Exploring influences on SSC grades for insurance companies

Read Time:5 Minute, 6 Second

This blog was written by an independent guest blogger.

There are more online stores and services available than ever, and you are able to shop for almost anything online whether it’s groceries or insurance. There are many ways to protect yourself while browsing the internet, and one of those ways is to choose reputable businesses with strong security. 

Although there are standards for online businesses to follow, some have better safety measures in place than others. In particular, insurance companies are tempting targets for cybercriminals as they hold personal and financial information for numerous clients. Security Scorecard (SSC), uses a variety of factors to assess a company’s cybersecurity. 

Let’s take a look at some of the factors that influence SSC grades among insurance providers and how insurance companies can prioritize cybersecurity.

The vocabulary of cybersecurity

Most businesses these days are paying attention to security and want their clients to know it. Businesses try to build a secure online presence through blogs, webinars, training, and more. But with all companies claiming they have stellar security, it’s important to understand some of the basics of cybersecurity that all insurance companies – and all companies in general – should be implementing. Some key focus areas include:

Network segmentation directs traffic within a system and can be used to create additional roadblocks to slow and or stop scammers in the event of a breach.
Attack surface is the total number of vulnerable points a system has that can be used by criminals to retrieve private data. Businesses must identify these weak points to boost their security efforts.
Endpoint security secures entry points to networks from the various devices connected to said network. This includes phones, laptops, and tablets that are connected by remote workers. Permissions can be revoked remotely so damages can be mitigated.
Digital footprints are traces of information left behind by users while browsing online. This leaves a trail to be followed to understand what information was accessed, but it also gives hackers more info to use when targeting a company.

However, even if insurance companies are aware of these concepts and take measures to address them, there are additional factors that can impact a company’s SSC rating. 

SSC influences

Country of origin

Country of origin may impact the cybersecurity of insurance establishments for a variety of reasons. Developing countries may not have the knowledge or funding to support cybersecurity efforts. Hackers can easily exploit the outdated systems which have resulted from such circumstances. 

These exploits can be seen in the swells of cybercrime that have popped up across various countries in Africa. According to the World Bank’s Cybersecurity Multi-Donor Trust Fund project, losses from Nigeria and Kenya in 2019 were estimated at $650 million and $210 million respectively, with $3.5 billion in losses overall in Africa. The continent suffers from a shortage of cybersecurity personnel, and only 20% of African countries have the basic legal frameworks necessary to address cybercrime.

On the other hand, developed countries have the means to implement continued advancements in protecting confidential information. In addition, users in developed countries tend to be able to select an internet provider that supports faster, more secure options from the variety of providers available. 

Baseline network security and patch updates add to SSC grades, so those with more resources to build a stronger base network and roll out continuous patches are likely to have higher grades. Thus, insurance companies that reside in developed companies are likely to have higher scores than companies in developing countries.

Still, despite data safety innovations, scammers have still been able to break through and steal vital records in every country. Everyone should recognize that, regardless of country of origin, human error is a typical avenue hackers use to penetrate through security efforts. 

Sector

The three main sectors in insurance are property/casualty, life/annuity, and private health insurance. Health insurance and health care have suffered increasing risks during the pandemic. The health insurance sector may be a more appealing mark for criminals because client records can sell for up to $900 more than other personal information like credit card numbers or social security numbers. 

The sector does not directly affect SSC grades, but hacker chatter is part of the scoring system. Health insurers may have access to high ticket items, so it is possible that they may be discussed as targets. This does not mean property/casualty and life/annuity are free from these discussions. According to recent statistics, there has been a 50% uptick in the number of people buying life insurance coverage since the pandemic began, and more targets may mean more gossip about potential hits. 

Irrespective of the sector, insurers must be wary of potential internal and external breaches – usually through individuals. Phishing is one of the most common ways criminals gain entry to private data, sending email attachments that host malicious threats. Every day, insurers send and receive emails with attachments regarding client accounts, so they must properly train employees to detect and delete phishing emails. 

Key financial attributes

Capital strength, profitability, and size all have a role in cybersecurity and SSC grading. Capital strength can help businesses invest in network security, training for employees, patch rollouts, and software and services with better built-in cybersecurity features. 

