Technology

Why insurers must be on the lookout for ever-opportunistic cyber attackers

Published

1 year ago

March 7, 2022

admin

By Paul Prudhomme, Head of Threat Intelligence Advisory at IntSights, a Rapid7 company

The insurance industry has long been a staple for cyber attacks. Criminals go where the money is, and the sector represents one of the most direct ways to access key personal and financial data that can be used to net an illicit profit.

More recently, insurers have faced even greater risk exposure due to their provision of cyber insurance coverage, particularly when it comes to ransomware. The sector has also seen increased attention from state-sponsored actors seeking personal data to fuel other campaigns.

Why is the insurance sector such a popular target for cyber crime?

Threat actors regard the insurance industry as a valuable source of personally identifiable information (PII) which can be used for a variety of crimes, including identity theft, other types of fraud, and further cyber attacks.

Alongside insurance documentation itself, firms will also have digital copies of items such as passports, driver’s licenses and bank statements that have been used to verify the policy holder’s identity and address. Birth dates are also particularly valuable to criminals, alongside National Insurance numbers, Social Security numbers, and their various international equivalents.

In one prominent example, U.S. insurer Ryan Specialty Group had its employee email accounts breached in April 2021. Customer names, Social Security numbers, driver’s license and passport details, and financial account details were believed to be exposed as a result.

The depth of information held by insurers on behalf of policyholders is also useful to state-sponsored threat actors, providing a large amount of data for human intelligence (HUMINT) operations or signals intelligence (SIGINT) operations.

Insurers that provide cyber insurance also face an elevated threat level. Attackers may seek to compromise their network to unearth policy details and security standards as a way of creating more effective targeted attacks.

The rising threat of ransomware

In addition to data theft, insurers are also targets for ransomware attacks. Ransomware has swiftly risen to become one of the primary cyber threats for businesses in all industries today as an infection can rapidly cripple the organisation by encrypting key files and systems. Criminals are also increasingly coupling ransom demands with data theft, often threatening to leak sensitive information unless additional payment demands are met.

However, insurers that provide cyber policies may again face increased risk from organised cyber criminal gangs and state-backed actors. In one prominent example, the Asian component of global cyber insurer AXA was struck by the Avaddon ransomware last year very shortly after announcing that it would stop reimbursing new French customers that chose to pay ransom demands.

The group responsible may have been seeking to make an example of AXA, as its previous policy of covering ransom payments would make it more likely for victims to pay up to criminals.

Why most stolen data is destined for the dark web

Stolen data is a commodity item in the shadow economy maintained by cyber criminals. Datasets are readily bought and sold on hidden forums and marketplaces on the dark web, with individuals and groups often specialising in selling data rather than using it themselves.

In one example discovered by IntSights security researchers, a Chinese-speaking criminal going by “Rebecca” was selling access to records from Chinese auto insurance companies for $3 each. These records included PII such as names, addresses, and driver’s license numbers.

Threat actors will commonly purchase PII sets from different sources to help facilitate further data theft and fraud. The insurance sector is a favourite target here as automated quote tools can potentially be exploited into revealing more information about customers. Farmers Insurance Group, for example, revealed that in early 2021, attackers attempted to use previously stolen customer names, dates of birth, and street addresses to trick its automated car insurance tool into providing driver’s license numbers.

Criminal groups now often include the threat of data disclosure as part of ransomware attacks. Defiant organisations that refuse to pay up will be punished by having their data sold on the dark web, or sometimes dumped on publicly available open web platforms. The threat aims to pile additional pressure on the victim by creating a high-profile breach that will damage customer trust and attract the attention of compliance regulators.

How can insurance firms protect themselves and their customers?

All firms operating in the insurance sector should be aware that they represent a high priority target to threat actors ranging from opportunistic criminals to highly organised gangs and even state-sponsored groups. Securing the customer data in their care should be a top priority for all insurance firms.

Insurers need to consider the context of their data and how best to protect it. B2C security measures will be significantly different from B2B equivalents, for example, and different subsectors such as auto and health insurance will also have their own security threats and priorities.

Threat intelligence is the most important asset for attempting to understand and mitigate these risks. Having access to a range of data from open and closed web sources will help insurers to build a picture of threats arrayed against them and prioritise their security strategies accordingly.

