The bank robber Willie Sutton was once supposedly asked why he robbed banks. He responded, “Because that's where the money is.” That’s why cybercriminals relentlessly go after financial services, telecommunications, retail, and other industries online, including insurance.
Insurance companies have many high-net-worth customers, and most insurance customers don’t often check up on their accounts as frequently as other financial institutions. Unlike banking or retail, an insurance account is often set up, rarely checked, and only accessed when a rare or uncommon event occurs. These large gaps between customer interactions with their accounts give cybercriminals plenty of time to exploit weak credentials, break into accounts, and maintain ongoing access before picking the perfect time to strike.
Account takeovers involve a combination of reconnaissance, social engineering, and traditional cyberattacks. The goal is to steal and test credentials, look for ones that work, and use those credentials on other accounts. Hackers are not guessing -- they use automated tools in brute-force attacks that attempt to access vulnerable accounts. Once inside an account, cybercriminals can change contact information and beneficiaries, file false claims, and wire money to untraceable accounts.
Sophisticated cybercriminals spend a lot of upfront time researching and planning before they attempt to take over an account. This prep work can translate into a huge payoff if they are able to successfully take over a life insurance account. Hundreds of thousands of dollars, and even millions if it’s the right policy, can be hijacked.
Tension exists between a frictionless interaction for customers and enforcing appropriate security measures that mitigate risk and keep those customers safe. It’s often lose-lose: if you tighten security, it can be frustrating or confusing for customers, and if you loosen security, you’re on the hook for any customer incidents where fraud occurred.
While information technology alone cannot prevent social engineering from succeeding, the following best practices can certainly mitigate the risk of a successful account takeover.
1. Enforce password best practices.
Approximately two-thirds of people reuse passwords, increasing the risk of an account takeover after user credentials are stolen.
You can mitigate this risk by:
- Enforcing the use of multi-factor authentication (MFA). For example, does a customer only require a login to change details related to receiving payments? Or does a customer need to share another factor of authentication or go through another layer of confirmation to complete this change?
- Enforcing the use of strong passwords (such a long unique passphrase easy for you to remember but difficult for hackers to hack, or a password consisting of a mix of letters, numbers, and special characters) with a minimum length of at least eight characters.
- Periodically forcing a password reset, such as every three months.
- Monitoring password history to discourage customers from reusing passwords.
2. Invest in access and authentication policies and tools.
Many cybercriminals, despite their best efforts, display clues that show them as fraudulent. A variety of identity and access management (IAM) solutions exist to help authenticate customers logging into their accounts while flagging likely fraudulent attempts. Analytics software has grown more sophisticated in recent years to help flag likely fraud by sifting through many, many factors. In addition, these analytics tools need to be ingrained with customer service representative processes so that these frontline employees are less likely to give unauthorized access to accounts.
Some additional ways to improve access and authentication policies and procedures include:
- Setting appropriate user permissions
- Implementing transaction and application logging
- Continually patching and updating applications
- Setting up process controls around the altering of sensitive data
3. Use cybersecurity monitoring and detection tools.
With account takeovers, it’s imperative for cybercriminals to remain undetected for as long as possible. Cybersecurity monitoring and detection tools can look for suspicious activity that will identify a criminal who has breached the environment and help resecure it before they’ve had a chance to compromise any accounts or account information.
Some strategies and tools include:
- Managed Detection and Response (MDR): These tools look for security threats across your servers, computers, and entire IT network, preventing attacks before they take place. Suspicious behavior gets documented, and leads to alerts are given to IT professionals so that they can take action.
- Security Information and Event Management (SIEM): By logging events and alerts on servers, network devices, and other equipment, you can increase your chance of detecting potential threats. For example, detecting customers logging in from an unusual IP address or making significant changes to their account at 3 a.m. may raise red flags.
- Dark web monitoring: Cybercriminals buy and sell stolen user credentials on the dark web, and they use those credentials to test accounts. The earlier you are aware that compromised credentials are sold on the dark web, the faster you can implement security policy changes to protect customers.
- Strong security architecture: You need robust security for cloud and internet-facing applications to lower the chance of cybercriminals exploiting weaknesses.
VC3 can help insurance companies with cybersecurity, data management, and insurance application support. We work with insurance companies and their software vendors to ensure customers remain protected with as little friction as possible while lowering the risk of account takeovers from cybercriminals.
If you are interested in finding out more about how VC3 can help secure your insurance company to lessen the risk of account takeovers, get in touch with us today.