Profitability and size also have their part in their level of safety. Again, higher profits and a larger client base means more motive for hackers to go after that insurance company. Size could also equate to more employees, which leads to more points of entry for spammers to abuse in the form of individuals and their remotely connected devices. This may lead to misconfiguration – another component of the SSC grading system.  

Conclusion

Insurance companies must contend with countless cyber dangers. SSC grades and the factors that influence them are paramount to understand so you can know which companies will be better able to ensure the safety of your data. Cybercriminals are persistent and will work diligently to steal sensitive information. Break-through breaches are always possible, so companies should have a plan in place to detect and address cyberattacks.

Read More

How chaos engineering can help DevSecOps teams find vulnerabilities

Read Time:24 Second

The words “chaos” and “engineering” aren’t usually found together. After all, good engineers keep chaos at bay. Yet lately software developers are deploying what they loosely call “chaos” in careful amounts to strengthen their computer systems by revealing hidden flaws. The results aren’t perfect – anything chaotic can’t offer guarantees– but the techniques are often surprisingly effective, at least some of the time, and that makes them worthwhile.

To read this article in full, please click here

(Insider Story)

Read More

Russian cyberattacks on Ukraine raise IT security concerns

Read Time:52 Second

This past week has seen an inundation of notifications concerning Russia’s overt and covert efforts to set “their” stage to provide it with a pretext to invade Ukraine once again. The realpolitik of the Russian efforts and the media focus is on the likelihood of Russia taking this course of action.

These preparatory actions include a widespread cyber component. CISOs of entities in defense, intelligence, or critical infrastructure should be monitoring what is taking place in Ukraine and heeding the advisories being issued by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), Microsoft and others.

Cyberattacks on Ukraine

On January 14 at approximately 0200 hours the cyberattacks began. Within the hour news of the hacks began appearing within the Russian media. Approximately 70 Ukrainian government websites saw their forward-facing web presence defaced, and a static message posted in Russian, Ukrainian, and Polish in essence told Ukrainians their personal information was compromised and that they should “be afraid and expect the worst.”

To read this article in full, please click here

Read More

Microsoft’s Pluton security processor tackles hardware, firmware vulnerabilities

Read Time:24 Second

While this year’s Consumer Electronics Show was impacted by COVID, it didn’t stop Lenovo from announcing the first Microsoft Pluton-powered Windows 11 PCs. First announced in 2020, the Pluton is a security processor that Microsoft developed in partnership with AMD and Qualcomm to provide what they called “chip to cloud” security. Pluton is designed to eliminate opportunities for attackers to reduce the attack surface within Windows PCs.

To read this article in full, please click here

(Insider Story)

Read More

CIS Risk Assessment Method (RAM) v2.1 for CIS Controls v8

Read Time:20 Second

CIS recently released the CIS Risk Assessment Method (RAM) v2.1, a risk assessment method designed to help enterprises justify investments for implementing the CIS Critical Security Controls (CIS Controls). This version supersedes CIS RAM v2.0, which was first released in October 2021. CIS RAM helps enterprises define their acceptable level of risk, and then manage that risk once the CIS Controls have been implemented.

Read More

A Vulnerability in Zoho Desktop Central and Desktop Central MSP Could Allow for Authentication Bypass

Read Time:28 Second

A vulnerability has been discovered in Zoho Desktop Central and Desktop Central MSP that could allow for authentication bypass. Zoho Desktop Central and Desktop Central MSP are unified endpoint management (UEM) solution that helps in managing servers, laptops, desktops, smartphones, and tablets from a central location. It allows admins to deploy patches and software over the network and troubleshoot them remotely. Successful exploitation of this vulnerability could allow for a remote user to perform unauthorized actions on a server including access to unauthorized data or the ability the write an arbitrary zip file.

Read More

How to Protect Your Social Media Accounts

Read Time:5 Minute, 3 Second

Social media is part of our social fabric. So much so that nearly 50% of the global population are social media users to some degree or other. With all that sharing, conversing, and information passing between family and friends, social media can be a distinct digital extension of ourselves—making it important to know how you can protect your social media accounts from hacks and attacks.

