Connect with us

Technology

Why insurers must be on the lookout for ever-opportunistic cyber attackers

Source: Finance Derivative

By Paul Prudhomme, Head of Threat Intelligence Advisory at IntSights, a Rapid7 company

The insurance industry has long been a staple for cyber attacks. Criminals go where the money is, and the sector represents one of the most direct ways to access key personal and financial data that can be used to net an illicit profit.

More recently, insurers have faced even greater risk exposure due to their provision of cyber insurance coverage, particularly when it comes to ransomware. The sector has also seen increased attention from state-sponsored actors seeking personal data to fuel other campaigns.

Why is the insurance sector such a popular target for cyber crime?

Threat actors regard the insurance industry as a valuable source of personally identifiable information (PII) which can be used for a variety of crimes, including identity theft, other types of fraud, and further cyber attacks.

Alongside insurance documentation itself, firms will also have digital copies of items such as passports, driver’s licenses and bank statements that have been used to verify the policy holder’s identity and address. Birth dates are also particularly valuable to criminals, alongside National Insurance numbers, Social Security numbers, and their various international equivalents.

In one prominent example, U.S. insurer Ryan Specialty Group had its employee email accounts breached in April 2021. Customer names, Social Security numbers, driver’s license and passport details, and financial account details were believed to be exposed as a result.

The depth of information held by insurers on behalf of policyholders is also useful to state-sponsored threat actors, providing a large amount of data for human intelligence (HUMINT) operations or signals intelligence (SIGINT) operations.

Insurers that provide cyber insurance also face an elevated threat level. Attackers may seek to compromise their network to unearth policy details and security standards as a way of creating more effective targeted attacks.

The rising threat of ransomware

In addition to data theft, insurers are also targets for ransomware attacks. Ransomware has swiftly risen to become one of the primary cyber threats for businesses in all industries today as an infection can rapidly cripple the organisation by encrypting key files and systems. Criminals are also increasingly coupling ransom demands with data theft, often threatening to leak sensitive information unless additional payment demands are met.

However, insurers that provide cyber policies may again face increased risk from organised cyber criminal gangs and state-backed actors. In one prominent example, the Asian component of global cyber insurer AXA was struck by the Avaddon ransomware last year very shortly after announcing that it would stop reimbursing new French customers that chose to pay ransom demands.

The group responsible may have been seeking to make an example of AXA, as its previous policy of covering ransom payments would make it more likely for victims to pay up to criminals.

Why most stolen data is destined for the dark web

Stolen data is a commodity item in the shadow economy maintained by cyber criminals. Datasets are readily bought and sold on hidden forums and marketplaces on the dark web, with individuals and groups often specialising in selling data rather than using it themselves.

In one example discovered by IntSights security researchers, a Chinese-speaking criminal going by “Rebecca” was selling access to records from Chinese auto insurance companies for $3 each. These records included PII such as names, addresses, and driver’s license numbers.

Threat actors will commonly purchase PII sets from different sources to help facilitate further data theft and fraud. The insurance sector is a favourite target here as automated quote tools can potentially be exploited into revealing more information about customers. Farmers Insurance Group, for example, revealed that in early 2021, attackers attempted to use previously stolen customer names, dates of birth, and street addresses to trick its automated car insurance tool into providing driver’s license numbers.

Criminal groups now often include the threat of data disclosure as part of ransomware attacks. Defiant organisations that refuse to pay up will be punished by having their data sold on the dark web, or sometimes dumped on publicly available open web platforms. The threat aims to pile additional pressure on the victim by creating a high-profile breach that will damage customer trust and attract the attention of compliance regulators.

How can insurance firms protect themselves and their customers?

All firms operating in the insurance sector should be aware that they represent a high priority target to threat actors ranging from opportunistic criminals to highly organised gangs and even state-sponsored groups. Securing the customer data in their care should be a top priority for all insurance firms.

Insurers need to consider the context of their data and how best to protect it. B2C security measures will be significantly different from B2B equivalents, for example, and different subsectors such as auto and health insurance will also have their own security threats and priorities.

