How Finance and Insurance Providers Can Respond To The Surge of Cyberattacks
Over the past two years working from home (WFH) has rapidly accelerated in many fields. Although the pandemic’s part in contributing to this shift is undeniable, much of this trend would be impossible without software developments supporting remote work. However, digital growth has increased the chances for cybercriminals to strike out and harm companies.
Smaller and mid-sized businesses are especially at risk due to limited resources and budgets for cybersecurity. On the other hand, businesses that have had increased digital footprints have also given cyber insurance companies more information to assess risk profiles of policyholders. These data-driven insights help provide more accurate underwriting and ultimately protect the insured.
This article will discuss the ways WFH has altered the digital landscape and what, both financial and insurance, providers can do to respond to this increased growth.
Growing Digital Footprints
As of 2020, over half of the world’s population is connected to the Internet. In America, over 90% of Americans have access to the internet. These numbers stand in sharp contrast to 2007 (the year the first iPhone was released), when 47% of Americans had access to broadband Internet at home. Every year more and more people are coming online and signing up for the services and platforms that connect us in this digital age. Increasingly, our digital presence has become relied upon as a method for us to transact business and experience our lives.
More and more businesses require employees to leverage these types of digital systems, which is why we have seen a huge increase in vulnerabilities. The transition from an Internet of the wild west to a place where the vast majority of the world’s business takes place has been essential for WFH to become possible. Importantly, businesses should consider how to rebuild after Covid.
Powered by the Cyberworld: Working From Home
WFH, sometimes called remote work, or even more rarely, working from anywhere (WFA) has become key to how we do business today. The sudden shift to WFH dramatically altered the business landscape because overnight we suddenly found many workers, some of whom had never sent an email, were handed a laptop and told to sign up for Zoom.
Early in the pandemic Zoom went from servicing 10 million people a day to over 300 million. In short, the Internet got way bigger and way more crowded. Companies suddenly needed new services, like being able to encrypt your emails. This rush to cyberspace also created an open floodgate of information for cybercriminals to wade through.
Criminal Threats Online
Cybercrime is nothing new, but the massive shift to remote work has made business data all that more vulnerable to hackers. Zoombombing, the practice of breaking into private Zoom meetings and disrupting them, although largely benign, underlines the importance of securing your business’s online presence.
Something important to keep in mind is the various types of groups that perpetrate these crimes, but also the angles from which they may attack businesses. This information is critical for financial and insurance providers because by understanding how cybercriminals behave you can determine how to better protect policy-holders.
Cybercrime Perpetrators
Generally, there are three to four types of cybercriminals that can be identified based on their alignment. The first group would be government actors. These are hackers employed by the government of a nation and are frequently used to undermine the stability of other governments. Second, there are government-sponsored hackers. These groups are typically paid for by nations in order to separate themselves from the type of attack that is taking place. They attack all kinds of targets.
The third and fourth are hacking collectives and individual rogue hackers. Sometimes hacking collectives can be government-sponsored. Other times they act on their own. Frequently, these groups attack corporations of all sizes and harvest their data for sale on the dark web.
Consider how these groups might attack your clients and how your clients’ risk profile might change based on the groups that target them.
Crime Targets, Attack Vectors, and What They Mean for Financial and Insurance Providers
What methods do these criminals use though? And what are their targets? Unfortunately, I cannot cover every single type of target and attack vector here, but I will cover the most common areas and discuss how these can impact your business.
To begin, many hackers target personal data -- at all levels. This means whether a business has 2 employees or 2,000, they are ripe for being attacked. Personal data does not just mean an employee’s data either, it means all the data that the business itself has collected.
For example, hospitals store all sorts of important data on patients, including their date of birth, social security number, address, and even vital records. Encrypting records is key to preventing these data breaches. Hospitals aren’t the only vulnerable industry, however, all business owners should consider some type of insurance to prevent loss when a data breach occurs.
Second, a favorite target of many hackers is cryptocurrencies and other financial assets. Today, more and more financial institutions sell cryptocurrency or invest in it themselves. Insurance providers may offer policies that cover the loss of cryptocurrency. There are many options for safely storing your crypto, but it will definitely continue to be a major target along with all other types of assets.
When it comes to how attackers seek this information the most common methodology is phishing. Phishing involves posing as, or spoofing, a trustworthy identity. Once the hackers have gained your trust, through social engineering, they then send a file, link, or other pieces of malicious software to gobble up your information or take control over your system.
Email is one of the most common ways that phishing scams are employed, which is why it is so vital that your email is secured with the right software. Other times these scams can be employed on social media. A business may have employees on Facebook or TikTok, who subsequently, albeit unintentionally, expose their employer to threats.
Insurance companies should consider this in the underwriting process. Does the business you are insuring have a social media policy for employees? Does the business have other kinds of insurance policies in place in the event of the worst happening? A training program to protect against phishing? These should be considerations in any process you undertake.
Brute force hacking is far less common than phishing, but it often requires more resources on the part of the hacker. Businesses and financial institutions can be particularly vulnerable to these types of intrusions because of corporate software that allows many employees to connect in the cloud. A hacker targeting the database of a large corporation could easily gain access to countless files.
These are just a handful of the areas that can potentially be impacted by cybercriminals, but they are the main areas to consider if you provide either financial or insurance products.
Big Opportunities for Financial and Insurance Providers
As you can see, the increase in cybercrime and expansion of cyber vulnerabilities are opportunities for both financial and insurance providers to tailor their services to their clients. By better understanding how working from home has expanded the marketplace for hackers, financial and insurance providers can both offer more complete coverage and better protect consumers.