Cybersecurity Threats for 2013

Insurers evaluating their clients’ risk exposures are advised to monitor their own cybersecurity exposures, particularly related to mobile and BYOD.

Insurance Networking News, December 28, 2012

Pat Speer

As insurers evaluate their 2013 risk management programs, they are faced with a growing concern over the long-term effects of cybersecurity attacks.

This concern is shared by some legislators in Washington, however, in November, the Cybersecurity Act of 2012 (CSA) failed to pass the U.S. Senate. The vote was portrayed as Republican obstructionism, even though five Democrats voted against the bill and four Republicans voted for it, according to the online site The Foundry. Meanwhile, the President has vowed to issue an executive order to implement at least some of the elements of the bill.

Corporate board concerns are also growing, as directors are faced with a host of liabilities related to cybersecurity, not the least of which is federal reporting standards. As a result, boards are increasingly directing management to implement processes for identifying, assessing, and monitoring the ever-evolving sophistication of cybersecurity risks. Many are making cybersecurity a top-priority risk oversight issue.

These events create compelling reasons to encourage commercial lines customers to include cybersecurity in their insurance portfolio, and insurers are in a scramble to evaluate and highlight the greatest risk exposures and vulnerabilities to the corporate enterprise and beyond.

“This year, cybercriminals have become so advanced that security professionals are struggling to detect many of their attacks in a timely manner,” said Andreas Baumhof, CTO, ThreatMetrix, a provider of integrated cybercrime prevention solutions. “As nearly every industry is increasingly targeted, businesses and consumers must make cybersecurity a top priority in 2013 to prevent fraud and malware attacks.”

Among the trends, ThreatMetrix lists the insurance industry as being vulnerable to risk from mobile and BYOD. “Cybercriminals are also targeting insurance companies with identity takeover by using stolen credentials to access financial information. Insurance companies need to expand their security measures beyond passwords and multi-factor authentication. Layered, integrated defenses provide a more accurate picture of who is connecting to applications, and whether devices are infected with malware or disguising as a cybercriminal.”

ThreatMetrix released its list of the most threatening cybersecurity trends and risks that will impact businesses and consumers across several industries in 2013:

The Emergence of Cyberwarfare — Stuxnet, the virus allegedly developed by Israel and the United States to sabotage part of the suspected Iranian uranium enrichment program, foreshadows a new generation of warfare. James A. Lewis, a cybersecurity expert at the Center for Strategic and International Studies, indicated that at least 12 of the world’s 15 largest militaries are currently building cyberwarfare programs, and other government agencies worldwide should follow suit and prepare for imminent cyberwarfare.

Government Agencies are in the Crosshairs of Cybercriminals — Government agencies, from U.S. federal to state, are under attack from cybercriminals including the hacktivist group Anonymous and foreign governments. Chief among these in 2012 were attacks and data breaches on the U.S. Navy, NASA, the California Department of Social Services, Department of Homeland Security, and the Wisconsin and South Carolina Departments of Revenue. As a result of these attacks, millions of Americans’ bank account numbers, personal identities, financial records, usernames, passwords, e-mail IDs and security questions were compromised and these attacks show no sign of ending.

Data Breaches Will Continue to Place Top Brands at Risk — Data breaches continued at an alarming rate in 2012 including cyber attacks on such high profile brands as Yahoo, eHarmony, Zappos, LinkedIn, eHarmony, Global Payments and many others. Such attacks are expected to continue in 2013 as more security weaknesses are discovered by cybercriminals.

Malware is Trickling Down to Retail, Alternative Payments and Digital Currencies — Malware, historically targeted at financial institutions (FIs), will increasingly affect retailers, alternative payments and digital currencies in the New Year. These targets lack the same stringent levels of malware protection that FIs have spent years developing. Retail customers who typically use the same password and save login details across several accounts are also placed at greater risk for fraud.

BYOD Trend Increases Risks — The BYOD trend common in today’s corporate world increasingly opens the door for cybercriminals. They are becoming more adept at designing malware that turns employees’ devices – smartphones, tablets, PCs – into unwitting attackers of their own companies or accounts. In 2013, BYOD will continue contributing to today’s malware threats through shared devices, search engine poisoning, image searches, hidden URLs and syndicated advertisements.

For more information on related topics, visit the following channels:

• Data Management