Beyond the sheer number of people who’re on social media, there’s also the amount of time we spend on it.  People worldwide spend an average of 145 minutes a day on social media. With users in the U.S. spending just over two hours on social media a day and users in the Philippines spending nearly four hours a day, that figure can vary widely. Yet it’s safe to say that a good portion of our day features time scrolling and thumbing through our social media feeds. 

Given how much we enjoy and rely on social media, now’s a fine time to give your social media settings and habits a closer look so that you can get the most out of it with less fuss and worry. Whether you’re using Facebook, Instagram, TikTok, or whatnot, here are several things you can do that can help keep you safe and secure out there: 

1. Set strong, unique passwords

Passwords mark square one in your protection, with strong and unique passwords across all your accounts forming primary line of defense. Yet with all the accounts we have floating around, juggling dozens of strong and unique passwords can feel like a task—thus the temptation to use (and re-use) simpler passwords. Hackers love this because one password can be the key to several accounts. Instead, try a password manager that can create those passwords for you and safely store them as well. Comprehensive security software will include one. 

2. Go private

Social media platforms like Facebook, Instagram, and others give you the option of making your profile and posts visible to friends only. Choosing this setting keeps the broader internet from seeing what you’re doing, saying, and posting, which can help protect your privacy. 

3. Say “no” to strangers bearing friend requests

Be critical of the invitations you receive. Out-and-out strangers could be more than just a stranger, they could be a fake account designed to gather information on users for purposes of cybercrime, or they can be an account designed to spread false information. There are plenty of them too. In fact, in Q3 of 2021 alone, Facebook took action on 1.8 billion fake accounts. Reject such requests. 

4. Think twice before checking in

Nothing says “there’s nobody at home right now” like that post of you on vacation or sharing your location while you’re out on the town. In effect, such posts announce your whereabouts to a broad audience of followers (even a global audience, if you’re not posting privately, as called out above). Consider sharing photos and stories of your adventures once you’ve returned.  

5. The internet is forever

It’s a famous saying for a reason. Whether your profile is set to private or if you are using an app with “disappearing” messages and posts (like Snapchat), what you post can indeed be saved and shared again. It’s as simple as taking a screenshot. If you don’t want it out there, forever or otherwise, simply don’t post it. 

6. Watch out for phishing scams

We’re increasingly accustomed to the warnings about phishing emails, yet phishing attacks happen plenty on social media. The same rules apply. Don’t follow any links you get from strangers by way of instant or direct messengers. And keep your personal information close. Don’t pass out your email, address, or other info as well. Even those so-called “quiz” posts and websites can be ruses designed to steal bits and pieces of personal info that can be used as the basis of an attack. 

7. Also keep an eye out for scams of all kinds

Sadly, social media can also be a place where people pull a fast one. Get-rich-quick schemes, romance cons, and all kinds of imposters can set up shop in ads, posts, and even direct messages—typically designed to separate you from your personal information, money, or both. This is an entire topic to itself, and you can learn plenty more about quizzes and other identity theft scams to avoid on social media 

8. Review your tags

Some platforms such as Facebook allow users to review posts that are tagged with their profile names. Check your account settings and give yourself the highest degree of control over how and where your tags are used by others. This will help keep you aware of where you’re being mentioned by others and in what way. 

9. Protect yourself and your devices

Security software can protect you from clicking on malicious links while on social media while steering you clear of other threats like viruses, ransomware, and phishing attacks. It can look out for you as well, by protecting your privacy and monitoring your email, SSN, bank accounts, credit cards, and other personal information. With identity theft a rather commonplace occurrence today, security software is really a must. 

10. Check your Protection Score and see how safe you are

Now you can point to a number that shows you just how safe you are with our Protection Score. It’s an industry first, and it works by taking stock of your overall security and grading it on a scale of 0 to 1,000. From there, it calls out any weak spots and then walks you through the steps to shore it up with personalized guidance. This way, you’re always in the know about your security, privacy, and personal identity on social media and practically wherever else your travels take you online.

The post How to Protect Your Social Media Accounts appeared first on McAfee Blogs.

Read More