Expert perspective Nationwide offer
As cyber threats evolve, Nationwide stands ready to protect our customers with common sense strategies and tactics.
While no industry is safe from cybercrime, the financial services industry, particularly the insurance industry, remains a prime target and is significantly impacted by the frequency and scope of cybercrime. Attacks such as ransomware, phishing, and more often social engineering scams cost businesses, on average,: $9.44 million This year, it’s more than double the global average.
There are several reasons why insurance attracts cybercriminals. These include the abundance of personally identifiable information (PII) that insurance companies manage and store, the size of the industry, and the growing attack surface available. According to Todd Lukens, chief information security officer at Nationwide, insurance companies are paying attention to how cyber fraud is changing and are taking steps to reduce vulnerabilities to protect this valuable information. measures must be taken.
The changing nature of cyber fraud
Application programming interfaces (APIs) are now a common attack target on the Internet. Lukens points out that APIs are “the new language of commerce” in that they provide a framework for systems to interact with each other. “Threat actors recognize that APIs are a means of data sharing, and insurers are using them to ensure seamless interactions with partners, other members, and businesses.” Lukens says. “If an API is not designed with appropriate business logic, sensitive information may be at risk of compromise.”
Insurance companies can become an unwitting conduit for malicious cyber activity. Even something as simple as searching for a car insurance quote on a quote website can expose potential customers to attackers who can steal information transferred from large data sources through APIs without the need for sophisticated attacks. You can expose it.
New advances in technology have also created new threats. Deepfakes are continually evolving and allow attackers to take over someone’s account or policies, issue false or fraudulent invoices, and receive payments. Advances in generative AI have brought them to fruition much sooner than expected.
“We are currently witnessing the intersection of phishing, social engineering, and deep fakes,” Lukens said. “All insurance companies need to anticipate emerging threats and plan protection against them early.Insurers need to be able to not only protect, but also detect a variety of threats and respond accordingly. not.”
Prevention and “layered defense”
On the topic of conservation, Lukens emphasizes something we have all heard before.
“Insureds should be very careful about what they post on social media. Even if they no longer use sites like Facebook, any information they previously posted is already public,” Lukens said. says. “Threat actors can use your social footprint information to create a comprehensive profile of you that they can use to take over your identity. Social engineering, phishing, and deep fakes can also be used to It starts from there.”
For insurers, Lukens emphasizes “defense in depth,” or combining business practices, technology, and processes to protect. At Nationwide, these multiple tiers also include training, so all customer-facing employees are educated and informed on how to detect and report cyber threats. Then repeat the test to make sure your skills are up to date so you can react correctly in real life.
“At Nationwide, we know our customers trust us to meticulously protect their PII,” Lukens said. “We strive to ensure their personal information remains safe. That’s what drives us every day.”