This article was produced in partnership with Tokio Marine HCC – Cyber & Professional Lines Group (CPLG).
Karen Surca, of Insurance Business America, sat down with Alex Bovicelli, Director of Threat Intelligence with CPLG, to discuss the ongoing cyber security threat for insurance providers and the best way to prepare, monitor, and help to prevent future digital breaches.
It is not reserved for the pages of a sci-fi novel anymore. Cybercrime and ransomware attacks have steadily grown in severity over the last few years shifting from works of fiction to front-page news.
Remote work, global security events, a protracted pandemic, and the increasingly sophisticated nature of the cyberattacks themselves have put both private and public organizations at risk.
With increased reliance on digitalization, companies need to be both aware of current cyber threats and be willing to take the necessary steps to avoid becoming a victim of cyberattacks of any scale.
Whether to avoid being the victim of phishing or a dreaded full-scale ransomware attack, organizational preparedness is the best defense against cybercriminals.
It is equally incumbent on insurance professionals to keep cybersecurity issues front and center to protect insureds from this evolving exposure.
For Tokio Marine HCC – Cyber & Professional Lines Group (CPLG), a member of the Tokio Marine HCC group of companies based in Houston, Texas and a leading specialist cyber insurance provider, the war against cybercriminals is ongoing.
Taking on the role of educating and equipping its insureds with the ‘weapons’ to defend their digital systems, CPLG is ensuring that, above all else, there is a heightened awareness among its clients of the threat at hand.
Keeping up the cyber defenses
“We need our insureds to be aware of the cyber security standards and security solutions that are available to them. We have emphasized these defensive mechanisms for many years,” Alex Bovicelli (pictured), Director of Threat Intelligence with CPLG, stated.
Bovicelli also pointed out that the private and public sectors are equally vulnerable to being targeted and seen as “high-value targets”.
“The public and private sectors are so intertwined that we have to be extremely careful, especially during a time of increased geopolitical tensions. It is the responsibility of every individual that works within a technical field of an organization to try to make cyber security a top priority,” Bovicelli argued.
Ransomware targeting, like other more advanced cyberattacks, can be difficult to discover until the compromise is already underway, and it is too late to prevent further damage to the organization. This is making the job of adequately preparing insureds a continuing challenge.
“The attackers can navigate an organization’s internal network virtually undetected,” Bovicelli stated.
It remains very difficult, Bovicelli highlighted, to identify perpetrators, their motivations, to whom to attribute their actions and what the significance may be on a geopolitical scale.
Remote work adopted during the pandemic, although a necessity for many organizations to stay operational, left networks and employees vulnerable to a variety of cyberattacks.
“The pandemic created many opportunities for criminals to take advantage of their [companies’] remote access, which resulted in an increase in attacks exploiting remote services. We also saw criminals capitalize on pandemic-themed lures for phishing emails,” Bovicelli pointed out.
Stepping into cyber combat
Fortunately, Bovicelli stressed, there are distinct steps that can be taken by insureds to help safeguard against digital infiltration by cybercriminals.
Protecting the network’s perimeter from a potential attack is of primary importance. However, you must understand the type of threat before successfully implementing any real protection against it.
Cybercriminals will gain initial access to a company’s network, Bovicelli stated, in a variety of ways - whether by exploiting a vulnerability, using valid credentials to login into remote services, or by deploying malware to infect an employee’s computer through a phishing email.
Once that initial access to the internal network of an organization is obtained, they will move laterally throughout the company’s network.
“Ransomware is essentially a form of malware that encrypts files on a machine and across a network. It requires a form of monetary payment to receive a decrypter,” Bovicelli explained.
“They (cybercriminals) can target particular vulnerabilities on VPN devices or mail servers or anything that’s internet-facing and can provide an opportunity to access internal resources. This is why it’s important to be aware of specific Remote Code Execution vulnerabilities that are easily weaponized and can be targeted directly from outside the network. We alert our customers about the ones we observe as actively exploited in the wild and detected on their perimeter,” he added.
“Our goal is also to have our customers be completely prepared and aware of how an attack could happen and help to ensure they are protected. We can monitor their environment for those very exposures,” Bovicelli said.
“Our philosophy is centered on securing your company’s perimeter by understanding your specific risk exposures. You should pay attention to specific vulnerabilities and any opportunity of remote access to your internal network, for example,” he specified.
“We recommend utilizing Multi-Factor Authentication (MFA) to secure all remote access to your network, and of course add additional layers of protection to your email and your VPNs, as well as monitoring and alerting on specific events on your internal network.”
“When protecting against ransomware compromise, another clearly important preventative control is the [implementation] of segregated offsite backups. If resources on your network are encrypted, you have the ability to restore from backups, as separated from your network,” Bovicelli illustrated.
Lastly, you should have a clear incident response plan.
“You have to know how you’re going to respond to that incident,” Bovicelli insisted.
So, what is the final step?
“The rest is awareness,” Bovicelli said.
“Especially when you have a remote workforce, they should be made aware of the threats likely to target them through the use of phishing simulation training or other important cyber security awareness training.”
CPLG is actively positioned to meet cyber challenges.
“Depending on the size of an organization, the needs of our insureds vary. Larger organizations will likely have a Security Operations Center and a security team, so for them, it is more about alerting them of a very specific, targeted threat,” Bovicelli commented.
“We can also provide assistance and access to a trusted third-party vendor that offers a variety of risk mitigation services. For smaller companies that have fewer resources, we can provide more hands-on assistance,” Bovicelli highlighted.
“In the end, our goal is preventing cybercriminals from getting into our policyholder’s networks and providing protection through our policy and our services.”
Alex joined Tokio Marine HCC – Cyber & Professional Lines Group (CPLG) in August 2021 as Director of Threat Intelligence. He is responsible for identifying cyber trends, current threat-actors’ techniques and intrusions while building upon CPLG’s comprehensive cyber risk management and underwriting strategies. He most recently worked for the University of Southern California as Lead Cyber Threat Intelligence Analyst, where he developed and implemented the University’s cyber threat intelligence program and models in an effort to improve cyber security posture throughout the institution.