Insurance providers have long been a major target for cybercriminals, which is no surprise considering the large amounts of sensitive client information they maintain like Social Security numbers, employment history, and family contacts. In fact, a recent report by auditing service KPMG says that 81 percent of health insurance companies suffered a data breach in the past two years. Contributing to the problem, many insurance providers are dealing with any mixture of the following:
- Large workforces that are not technically savvy
- Shortage of IT security experts
- Tight budgets
- Constant patching and updates of PCs
As cyber criminals have become more sophisticated, it has become increasingly difficult to prevent attacks. Furthermore, many of the security products today are signature based, relying on public or private threat intelligence, which means you are protected as long as you are not patient zero. Detection after a breach is also a losing strategy. According to Verizon’s 2018 Data Breach investigation report (DBIR), 68% of breaches take months or longer to detect. The average breach detection period is 197 days and 69 days to contain the breach. So it’s apparent that detection is not a valid solution. We need to be thinking about security differently.
The reality is that breaches cannot be prevented, and the best way to keep from being compromised is not to trust anything from the public web. Zero Trust Internet does just that yet provides full access to the public Internet. This is accomplished through Internet isolation, which provides and air gap between an insurance providers network at the public web, eliminating the threat of ransomware, malware, and credential theft, stemming from web and email attacks. Internet isolation allows users to open attachments away from their endpoint device delivering only safely rendered information. And an effective one delivers zero “false positives” or “false negatives” while maintaining the native user experience with no latency or impact to the browser. Other qualities of a good Internet isolation solution include flexible deployment options, multi-tenant support, and comprehensive management capabilities. Insurance providers that want to keep sensitive client information secure should be taking a new approach to security and move away from traditional detection and response method and towards total threat elimination through Zero Trust Internet.
To learn more about the cyber threat insurance providers face, and guidelines for proper evaluation, selection, and deployment of a best-in-class Internet isolation platform to fit an insurance provider’s specific needs and requirements, please download our Isolation Best Practices For Insurance Providers Guide