Cyber Warfare: Prepare Your Insurance Systems for Attack in 2017
The need for information security (infosec) is nothing new. But the game is changing in 2017. As the IIA.org blog reports, “As the IoT leads to more connections between people and machines, cyber dependency will increase, raising the odds of a cyber-attack with potential cascading effects across the cyber ecosystem.” The October 21 distributed denial of service attack (DDoS), which left thousands of websites inaccessible, is a grave reminder of our corporate vulnerabilities.
Ransomware, the work of online extortionists, has also become commonplace, with infections growing threefold between January and December 2016, according to security firm Kapersky Lab. Tripwire.com reports that in December 2016 alone, 32 new ransomware samples emerged and 33 existing strains were updated. Hospitals, government agencies and even insurance carriers have been hit.
A little cyber history
Since 2005, we’ve seen more than 4,500 data breaches hit public record, according to Privacy Rights Clearinghouse. Every year, the Verizon Data Breach Investigation Report announces new numbers. As the global volume of data grows year over year, opportunities for theft grow, too.
It’s not just small, inexperienced companies falling prey to hackers. Some of the biggest breaches in history have happened to some of the biggest players, many of them for exposures that really should have been caught sooner. For example, everyone knows it’s important to set a strong password, right? Yet just last spring, Verizon found that “63 percent of confirmed data breaches involved weak, default or stolen passwords.”
It’s not just big players either: hacking can be automated, and some criminals prefer to streamline their efficiencies with low-yield, high-volume attacks. Don’t forget: cybercrime isn’t just a pastime. It’s a growth industry.
In other words, no one’s safe. That’s true on a philosophical level (beware anyone who guarantees security outright, because the reality is, any defense mechanism can theoretically be cracked); it’s also true on a practical level, as too many companies continue to neglect the simple best practices that could have kept them safe.
How does this topic come home to roost? According to a study by Experian Data Breach Resolution, businesses dealing in essential services should prepare for “full-on” attacks in 2017.
Business Insurance provided the highlights: expect cybercrime to get offensive. Corporations that have been hacked before may see old usernames and passwords sold all over again on the dark web in “aftershock” breaches. Payment system attacks will evolve and adapt. A lack of international agreement on “rules of engagement in cyberspace” will allow attacks to proliferate.
For healthcare organizations “mega” breaches are predicted, in which attacks on insurance wander into attacks on hospital networks. Anything connected, from OBD dongles, to autonomous cars, to connected homes have hacking potential. Johnson & Johnson recently issued a warning that even insulin pumps could be hacked. For insurers the risk is two-fold: They need to be concerned about their own systems and data being hacked and they also need to be ready for the implications of their policyholders being hacked.
For example, if you’re running a usage based insurance program that relies on dongles, and your dongles are hacked, causing drivers to lose control of their cars and crash, what are the potential implications?
While we urge all insurers to be vigilant and prepared for emerging cyber risk scenarios, we want you to know that at Silvervine Software, we practice what we preach.
Last spring, we completed our SOC 1 No. 16 Type 2 Exam. That’s infosec-speak for having passed an intensive security audit administered by a qualified third-party. As we’ve said, “Companies who complete an annual SOC 1 examination are able to demonstrate a substantially higher level of assurance and operationally visibility than those companies who do not.”
In summary, we offer highly secure insurance software as well as secure hosting services with a Mirrored Failover Option that provides internal redundancy at two secure locations more than 100 miles apart. Learn more here or request a demo.