Five Strategies for Reducing Cybercrime Risk

Bert Rankin is chief marketing officer for ThreatMetrix.

Most insurance providers are well aware of the potential business impact of cybercrime since cyber insurance is a growing industry segment. But no one wants to have to file this insurance claim.

Insurers do business daily over the web not only with employees, but with a virtual network of agents, brokers, claims processors, and customers spread across locations.  Web portals reduce the costs of doing business, improve productivity, and make it easier to work with independent agents. But they also potentially expose sensitive customer information such as financial data or health information to unknown web visitors.  Any unauthorized access to your data is a serious business risk.

Unfortunately, the risk of a cybercriminal accessing your data through stolen credentials or malware is large and growing.  Accounts are stolen all the time. This year, both Twitter and Evernote reported breaches of user account information.  Because many people use the same email login and password across several accounts, any data breach can put your users' logins into the hands of cybercriminals.

What are the business risks?

In a recent survey sponsored by AIG, corporate executives rated cyber threats as a top concern—ranked higher than income loss, property damage, and securities and investment risk. Consider the implications if someone connects to your data using a stolen account belonging to an agent, employee, customer or business partner?

There's the straightforward financial risk of a fraudulent claim. You also have a regulatory risk exposure. The Gramm-Leach-Bliley (GLB) Act Safeguards Rule requires insurers to protect the 'nonpublic personal information' of their customers, while Health Insurance Portability and Accountability (HIPAA) regulations cover protected health information.

The greater worry may be loss of trust in your brand. In the AIG-sponsored study, surveyed executives were more concerned about reputational damage than direct financial damage. The loss of reputation can lead to a long-term erosion of market share.

Understanding the technology risk factors

Because the pace of change in technology is fast, security measures and best practices that were effective a few years ago fall short today.  

Your employees, agents and brokers are using more devices than ever before, from more locations.  According to a recent Connected Intelligence report from The NPD Group, the average U.S. household with Internet has 5.7 devices connected to the Internet.  People may connect to your web portal using laptops, desktops, smart phones, and tablets.

Cybercriminals are getting more creative about finding ways to put malware on all of those devices. For example, malware writers use ad syndication to plant malware on otherwise trusted sites, including business sites.  According to the 2013 Cisco Annual Security Report, "The vast majority of web malware encounters actually occur via legitimate browsing of mainstream websites. In other words, the majority of encounters happen in the places that online users visit the most—and think are safe."

Malware is also getting more sophisticated.  In response to strong authentication measures, criminals have created malware specifically to either bypass or hijack secondary authentication.  Attackers have targeted the issuers of the tokens. With every new defense we put up, attackers find a way around it. Complacency is dangerous.

A Layered and Collective Approach

Despite the challenges, insurance companies can take steps today to immediately and significantly reduce the business risk posed by unauthorized access to insurance portals.

Start by identifying the business processes and data you need to protect and the risks associated with those processes. Consider who is accessing your applications, from which devices, and how many people you need to manage. Then put layers of defenses around your critical business processes, including account logins, account creation and sensitive transactions

Your objective is to make sure that everyone connecting to sensitive data is actually an authorized user—and has no cybercriminal tagging along via malware.  Your multi-layered defenses should include the following strategies:

Help agents/brokers help themselves.  Educate your employees, agents, and brokers about good practices when connecting to your applications. A little education can deflect a large number of exploits.  For example:

• Instruct your users to use strong passwords for your account, and not to share the password with other accounts. If their credentials are stolen on another account, it will not affect your logins.
• Make sure they use only secure wireless networks when connecting to your site.

You can go further by providing your employees, agents, brokers and claims processors with strong authentication measures and anti-malware software.

Know your users and their behavior. Compare details of incoming login connections with what you know about the user to find people using stolen credentials. For example, look for devices originating from the wrong country or location, or exhibiting a suspicious pattern of account login requests. When you find anomalies, you can automatically add authentication measures, such as answering a security question or calling a helpdesk.

Look for corrupted devices.  Authenticated users may acquire malware on their devices that puts your data at risk once they login. Man-in-the-browser (MitB) attacks, for example, hijack authenticated sessions. Examine inbound connections for signs of malware or for devices that are known to participate in botnets.

Secure high-value transactions. Identify the sensitive transactions on your systems and give them an extra layer of threat intelligence. For example, prevent high-value transactions from devices with suspicious configurations, or behavior that does not fit the user's regular patterns.

Leverage collective intelligence.  The threat environment is changing daily. In a global perspective, it is truly a 'big data' challenge. The only way to stay on top of this environment is to tap into a global network of websites sharing intelligence about what's happening, who the bad actors are, and how they're operating. Integrating this insight into your portal keeps you responsive to new threats and malware. The cybersecurity industry is stepping up to the challenge with global networks of transaction information that provide real-time insight into who's on the other end of a login or online transaction.

By implementing layered defenses and collective intelligence, insurance companies can mitigate the growing risks of malware and hijacked accounts compromising your sensitive data and damaging your reputation and customer trust.