Threat intelligence is the most important asset for attempting to understand and mitigate these risks. Having access to a range of data from open and closed web sources will help insurers to build a picture of threats arrayed against them and prioritise their security strategies accordingly.

This includes insight into general trends, such as new attack tactics, malware variants, and software vulnerabilities, and can also reveal direct threats to the organisation. For example, threat intelligence might uncover discussions in a dark web forum about targeting a specific insurer because of their ransomware pay-out policy, or due to an exploit in their automated customer service system.

Effective threat intelligence can also alert insurers to the fact they have been breached by discovering criminals arranging the sale of stolen data. While the firm will still suffer reputational and financial damage, this warning can give them a chance to get ahead of the crisis.

The cyber threat landscape has become increasingly hostile for the insurance sector in recent years. In order to have the best chance of protecting both themselves and their customers, insurance providers should look to implement threat intelligence to understand the context of their data and mitigate threats accordingly.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Business

Using technology to safeguard against fraud this holiday season

Source: Finance Derivative

Tristan Prince, Product Director, Fraud & Financial Crime, Experian

The holiday season brings with it a surge in consumer spending, with UK shoppers expected to part with an impressive £28 billion this year. Unfortunately, this increased activity also draws the attention of cybercriminals looking to exploit vulnerabilities in security systems and personal data.

For financial institutions, the stakes have never been higher. With identity fraud on the rise and new regulations from the Payment Systems Regulator, there is a pressing need to ramp up fraud prevention measures. This season, businesses must leverage innovative technologies to protect their customers and ensure a safe shopping experience.

Fraud is on the rise

In recent years, the prevalence of fraud has reached new levels. Identity fraud alone has seen a 21% increase during the holiday season since 2021, with last year’s figures showing that 83% of all fraud cases were identity-related.

This alarming trend continues in 2024, with a 12.5% increase in identity fraud cases recorded in just the first half of the year. These statistics highlight a troubling reality: fraud is evolving, becoming more sophisticated and harder to detect.

Technology: the key to fighting fraud

Despite these challenges, financial institutions are not powerless. Advanced technology is playing a pivotal role in strengthening defences against fraud. From artificial intelligence (AI) to collaborative data networks, companies now have powerful tools at their disposal to outwit even the most determined criminals.

Artificial intelligence: a game-changer

AI has emerged as a cornerstone in modern fraud prevention strategies. By analyzing massive datasets in real time, AI can quickly identify unusual activity and potential fraud.

Here’s how AI is reshaping fraud detection:

  • Real-time monitoring
    AI systems continuously monitor transactions, instantly identifying irregular patterns that could indicate fraud. This allows institutions to intervene before any damage is done.
  • Behavioral insights
    By examining customer behaviour, AI can detect deviations from typical spending habits, such as unexpected purchases or login attempts from unusual locations. These insights not only help prevent fraud but also improve the experience for legitimate customers by reducing unnecessary disruptions.
  • Strengthened identity checks
    AI-powered tools verify customer identities by cross-referencing data from various sources, ensuring transactions are carried out by the right individuals while minimizing delays.

Data sharing: strength in unity

In addition to AI, collaborative data sharing between financial institutions is proving to be a powerful weapon against fraud. By pooling insights on fraudulent activities and suspicious trends, companies can create a unified front to tackle threats more effectively.

The benefits of data collaboration:

  • Broader visibility: Sharing information helps institutions detect fraud patterns that might otherwise go unnoticed within their own systems.
  • Faster action: Real-time data exchange ensures that when one company flags a suspicious transaction, others can respond immediately, preventing further attacks.

Holiday security: a shared responsibility

The fight against fraud is a continuous battle. Although technology has made significant inroads in preventing financial crime, fraudsters are constantly refining their methods. This requires financial institutions to remain agile and invest in the latest innovations.

Encouragingly, advancements in fraud prevention are already yielding results. For example, the financial services sector successfully blocked £710 million worth of unauthorized fraud in the first half of 2024, thanks to cutting-edge solutions like AI and data-sharing networks.

