The objective of this paper is to raise awareness for insurers on how to approach the risks presented by cyber-attacks based around
the ARM (Assess, Remediate, and Monitor) method of securing data and prevent cyber incidents.
“From criminal syndicates to terrorist organizations, to foreign intelligence groups, to disgruntled employees and other malicious intruders, the range of entities that stand ready to execute and exploit cyber-attacks has never been greater.”
U.S. Attorney General Eric H. Holder, Jr.
The ARM Method
The ARM methodology for protecting and preventing against cybersecurity attacks is a three-pronged circular methodology for employing cybersecurity practices at any insurance institution regardless of size.
In practice, the ARM methodology employs the continual use of Assessments, Remediation, and Security Monitoring to paint a picture of the security posture.
Each step of the methodology is an important piece in the protection of the critical assets of an insurance institution.
The process is deployed in a circular format always starting with the Assessment to allow for building a complete and overall picture of the organization security posture. Following the assessment is a detailed remediation plan for correcting any vulnerabilities or security holes that are found in the assessments.
The final step
The final step in the process starts with the continual security monitoring of the insurance institutions infrastructure to continually identify any possible breaches or security incidents and act to correct them.
The ARM method is circular, meaning that the process continually runs in a circle and becomes a cycle of continual assessment, remediation, and monitoring. In today’s ever-changing landscape of cybersecurity threats creating this cycle allows for the Insurance institutions to stay in front of any potential vulnerabilities, incidents, security breaches, or loss of data.
The assessment starts the ARM method by assessing the current state of the network, business, and security policies of an insurance
For any insurance institution to assess the risk they need to know what assets they have, what assets are authorized to be on their network, and what assets are most important to protect.
Assessments are recognized as a crucial component of network security and are the critical first step in the ARM… method.
The assessments are performed to determine the actual security posture of the network environment.
They are designed to explore whether an attack that could potentially bypass defenses and find an exploitable element in the network that could be used to steal information.
Assessment consists of:
- Penetration Testing (also called pen testing), is the practice of testing a computer system, network, or Web application to find vulnerabilities that an attacker could exploit.
- Vulnerability assessment is a process that defines, identifies, and classifies the security holes (vulnerabilities) in a computer, network, or communications infrastructure.
- Security Policies and Procedures Assessment is the practice of looking at the business or policy and procedure side of an organization to determine if they are using the correct policies and if those policies are being followed.
Regulation and Compliance
As the insurance regulatory landscape becomes increasingly complex with many States and Jurisdiction creating their own sets of regulation the risks associated with noncompliance increase and grow costlier.
Many insurance organizations and their security staff are required to show compliance with internal policies, federal and state regulation, and industry standard.
Current best practices indicate that a vulnerability assessment should be performed a minimum of four times per year, with penetration testing done yearly.
Insurance institutions should be conducting regular assessments and using those assessments to identify all cybersecurity risks associated with firm assets then they should plan to prioritize their remediation of the risks.
Remediation is the second phase of the ARM method and as such take the assessments and works with the stakeholders to identify the most important assets and the most critical vulnerabilities to fix. Each assesses/vulnerability that is identified to be updated/fixed will be completed during the remediation process and rescanned to validate that the vulnerability has been addressed.
Continual Monitoring is the final step in the ARM methodology for dealing with cybersecurity breaches. The GBMS Tech, Ltd. SOCaaS provides insurance institutions with the ability to have continuous monitoring of their network and security infrastructure without the need for additional FTEs or security staff to their organization.
Due to ever increasing sophistication and persistence of malicious cyber activity combined with the sheer complexity and volume of security information, detecting security breaches requires an insurance institution to have a monitoring strategy in place to deal with the
potential for malicious cyber activity. The GBMS Tech, Ltd. SOCaaS has been developed and created to work with the institution to develop a strategy and deal with any breaches or incidents that are identified.
Once a potential breach has been identified, response timing is critical in the monitoring process.
The process, people, and technology that will respond to any breaches in accordance with the incident response plan of the insurance institution must have already been identified.
This guide does not address all areas of security; however, it does provide a proven method for cyber risk reduction that could allow an insurance institution to withstand or identify any potential cyber threats.
For further information, please contact us. email@example.com
The last 18 months have seen an increase in the number of Cyber Security breaches globally. These have ranged from ransomware attacks, huge data breaches, supply chain threats and the proliferation of 'fake news' items. Such threats pose a significant risk...
Security - providing physical and logical protection GBMS Tech powers the cybersecurity for CoolDC the innovative eco-friendly data center(s) to provide a best-in-class server environment perfect for businesses and enterprise who need a fast, socially...
Case Study 1 Federal Defense Contractor Number of Employees: 40 Service Performed: Insider Threat Detection Outcome: GBMS Tech deployment team performed an exhaustive investigation into the operations and employees at a medium-sized federal cybersecurity...
CASE STUDY | A regional bank in the MD/DC/VA area contracted GBMS Tech Ltd to monitor the bank’s various security systems.
Concerned about unauthorised network traffic, a regional bank in the MD/DC/VA area contracted GBMS Tech Ltd to monitor the bank's various security systems. GBMS Tech Ltd uncovered a bot net being used in a denial of service attack. A common tactic used to...
GBMS Tech's Bradley Morgan today has been at the Cyber incursion event in London with Kevin Mitnick. Kevin Mitnick is perhaps best known as the hacker who made it onto the FBI's Most Wanted List for breaking into the computer systems of multiple...
Last week James Clements our assistant manager of the ICO team, our chief business development officer (CBDO) Bradley Morgan attended the excellent event hosted by London Blockchain Foundation discussing our new cyber defence system at the with founder and...
Why You Need a Cyber Security Assessment – Now As a small or midsized business, did you know you’re not only targets of cybercrime alongside larger companies…but you are cyberattackers’ main target, according to the SEC? It’s true – most of all...
Does Your IT Team Really Understand Your Cybersecurity Needs? Even the most seasoned cybersecurity professional has only a few decades of experience, so it should come as no surprise that many IT professionals may not be fully up to speed when it comes to...
The Norse Corporation performed research of the Sony Hack and determined that there was a disgruntled employee fired in May 2013 who had super privileges to most of the infrastructure. Norse also determined that the English written malware used to execute...
The proliferation of cloud based infrastructure presents a host of risk exposures to an enterprise, no matter the size of the enterprise. The primary risks are internal and external: operational, strategic, environmental, financial and legal. The bottom...