Latest cyberattacks on insurers ‘a wakeup call’ to shore up security

With a new cyberattack focused specifically on the insurance industry, a cyber expert is urging insurance companies need to up their security game in order to protect themselves and their customers.

Otherwise, insurers could be on the hook for a major breach, warned Matt Cullina, Sontiq’s head of global insurance business. Sontiq acquired CyberScout at the beginning of February.

So far, six U.S. insurers have reported this attack to Sontiq, with one breach resulting in the information of 500,000 being exposed. No insurers from other countries have reported seeing the attack but at least two in Canada are now investigating.

It all comes back to the convenience factor, Cullina told Canadian Underwriter. Everyone’s in a competition to provide a home or auto quote with the least amount of hassle. Think of all the “Get your quote in minutes” types of advertising insurers are putting out there. Because people don’t want to spend a lot of time inputting details about their property or vehicles, such data is provided by third-party vendors.

But it’s during the transfer process between vendor and insurer — and even quoting platform — that hackers are able to steal personal customer data.

But with great power comes great responsibility, as they say. If the transfer of such data is taking place, the proper security needs to be there, too.

“First and foremost, this has become a core way of doing business for insurance companies,” Cullina said of the quickened quote process. “It just seems like a more stringent data security model is needed. You can buy stuff online, I buy stuff online — it is a lot about convenience. But it is also a lot about consumer confidence in making sure you’re protecting their information.

“And so, in my mind, that’s always the yin and yang, the balance. And this to me is a wakeup call for the industry to really look at those business practices to make sure that they have a kind of an equal level of security.”

This pre-built data is anonymized and has redacted information, but hackers are able to get behind that, Cullina explained. There are a number of protections insurers and quoting platform sites can put in place to ensure they don’t fall victim to this type of hack.

One, he recommended, would be firewalls. Another would be ensuring that APIs — or, application programming interfaces — are being protected and not directly accessible by nefarious actors.

Then there’s CAPTCHA, which most people are familiar with as that challenge-response test that asks you, for example, to pick out all the frames of a photo that have a car in them.

“Those are not generally used on these platforms. But as you know, they’re often used almost everywhere else,” Cullina said.

Along with two-factor identification, these tools can help insurers protect themselves from a data breach.

“So additional ways to confirm that it’s a real user and a real person looking to get a real quote — verification of them,” Cullina said. “And then if you are using pre-built functionality. It just has to be secure, it has to be protected [and] it has to be only disseminated in a secure way.”

Feature image by iStock.com/sorbetto