This includes insight into general trends, such as new attack tactics, malware variants, and software vulnerabilities, and can also reveal direct threats to the organisation. For example, threat intelligence might uncover discussions in a dark web forum about targeting a specific insurer because of their ransomware pay-out policy, or due to an exploit in their automated customer service system.

Effective threat intelligence can also alert insurers to the fact they have been breached by discovering criminals arranging the sale of stolen data. While the firm will still suffer reputational and financial damage, this warning can give them a chance to get ahead of the crisis.

The cyber threat landscape has become increasingly hostile for the insurance sector in recent years. In order to have the best chance of protecting both themselves and their customers, insurance providers should look to implement threat intelligence to understand the context of their data and mitigate threats accordingly.

Up Next

Tackling home insurance fraud with granular claims data

Don't Miss

Four Top Tips for Benchmarking Your Annual Cyber Security Investments

Business

How app usage can help brands increase their online revenues and customer retention

Published

1 day ago

March 23, 2023

editorial

Arunabh Madhur, Regional VP & Head Business EMEA at SHAREit Group

Brands are continuing to invest heavily in the e-commerce market despite current market and economic challenges – and they need to. Indeed, the current global e-commerce market is valued at around $5.5 trillion. Further to that, estimates show that online retail sales will reach $6.7 trillion by the end of 2023 – and e-commerce making up 22.3% of those sales.

So despite the economic and market climate, businesses must still plan for success and cater to customer demands to make the most of the global e-commerce opportunity.

Mobile apps are key

Mobile apps are now a fundamental component of retail, as they provide customers with a convenient and engaging way to shop from their phones. The past couple of years has been rocket fuel for digital transformation, providing an opportunity for the retail industry to innovate. Whilst global trends continue to point to the user growth of Facebook, TikTok and Instagram, the trends underneath the headlines highlight significant opportunities to drive new customer acquisition, which in turn demands a targeted customer retention strategy from companies.

According to research from Baymard Institute, 69.82% of online shopping carts are abandoned and with demand expected to continue, pressure is growing on retailers to expand current offerings and create personalised experiences to tackle this. One of the big challenges e-commerce companies face, though, is analysing and maximising the behaviour of users, and bringing down the cost of their marketing and engagement against how much is earned through a customer making a purchase.

To meet customer demand, mobile apps offer a variety of features such as push notifications, product recommendations, exclusive discounts and offers, and easy checkout processes, to make the shopping experience easier for customers. By leveraging the power of mobile technology, brands can create an immersive shopping experience tailored specifically to their customer’s needs, and this in turn helps increase customer loyalty, customer return rates, and maximise online revenue.

Re-targeting and re-engaging customers

Brands should focus on re-engaging with returning consumers through a personalised strategy as this can help increase the lifetime value of users, which in turn helps brands bring the cost of their marketing down knowing that brand loyalty has been achieved. According to research from Google and Storyline Strategies study, 72% of consumers are more likely to be loyal to a brand if they offer a personalised experience.

Optimising the online shopping experience is crucial in retaining customers. Today, consumers need a more ‘human’ touch, i.e., smart product suggestions based on buying history & behaviour that helps build a one-to-one relationship between brand and buyer. In particular, push notifications haven’t just enhanced personalisation but also increased app engagement by up to 88%. Push notifications have also proven to get disengaged users back, too, with 65% returning to an app within 30 days of the push notification.

Another strategy to consider is the option of adding buy now pay later (BNPL) options at checkouts for customers. Brands that add the option of financing at the checkout allow customers to spread the cost over time, which according to Klarna has resulted in a 30% increase in checkout conversation rates.

Publisher platforms allow brands to leverage their reach and sticky user base. Especially with open platforms such as SHAREit, which can help e-commerce brands create a strong revenue conversion with higher average order value with unique retargeting and user acquisition solutions. Because users are not just sharing product links, but also sharing e-commerce apps and deals among their community. Users of these publisher platforms are also encouraged to share products and apps through platform activities.

What the future of e-commerce holds for brands

E-commerce is positioning itself as a key facet in retail, and its future. With Advancements in technology, customers can access various products and services worldwide through their smartphones – making shopping more accessible than ever. Brands must put consumers at the heart of everything they do, like never before. Offering incentives and payment options, personalising customers’ experiences and re-engaging them, as well as targeting new customers, in an effective and un-intrusive way, are all ways in which they can influence purchasing decisions and improve retention figures.

Banking

Will ‘Britcoin’ change the way we bank?

