Why insurance companies are a weak target for phishing attacks?

We know that cyberattacks are on the increase and a favourite and growing approach is via email, which we call phishing. With 97% of companies being targeted for phishing attacks, with one wrong click, a healthcare phishing attack can take down entire networks, encrypt files, and put patient data in jeopardy. The smartest attackers take advantage of victims by claiming to be a colleague, business associate, or other trusted source, and using social engineering to obtain information.

What is phishing?

According to Wikipedia, phishing can be described as: Phishing is a form of social engineering where attackers deceive people into revealing sensitive information or installing malware such as ransomware. Phishing attacks have become increasingly sophisticated and often transparently mirror the site being targeted, allowing the attacker to observe everything while the victim is navigating the site, and transverse any additional security boundaries with the victim.

But there are also different types of phishing attacks that have evolved, and we have included four variations below:

Why insurance companies are a weak target for phishing attacks

1.      Email phishing: The most common type of phishing, and it has been in use since the 1990s. Hackers send these emails to any email addresses they can obtain. The email usually informs you that there has been a compromise to your account and that you need to respond immediately by clicking on a provided link. These attacks are usually easy to spot as language in the email often contains spelling and/or grammatical errors.

2.      Spear fishing: Spear phishing targets a specific group, branch, or type of individual such as a company’s system administrator. In these attacks they pay attention to the industry in which the recipient works, the download link the victim is asked to click, and the immediate response the request requires making these look legitimate.

3.      Whaling: Whaling is an even more targeted type of phishing that goes after the whales, they target a CEO, CFO, or any C band within an industry or a specific business. A whaling email might state that the company is facing legal consequences and that you need to click on the link to get more information.

4.      Calendar phishing attempts to fool victims by sending false calendar invites that can be added to calendars automatically. This type of phishing attack attempts to appear as a common event request and includes a malicious link.

But why is the insurance industry under attack, specifically?

According to Votiro hackers are turning their attention toward more vulnerable targets: insurance companies. Insurers maintain a huge database of personal information about policyholders that make an enticing target for identity thieves, including names, birthdates, street and email addresses, health data, and employment data such as income. Information about policyholders’ personal property, such as homes, cars, and other valuables can also be a target.

Over the years, many insurers have invested in security tools that offer a false sense of security. In truth, attackers are advancing faster than traditional cybersecurity tools such as firewalls and anti-virus software and are now leveraging encryption and other advanced attack techniques that can evade detection.

It is also believed that many insurance companies and their subsidiary offices use outdated software, have weak internal security measures, and no standard protocols for dealing with breaches.

What are some of the key steps to take to prevent an attack?

The best way to prevent your organisation from becoming a victim of a healthcare phishing attack is to stay informed. Understanding what red flags to look out for, properly educating employees on cyber hygiene, implementing technical safeguards, and keeping up with the latest sector threats will give healthcare organisations an edge over malicious hackers.

1. Be aware: Identify common phishing email tricks and tactics. The first step toward protecting an organisation from phishing is understanding the attacker’s motives and tactics.

2. Educate your employees: The more you educate them on what to watch for when it comes to phishing attempts, the better prepared they will be to reject those attempts. A strong phishing awareness programme can save both your organisation and the safety of your clients data.

3. Scan everything: Every link and attachment that makes its way into your company, whether through email or attached to a reply on social media, should get thoroughly scanned for malicious software.

4. Back-ups: The last thing you want to do is tell your client you can’t access their files because you have been hacked, so ensure you implement a security solution that immediately backs up files when created or updated.

5. Get cybersecurity: Installing antivirus software and implementing endpoint security systems is a great place to start. Rito-Technologies provides insurance companies and brokers and other small and medium-sized companies with an all-in-one security platform.

Cybersecurity partner, ensured

With Rito-Technologies we can keep you and your team up to date with the latest phishing trends and what to look out, but with a cybersecurity solution we can also protect you from the inside-out.

Rito-Technologies is an experienced IT partner that can help you maximise your business output through a well-thought-out cybersecurity solution. They enable their clients to optimise efficiencies with their IT Strategic Planning, which is guaranteed to increase your accessibility, productivity, and levels of communication with the right level of technology for business and potential customers.

With our free IT assessment, we can help you establish how you currently use IT in your business and what cybersecurity solution is best suited to you. We can also identify areas for improvement as well as fill the gaps to present further opportunities for growth with an IT roadmap.

For more information about our IT assessment to help you get secure and free from phishing attacks, get in touch with us at info@rito-tech.co.za or call us on 010 213 7016 and we will gladly assist you.

Want to keep in touch?

If you’ve enjoyed reading this blog, then sign up to receive our monthly blogs. We promise that we won’t share your email address with other business or parties and keep your details safe. You can choose to unsubscribe at any time.