Making the holidays safe for everyone

As the festive season gets underway, businesses must prioritize the safety of their customers. Through strategic use of technology, financial institutions can outpace fraudsters and protect consumers during one of the busiest shopping periods of the year.

By embracing innovation, fostering collaboration, and maintaining vigilance, companies can ensure that shoppers feel secure, and the spirit of the season remains intact. Together, we can make this festive season safer for everyone.

Continue Reading

Business

The Evolution of AI in Trading: Building Smarter Partnerships Between Humans and Machines

In these uncertain times where what we are seeing is increasing and perhaps most importantly , unprecedented volatility in the financial markets, it is no surprise that the integration of AI in trading has become a focal point of industry discussion. Today, we’re witnessing a fundamental shift in how traders approach markets against the backdrop of an exponential growth in data complexity.

You get a sense that it’s the same story on trading desks worldwide. One can not deny that the sheer volume and velocity of market-moving information has now surpassed human cognitive capacity. All this means is that we’re at a critical inflection point.

If you look back, it’s clear that ever since the first algorithmic trading systems took seed, we’ve been moving toward this moment. But as with most things in financial technology, the reality is somewhat more nuanced.

The Reality of Real-Time Analysis

Initially, many believed AI would simply replace human traders. But yet perhaps what we need here is some perspective. It is my view that we can expect AI to augment rather than replace human decision-making in trading. Think of it like this – in this scenario, machines will help handle the heavy lifting of data processing and analysis while traders focus on final strategy.

Now, there’s a reason why leading trading houses are investing heavily in AI capabilities and it is simply because successful trading will increasingly rely on human-AI partnerships. At least that’s what our experience with the major trading institutions we work with indicates.

Risk Management in the AI Era

Let’s briefly look at risk management and AI’s capacity for processing vast amounts of market data is nothing short of remarkable. What we’ve found using our own systems in-house is that risk management becomes more proactive when powered by AI. Again and again, we have been seeing how machine learning models can identify potential risks before they materialise, helping a trader to make better trading decisions and spotting new opportunities which may otherwise not have surfaced.

So there it is. The keys to effective risk management lie in combining AI’s processing power with human judgment. And the good news is despite these technological advancements, it can not be overstated just how important human experience remains.

The Evolution of The Human-AI Partnership

In this light, as long as we rely on markets driven by human behaviour, we’ll need human insight. And so, defining what is classed as effective AI integration is becoming vital, as is helping traders to understand both AI’s capabilities and limitations.

From our point of view it has been fascinating to witness the different reactions to embedding AI capabilities in trading – from keen early-adopters willing to take a chance on something new all the way down to dinosaurs prefer to rely on traditional methods and will inevitably be left behind as the race for AI supremacy intensifies.

Increasingly, we’re seeing successful traders embrace AI as a partner rather than a replacement. At the end of the day, markets are complex adaptive systems and those who will win will be those who use AI to enhance human decision-making.

As for the future, one cannot argue against the fact that AI will play an increasingly important role in trading. Even that feels like an understatement.  Everywhere you look, trading firms are investing in AI capabilities – some far more quickly and deeply than others – and it’s without a doubt that this trend will continue exponentially.

Author Bio

Wilson Chan is the Founder of Permutable AI, a London-based fintech pioneering AI solutions for financial markets. With roots at Merrill Lynch and Bank of America, he bridges institutional trading expertise with cutting-edge technology. Their latest innovation, the Trading Co-Pilot, delivers real-time event-driven insights for traders, combining geopolitical, macroeconomic, and supply-side data.

Continue Reading

Business

Driving UK business growth with AI reskilling, even during economic uncertainty

Alexia Pedersen, SVP International at O’Reilly

Amid ongoing economic challenges, UK businesses are grappling with salary stagnation and limited hiring. Employees, eager to advance their careers, are turning to digital reskilling as a pathway forward. Our latest research found that almost four in five (79%) UK employers have seen staff request digital upskilling opportunities over the last twelve months to strengthen their career prospects, particularly in roles linked to emerging technologies like AI and machine learning (ML).