Published

1 day ago

March 23, 2023

admin

The Treasury and Bank of England recently announced a state-backed digital pound is likely to be launched in the UK later this decade, following the popularity of cryptocurrencies. However, the ‘Britcoin’ will be backed by the central bank, ensuring the digital pound will be much less volatile than its sister, cryptocurrency. Could a digital pound backed by the central bank be the answer to utilising technological developments in the finance system for the better?

Ross Thompson, Accountancy and Finance Lecturer at Arden University, considers what we can expect from ‘Britcoin’, how this will impact consumers, businesses, and the economy, and whether ‘Britcoin’ could be the revolution to restore our confidence in the banking system.

Trust in our financial system hit an all-time low post the 2008 financial crash. Even ten years on from the collapse of Lehman Brothers, a survey found 66% of adults in Britain still don’t trust banks to work in the best interests of society.

This means there remains to be apprehension for people to sign up to and use a bank to help manage their money. The UK doesn’t seem to struggle too much in this arena, however, as according to the Financial Conduct Authority (FCA), most UK consumers (96%) have a current account from a bank or building society. Regardless, there is still a significant number of adults who do not have a bank account or are what is known as ‘unbanked’.

The lack of trust plays a big part here. More people want better control over their money and to cut out the middleman, hence why cryptocurrencies and blockchain became a tempting option, as it can potentially remove the need for banks for any transactions. However, the volatility of these currencies has been a cause for concern for many investors and regulators.

Blockchain and cryptocurrency are gaining more traction and are becoming more of a viable option for businesses, especially due to talks of regulations coming into fruition. This is especially true with cryptocurrency, with the government announcing crypto assets will be subject to FCA rules in line with the same high standards that other financial promotions such as stocks, shares, and insurance products are held to.

The “Britcoin” aims to solve the issues traditional Bitcoin presents. It would be backed by the central bank, which would ensure its stability and reduce its volatility, making it a more attractive option for investors and providing greater confidence in the stability of the financial system. Britcoin will be as stable as the inherent stability of the British economy and political system. It would also provide an opportunity for the UK to stay at the forefront of technological developments in the finance system – a system in which it can sometimes be slow to react.

One of the key benefits of a digital pound is that it would be much faster and more efficient than traditional banking systems. Transactions could be completed almost instantly, regardless of where the parties involved are located. This would make cross-border transactions much easier and could even help to boost international trade.

The Bank of England’s Governor, Andrew Bailey, stated: “a digital pound would provide a new way to pay, help businesses, maintain trust in money and better protect financial stability”, pointing toward the other advantage of a digital pound. It would offer more security as transactions would be recorded on a distributed ledger, which would make it much more difficult for hackers to tamper with the system. It would also provide greater transparency, as all transactions would be recorded on the ledger and could be easily traced if needed.

However, there are also some potential drawbacks. One concern is that it could lead to a reduction in the use of cash, which could have implications for those who do not have access to digital technologies or who prefer to use cash for privacy reasons. There are also concerns that a digital pound could be used for illicit activities, such as money laundering or terrorism financing. On top of this, more details are required in relation to the levels of personal account privacy; the potential to usher in ‘big brother’ banking systems is a growing a concern regarding state digital currencies.

Around 85 central banks are currently engaged in projects to create digital currencies, according to figures from the Bank for International Settlements. But as it stands, many feel there is probably little need for a digital pound; with a growing amount of people using their debit cards, phones and watches to fulfil the same function, a digital pound is deemed unnecessary. On top of this, many of the public fear that a government digital currency could potentially infringe on their privacy – despite the BoE stating the currency would be subject to rigorous standards of privacy and data protection.

And in countries where a digital currency has already been established, there has been little uptake – widely due to the lack of trust between central banks and citizens. It seems gaining users’ confidence should be the Bank’s first priority. The House of Lords economic affairs committee stated last year that a digital pound would pose “significant risks” such as state surveillance, financial instability as people convert bank deposits to CBDC during periods of economic stress, an increase in central bank power without sufficient scrutiny and could be exploited by hostile states and criminals; it is safe to say that the nation’s ‘Britcoin’ will need to be very well thought out.

It has the potential to revolutionize the finance system, however, and could provide significant benefits to investors and consumers alike. However, the potential risks and drawbacks must be carefully considered before any decision is made to launch such a currency. Having said that, if it is implemented correctly, a digital pound could be a powerful tool for utilising technological developments in the finance system for the better.