The insurance industry has always been a hotspot for IT security threats since the information that can be used for insurance fraud is a hot commodity amongst hackers. Health insurance fraud alone accounts for a hefty $80 billion bill each year as estimated by the Federal Bureau of Investigations (FBI). In fact, who could forget the Anthem data breach that rocked the industry? Infosec leaders still grapple with how a similar breach would impact their organizations both from a financial and reputational perspective.
While it has long been known that insurance organizations historically possess prevalent vulnerabilities in common processes due to lack of visibility in disparate systems, one modern trend has caused an even greater span of opportunity for criminals – the emergence of big data. Meanwhile, regulators have been steadfast in their efforts to disincentivize weak security postures by imposing a growing number of regulations, putting pressure on insurance companies to try to safeguard an unprecedented amount of information. Even for organizations with hefty investments in sophisticated security teams, the sheer increase in the volume of attacks can overwhelm resources.
Why the increase in attacks
We’ve seen this increase in conjunction with Coronavirus. And while insurance companies were not immune to the same struggles of every other industry, such as safeguarding the health of their employees and taking workforces remote, they simultaneously faced the challenge of a rise in opportunistic hackers attacking the industry.
Meanwhile, at a business level, insurance organizations have been hit with dramatic declines in interest rates and vulnerability for those with a hefty investment in liquid assets. Some insurers, such as those in the automotive sector, have had to restructure their risk models due to a reduction in consumer activity, whereas health insurers are facing increased pressure due to increased activity of applicants from an unanticipated enrollment period and mass reductions in workforce health benefit recipients. In a nutshell – while insurers are forcibly adapting to unanticipated business-level changes, they must also worry about warding off cyber-attacks among increased volume, AND still remain responsible for adhering to government regulations despite these dramatic changes. Talk about a triple whammy!
What can be done?
So, as an industry already on the heavy-hitter list for cyber-attacks and now looking to divert resources to accommodate business changes, what can be done to ensure security remains optimized?
- Look to begin replacing certain people with processes: now, this doesn’t necessarily mean eliminating people altogether. But consider the importance of re-allocating personnel to transitioning processes that require human involvement, while optimizing automated processes wherever possible in their place. This is particularly feasible in the IT security environment where many vendors offer security solutions optimized with Artificial Intelligence (AI) and Machine Learning (ML) that can produce results as comprehensive or better than humans. One benefit of undertaking this approach is that it also creates a more scalable IT environment for the future, making insurance companies more resilient to emergency events. The potential downfall of this approach is: it’s a lot more complex than it sounds. Finding areas ripe for automation that won’t create temporary vulnerabilities can be confusing, meanwhile, the market is infiltrated with vendors promising to fulfill every hope and dream but can’t necessarily integrate with existing platforms/applications or may create more implementation problems than they solve.
- Implement a security framework centered around Zero Trust- as the name eludes, Zero Trust takes the approach that all users should be required to validate their identity before being given the privilege of accessing systems and data. You can think of it as a virtual courtroom where access requests are guilty until proven innocent. While it sounds like you’re telling your employees, “it’s not you, it’s me,” this approach to security has proven in spades its efficacy for improving security posture, mitigating risk, and combating increased unknowns in times of crises… much like we’re seeing in this pandemic. One major challenge organizations can expect to face is that while the framework sounds simple in theory, it can be difficult and resource-heavy to properly adjust policies and procedures to reflect it and technology to enforce it.
Your trusted partners at IDMWORKS are not only experts at strategically rolling out the changes for both recommended processes, we have the industry experience necessary to ensure you avoid common pitfalls and protect your investment throughout the process. We’ll help you navigate a roadmap that capitalizes on your existing technology but also offers recommendations for new adoptions/enhancements that can most effectively streamline processes and protect long term bottom lines.