Insurance carriers are attracting hackers at a hastened pace
Attacks are focused on both consumer-facing and agent-only sites, according to Sontiq.
Instant-quoting tools and other digital advancements developed to enhance consumers’ experiences are drawing the attention of hackers, which have been increasingly targeting the industry, according to Sontiq.
Carriers’ automated quoting websites are the primary entry point for cybercriminals to access non-public information (NPI) on customers, the identity security firm reported. As the industry has accelerated the adoption of faster-quoting processes and tools, new vulnerabilities have opened. Sensitive data that have been compromised includes addresses, VINs, drivers’ license details and household member information.
“Cybercriminals have exploited legitimate web de-bugging tools to access the data in transit from third-party data providers that populate the carriers’ sites,” Sontiq stated in a release. The stolen data are often leveraged in fraud events or losses for these individuals as hackers use the details to build more complete consumer profiles.
Agent-only sites face brute-force attacks
Further, agent-only websites are also being compromised through “credential-stuffing” or automated injection of stolen credentials used to gain access to a site.
To prevent unwanted intrusions, Sontiq suggests the following:
- Disable display of third-party NPI data on public-facing sites.
- Ensure APIs with third parties are not directly accessible.
- Install a web application firewall, which is a specific form of firewall that filters, monitors and blocks HTTP traffic to and from a web service.
- Implement CAPTCHA to mitigate the effectiveness of “bot” attacks.
This news comes on the heels of recent findings that 2021’s first quarter saw a 42% upshot in the number of supply chain cyberattacks, according to Identity Theft Resource Center, which noted around 51 million people were affected. Overall, publicly reported U.S. data compromises increased 12% during the quarter.
Related: