You Are a Target for a Cyber Attack
Bryant G. Tow | March 19, 2014
In the insurance space, I hear a few common statements about cyber security: “I am just an independent agent” or “We are only a small regional company. Who would want anything we have?” And my favorite, “The cyber criminals are only interested in the big boys.”
Cyber criminals know large companies have sophisticated defenses and the task of getting through them is daunting and costly. However, smaller organizations lack budget for IT security and rarely have even one person focused on protecting their organization.
Of the 621 confirmed data breach incidents reported in the annual Verizon Data Breach Report recorded in 2012, close to half occurred at companies with fewer than 1,000 employees, including 193 incidents at entities with fewer than 100 workers.
Symantec (one of the industry’s largest security firms) confirmed that trend. It found cyber-attacks on small businesses with fewer than 250 employees represented 31 percent of all attacks in 2012, up from 18 percent in the prior year.
Forbes magazine reported big business CEOs listed cyber security as one of their top three issues, yet small businesses are not paying security the attention it needs. Thus, your organization is the focal point of the attack. The common philosophy of cyber warfare is simple: Why attack the wolf when there are plenty of sheep for the slaughter.
By now you have likely heard of the Target security breach and how over 110 million credit card numbers were stolen by hackers. The root cause of that breach was an unsuspecting HVAC vendor. Fazio Mechanical Services was founded in Pittsburgh, Pa. with a few branch offices focusing specifically on supermarkets.
It has been reported that an email password stealing malware attack at Fazio two months prior to the attack led the attackers straight into the Target servers. Since then I have seen as exponential increase in vendor security audits in both directions. Suppliers of technology services like many of the systems insurers use to process claims and manage billing are making sure their customers are following proper practices and customers are asking suppliers to properly protect their data.
Regardless of your position on the food chain in the insurance space you need to be paying attention to the security of your organization. Agencies and carriers need to validate the security of their providers. There is a dramatic push toward the cost-effective model of cloud computing, especially among the small and middle market agencies. We outsource processing, service desks, call centers, system maintenance and anything else that can provide an increased level of productivity with a decreased cost. Many agencies are now migrating entirely toward cloud-based systems that only require a browser on their office PC.
All of your data is being stored, processed and moved through the vendor’s systems. Are you sure it is safe? It is up to you to validate the security of your data. It will be your name in the headlines.
The best place to start is to get someone with the proper security credentials like a Chief Information Security Officer (CISO) to administer a security validation audit program for each of your vendors on a regular basis. This person should report regularly to the C-suite and the board of directors on their progress.
Here is a list of the categories your CISO will be looking for each vendor to have in place:
- Physical / Environmental Security
- Risk Assessment and Mitigation
- Regulatory Compliance
- Human Resource Security and Practices
- Access Control
- Change Management
- Asset Management
- Network Configuration and Management
- Systems Monitoring and Logging
- Systems Configuration and Management
- Business Continuity Planning
- Security in Software Development
Each of these items will have a metric associated with it and should be measured against industry best practices and standards such as ISO27001, PCI DSS and any other compliance targets that may apply.
The biggest obstacle I see with regard to information security is complacency and resistance to change, especially in mature organizations that have been operating a certain way for many years. The attitude, “We have always done it this way,” will land you right out of business.
Budget line items for cyber security are rarely allocated until after the breach. By then it is too late. The average cost of a breach according to the Ponemon Institute was $8.9 million in 2012 up from $5 million in 2011. The more appropriate question is not whether you are a target but are you prepared for the attack when it comes.
Bryant G. Tow is an enterprise security executive, published author, and speaker with over 20 years of experience in technology.
- Simplifying the Move to a Third-party Print Provider
- Take a Business-Driven Approach to Continuous Improvement for Core Systems and Processes
- Electronic Chat with Ron Glozman
- Guidewire’s Data Guru Mike Byam on How Insurers are Using Internal and Third-Party Data
- Electronic Chat with Russ Bostick
- Electronic Chat with Rock Schindler
- Electronic Chat with John Siegman
- Electronic Chat with Martin Burlingame
- Insurtech Landscape 2019: Top 5 Takeaways
- Grinnell Mutual Tackles Massive Transformation -- in Stride
- A Candid Conversation with Paul Mang
- SageSure Insurance Managers Improved Competitiveness by Consolidating Payments to a Single Digital Platform
- Digital Does Matter in Insurance-- And Insurers are Missing the Mark
- The 22nd-Century Insurer: Taking a Cloud-First IT Approach
- The September/October 2019 issue of ITA PRO magazine is now available in digital format here:
- ITA Pro Magazine May/June 2019
- Spotlight on the 2019 IASA Conference
- ValueMomentum Selects Erie as Site of Regional Development Center
- Capgemini and Majesco Become Alliance Partners
- Electronic Chat with Dr. Dan Shoham
- Electronic Chat with Todd Greenbaum
- Martha Notaras: The “Outsider” with an Amazing Inside View
- Electronic Chat with Larissa Tosch
- Martha Notaras Will Join ITA LIVE 2019 as a Keynote Speaker
- Five Things to Consider When Evaluating Your Cyber Risk
- ITA Pro Magazine, January/February 2019
- Synergy Between Insurers' IT and Analytics Teams Key to Operationalizing Insights, Says Novarica
- Major Ransomware Attack Could Hit U.S. with $89B In Economic Damages
- ITA Announces 1st of Three Keynote Speakers at ITA LIVE 2019
- Electronic Chat with Jeroen Morrenhof
- Legacy Systems Are Dead. Really? Don't Count On It.
- Now Accepting Nominations for the 2019 ITA Bridge Awards
- It's time to register for ITA LIVE!
- Registration is Now Open for ITA LIVE 2019!
- What to Expect from a Digital Experience Platform Implementation
- ITA Pro Magazine September Edition is Now Available
- It's National IT Professionals Day
- Save the Date for ITA-LIVE 2019
- OneShield Software and UrbanStat Work Together to Improve Real-Time Analytics and Risk Decision-Making
- ITA LIVE 2019 - SAVE THE DATE!
- Insurance Technology Association Announces New Editor-in-Chief
- August 2018 Edition ITA Pro Magazine is Now Available
- Enterprise Architecture in an Agile World
- Top 10 Tips for Securing Your Mobile Devices and Sensitive Client Data
- Industry Insight: 4 Global Insurance Trends in Digital, Data, Content Services and Security
- Diving Deeper into Prioritizing Your Strategic Digital investments
- Why Content Rules
- How Mass Personalization Will Open the Small Business Benefits Market
- At Year End 2017, Will Your Organization Be Protected from Cyber Risks?
- Do Insurance Bots Dream of Mitigating Risk?
- Conditioned to Respond
- Managing & Mobilizing Insurance Data in a Connected World
- Race to the Finish Line
- New Tools, New Opportunities in Claims
- ITA LIVE: Reaching Insurance Industry Crossroads
- Advice to Insurance IT Leaders: Keep Your Eye on the Ball
- New Date, Venue for ITA LIVE 2017
- Guidewire Makes Major Push to Small and Midtier Market by Acquiring ISCS
- Insurance Disruption is Happening Right Now
- Insurity Adds Strategic Investment Partner, General Atlantic
- Beyond Transformation: The Convergence of Finance, Risk, and Actuarial Functions
- The Rapid Evolution of Consumer Protection Regulation
- Talent Hunt: Finding, Attracting, Retaining Top People
- Insurers Flexing Their Distribution Models
- Technology Driving Disruption in Insurance
- Fear of ‘Next Bubble’ Challenges Life, Annuity Carriers
- Technology Allows Commercial Lines Insurers to Stand Out
- Single Sign-on Viewed as Biggest Tech Challenge for Agencies
- ISCS Observes 20th Anniversary; Scurto Predicts Major Changes Ahead
- Policyholders and Their First Impressions
- Progressive Making Progress on the UBI Front
- High and Dry: Insurers Search for Disaster Recovery Plans
- Insurers Sign The (Un)Dotted Line
- Reflections of a Retired Insurance CIO
- Mobile Device Management Just One Answer to BYOD Issue
- Lessons from GEICO and Progressive on Winning the Critical Buying Stage
- You Are a Target for a Cyber Attack
- Web-based Systems are the Next Evolution in Claims Technology
- Gaining a “Wow” Experience from Web Users
- Time to Shift from Business/IT Alignment to Business/IT Alliance
- Healthcare Insurers Changing to Consumer Model
- Organization is the Key for Selecting Software Vendors
- Analysts Expound on the Needs of the Mid-tier Insurance Market
- Finding the Cure for Obamacare’s Website
- New Software Solutions Benefit Insurers on the Inside and Outside
- Products, Market Impede Investment in Systems for Life Insurers
- Combatting Cyber Threats: Predict, Prevent, Persist
- The Future of Telematics Heads Beyond Insurance
- The Shame in Cyber Security Lapses
- Building Policy Administration Systems for the Future
- Insurers Look Into The Eyes of Their Policyholders
- It’s a New Dawn for the ITA
INSURANCE IT NEWS
- Guidewire Software Announces First Quarter Fiscal Year 2020 Financial Results
- Patriot Life Insurance Company Upgrades its Life & Annuities Underwriting Capabilities with Sapiens
- SDRefinery Rebrands to Reflect Evolving Business Model and Announces New Appointments
- Zywave Acquires Data Analytics Provider miEdge
- Trov Launches White-Label Renters Insurance Application in Partnership with Lloyds Banking Group
- Bestow Announces Executive Hires
- OCTO Acquires Nebula Systems, Reinforcing Leadership in Intelligent Vehicle Diagnostics
- Eastern Alliance Insurance Group Selects Insurity’s Cloud-hosted “Workers’ CompXPress Suite”
The Email Chat is a regular feature of the ITA Pro magazine and website. We send a series of questions to an insurance IT leader in search of thought-provoking responses on important issues facing the insurance industry.
ITA LIVE 2020
ITA LIVE 2020 –SAVE THE DATE!
April 5th – 7th, 2020
The Diplomat Resort
Become a member today to receive updates – www.itapro.org/MR
BLOGS AND COLUMNS
You have surely heard it said that small businesses are the growth engine for America. Today, the phrase has a special ring to it for benefits... READ MORE
With stagnant growth and lingering low interest rates, the life insurance industry faces a challenging future... READ MORE
Finding insurance carriers willing to write commercial lines risks has always been a challenge for producers... READ MORE
As Guidewire Software prepares for the start of Connections, its 11th annual user conference that begins on Nov. 2, Brian Desmond, chief marketing... READ MORE
Case study of how a Fortune 500 employee benefits provider serving 35 million insureds throughout the U.S. and Europe transitioned from in-house... READ MORE
- Vendor Views