The past 12 months have been the worst on record in terms of cyber attacks globally. According to data, the number of incidents surged by 80% in the fourth quarter of 2020, with attacks against tech giants with fortified security and SMEs alike.
Insurance companies are specifically targeted by hackers simply because they hold vast amounts of data on their customers. In fact, insurance companies are only second to legal firms when it comes to cyberattacks. We take a look at the five top threats to insurance companies from the cybercriminal perspective
05: Outdated hardware
There is a common misconception that cybersecurity threats have to come from software. If you are using outdated hardware, your company data is vulnerable, too. Because software updates are happeing more frequently, older hardware is often unable to keep up with the changes. It's a tough call for companies that have often invested huge amounts in creating their own technology platforms. The answer for many providers is a strategic parnership with a specialised technology company. It's an expensive decision, but if an orgnaisatiion's data is exposed to a cyberattack, it could well be the death knell of the company. It is critical to regularly check company devices and replace any obsolete ones to avoid outdated hardware-related cyber-attacks.
Ransomware attacks became so prevalent in 2020, that US Treasury department issued to businesses that were guilty of helping to facilitate ransomware payments that were in violation of the US sanctions and money laundering regulations.
The message originated from the Financial Crimes Enforcement Network (FinCEN) and the Office of Foreign Assets Control (OFAC) regarding companies that offer mitigation services to victims of ransomware attacks, including digital forensics and incident response companies and cyber insurance companies that facilitate ransomware payments to cybercriminals. The payments could often be made from customers’ fiat funds, which were then typically exchanged for virtual currency and then transferred to criminal-controlled accounts.
The rise in online social interactions via social media has enabled criminals to exploit the information taken from online to launch what is termed as ‘social engineering’ attacks. The hackers use manipulation and deceptive tactics to trick people into taking specific actions online to enable hackers to bypass security measures. Because social engineering attacks occur as a result of human manipulation, it’s extremely difficult to put measures in place to stop them.
Many companies make the mistake of believing that just because they have switched to a cloud service provider, their information and data must be safe. Unfortunately, incidents of attacks against cloud service providers are on the increase - and some services are superior to others in terms of security. Servers can be susceptible to denial of services (DoS) and account hijacking attacks. Commonly, hackers can access and tamper with your company’s data while preventing your team from accessing it.
01: Outdated software
Insurance companies that use outdated software have a higher risk of cyber attack. Criminals can exploit the vulnerabilities with their superior technology to access and steal company information. Companies that don't keep on top of their software patches make their organisation vulnerable to numerous data breaches.