Our platform has witnessed a surge in demand for learning resources on AI programming (66%), data analysis (59%), and operational AI/ML (54%) learning materials. We’ve also seen an uptick in demand for general AI literacy as IT teams encounter the hallucinations generative AI tools can exhibit.

However, given the accelerated integration of generative AI in most enterprises, the need for general AI literacy has extended beyond IT teams. In fact, 60% of enterprises are expected to have adopted generative AI in some form by the end of this year. Yet, while most business leaders agree their workforces need to be reskilled in GenAI, only 10% of workers are currently trained in GenAI tools. Now, non-technical employees are now seeking reskilling opportunities in AI and ML, cybersecurity, data analysis and programming.

This shift reflects widespread recognition of how emerging technologies can redefine roles and unlock new opportunities. So, how can employers ensure that every employee – not just IT – develops the skills to navigate and leverage AI and other digital tools?

Cultivating a culture of continuous learning

The integration of digital technologies requires more than just adopting the latest tools; it demands a skilled workforce committed to long-term innovation and growth. Businesses deploying AI must prepare every employee to effectively use these tools. Here, a continuous learning approach will ensure that digital transformation benefits the organisation at every level, driving resilience and adaptability within an evolving tech landscape.

Embedding learning in daily workflows, encouraging curiosity, and supporting tailored development initiatives can help achieve this goal. Cross-functional collaboration and knowledge-sharing can help to break down silos, allowing diverse perspectives to be shared amongst teams.

To foster a culture of continuous learning, people teams should emphasise to management the importance of “re-recruiting” to highlight the value of continuously investing in and engaging with talent as consciously as during the hiring process. The best results stem from having an executive sponsor who leads by example, championing learning at all levels. At the same time, employees should feel empowered to take ownership of their own growth, creating a culture where development is an ongoing, shared responsibility between individuals and the organisation.

Joining a company is only the beginning, and sustaining a valuable relationship depends on both the organisation’s support and the employee’s commitment to their own continuous development. To thrive, employees must actively seek out skill-building opportunities and leverage the learning resources available to them. Doing so will help employees remain agile within an evolving technological landscape, while also enhancing their own productivity and contributing to overall organisational success.

Real-time learning

For employees seeking opportunities for personal growth, to bridge the gap between learning and day-to-day responsibilities, employers can harness the ‘in the flow of work’ approach to provide staff with real-time access to quality learning content.

This concept was coined by Josh Bersin to describe a paradigm in which employees learn something new, quickly apply it and return to their work in progress. It’s different from traditional learning approaches like attending a seminar or conference. These learning formats are effective, but many employees simply don’t have the time to devote to them or they prefer to learn at a time that suits them best.  

Instead, it entails providing employees with tools that allow them to quickly find contextually relevant answers to their questions at a time that suits their schedule. Companies can offer ‘in the flow of work’ learning opportunities via an L&D partner to tailor materials to an individual’s unique learning style and objectives.  

This is particularly important not only for young talent who are new to the workforce but also for existing employees who are proactively seeking opportunities to develop their skills and advance their careers. In turn, this approach to workplace learning will increase employee engagement and productivity, fostering innovation and growth that improves the bottom line.

Preparing for the future

As businesses face a rapidly evolving landscape, a continuous learning strategy focused on digital reskilling and upskilling can help them remain competitive. It empowers employees to take charge of their personal growth, fostering a resilient workforce prepared for tomorrow’s challenges.

For companies navigating hiring freezes or budget constraints, prioritising AI literacy and skills development amongst their employees in critical areas such as cybersecurity, cloud, and data analysis can help drive productivity and innovation while ensuring that organisations remain agile during times of technological change. Above all, supporting reskilling today will develop the foundations for a thriving, adaptable workforce ready to face tomorrow’s challenges.

Continue Reading

Copyright © 2021 Futures Parity.