Defend Insurance Companies Against Cyberattacks
Cyberattacks against insurance companies are on the rise and attracting increased public attention in the aftermath of the 2015 data breach of Anthem Healthcare, which compromised 78.8 million records and cost the company millions of dollars in both damages and breach-of-privacy claims.
Preventing and recovering from cyberattacks is a serious challenge for insurance company leaders. In a KPMG Global CEO Outlook survey, only 43% of insurance executives reported that their companies were adequately prepared for a cyberattack.
Why are insurance companies prime targets for cyberattacks? Security and identity teams in the insurance industry struggle to defend against cyberattacks because of several factors unique to this business sector:
- Because insurance companies hold massive amounts of personally identifiable information (PII), their information systems are a prime target for cybercriminals.
- As insurance companies adopt new online services to improve customer experience, the potential attack vectors for malicious actors expand.
- Insurance companies are interconnected with scores of other businesses—healthcare providers, auto body shops, home repair companies—increasing the likelihood of supply-chain attacks that gain entry through third-party vendors.
Amount Anthem Healthcare paid to 2015 cyberattack victims for breach of data privacy
GEICO customer driver’s licenses compromised by malicious actors in early 2021
Ransom paid by CNA Financial in March 2021 to regain control of its network
Active Directory is a common starting point for cyberattacks in the insurance industry
Defending Insurance Companies Against Cyberattack
Semperis helps insurance companies prevent, mitigate, and recover from identity system-related breaches—before, during, and after an attack.
Cybercriminals target Active Directory, a 20-plus-year-old technology, because it has inherent security soft spots that are easy to exploit.
Semperis scans your Active Directory environment to uncover Indicators of Compromise (IOCs) and Indicators of Exposure (IOEs) resulting from misconfigurations over time or from in-progress attacks.
After gaining entry into an insurance company’s information systems, malicious actors can move laterally through the environment, often flying under the radar for weeks or months.
Semperis flags in-progress attacks that go undetected by SIEMs and other traditional log-based or agent-based solutions. Plus, Semperis autonomously rolls back malicious AD changes.
Cybercriminals can bring insurance companies to a halt, increasing the likelihood of businesses paying hefty ransoms rather than compromising customer data, which can lead to millions of dollars in damages as well as reputational damage.
Semperis cuts the time to fully recover the Active Directory forest from days or weeks to minutes, ensuring that insurance companies can quickly resume operations without fear of reintroducing malware that could bring the business down a second time.
“Three reasons for choosing Semperis: Immediate full forest recovery, the ability to create a lab that mirrors production, and the pleasant contract review process.”
Infrastructure & Operations Manager
Large U.S. Insurance Company
“Great product for peace of mind when protecting your Active Directory.”
—Microsoft Systems Engineer, Infrastructure & Operations, $500M+ Services Company
See the full review on Gartner Peer Insights