Bert Rankin is chief marketing officer forThreatMetrix.

Most insurance providers are well aware of the potentialbusiness impact of cybercrime since cyber insurance is a growingindustry segment. But no one wants to have to file this insuranceclaim.

Insurers do business daily over the web not only with employees,but with a virtual network of agents, brokers, claims processors,and customers spread across locations.  Web portals reducethe costs of doing business, improve productivity, and make iteasier to work with independent agents. But they also potentiallyexpose sensitive customer information such as financial data orhealth information to unknown web visitors.  Anyunauthorized access to your data is a serious business risk.

Unfortunately, the risk of a cybercriminal accessing your datathrough stolen credentials or malware is large andgrowing.  Accounts are stolen all the time. This year,both Twitter and Evernote reported breaches of user accountinformation.  Because many people use the same email loginand password across several accounts, any data breach canput your users' logins into the hands of cybercriminals.

What are the business risks?

In a recentsurvey sponsored by AIG, corporate executives rated cyberthreats as a top concern—ranked higher than income loss, propertydamage, and securities and investment risk. Consider theimplications if someone connects to your data using a stolenaccount belonging to an agent, employee, customer or businesspartner?

There's the straightforward financial risk of a fraudulentclaim. You also have a regulatory risk exposure. The Gramm-Leach-Bliley (GLB) Act Safeguards Rule requires insurersto protect the 'nonpublic personal information' of their customers,while Health Insurance Portability and Accountability (HIPAA)regulations cover protected health information.

The greater worry may be loss of trust in your brand. In theAIG-sponsored study, surveyed executives were more concerned aboutreputational damage than direct financial damage. The loss ofreputation can lead to a long-term erosion of market share.

Understanding the technology risk factors

Because the pace of change in technology is fast, securitymeasures and best practices that were effective a few years agofall short today.  

Your employees, agents and brokers are using more devices thanever before, from more locations.  According to a recentConnected Intelligence report from The NPD Group, the averageU.S. household with Internet has 5.7 devices connected to theInternet.  People may connect to your web portal usinglaptops, desktops, smart phones, and tablets.

Cybercriminals are getting more creative about finding ways toput malware on all of those devices. For example, malware writersuse ad syndication to plant malware on otherwise trusted sites,including business sites.  According to the 2013 CiscoAnnual Security Report, "The vast majority of web malwareencounters actually occur via legitimate browsing of mainstreamwebsites. In other words, the majority of encounters happen in theplaces that online users visit the most—and think are safe."

Malware is also getting more sophisticated.  Inresponse to strong authentication measures, criminals have createdmalware specifically to either bypass or hijack secondaryauthentication.  Attackers have targeted the issuers ofthe tokens. With every new defense we put up, attackers find a wayaround it. Complacency is dangerous.

A Layered and CollectiveApproach

Despite the challenges, insurance companies can take steps todayto immediately and significantly reduce the business risk posed byunauthorized access to insurance portals.

Start by identifying the business processes and data you need toprotect and the risks associated with those processes. Consider whois accessing your applications, from which devices, and how manypeople you need to manage. Then put layers of defenses around yourcritical business processes, including account logins, accountcreation and sensitive transactions

Your objective is to make sure that everyone connecting tosensitive data is actually an authorized user—and has nocybercriminal tagging along via malware.  Yourmulti-layered defenses should include the following strategies:

Help agents/brokers help themselves. Educate your employees, agents, and brokers about good practiceswhen connecting to your applications. A little education candeflect a large number of exploits.  For example:

• Instruct your users to use strong passwords for your account,and not to share the password with other accounts. If theircredentials are stolen on another account, it will not affect yourlogins.
• Make sure they use only secure wireless networks whenconnecting to your site.

You can go further by providing your employees, agents, brokersand claims processors with strong authentication measures andanti-malware software.

Know your users and their behavior. Comparedetails of incoming login connections with what you know about theuser to find people using stolen credentials. For example, look fordevices originating from the wrong country or location, orexhibiting a suspicious pattern of account login requests. When youfind anomalies, you can automatically add authentication measures,such as answering a security question or calling a helpdesk.

Look for corrupted devices. Authenticated users may acquire malware on their devices that putsyour data at risk once they login. Man-in-the-browser (MitB)attacks, for example, hijack authenticated sessions. Examineinbound connections for signs of malware or for devices that areknown to participate in botnets.

Secure high-value transactions. Identify thesensitive transactions on your systems and give them an extra layerof threat intelligence. For example, prevent high-valuetransactions from devices with suspicious configurations, orbehavior that does not fit the user's regular patterns.

Leverage collective intelligence.  Thethreat environment is changing daily. In a global perspective, itis truly a 'big data' challenge. The only way to stay on top ofthis environment is to tap into a global network of websitessharing intelligence about what's happening, who the bad actorsare, and how they're operating. Integrating this insight into yourportal keeps you responsive to new threats and malware. Thecybersecurity industry is stepping up to the challenge with globalnetworks of transaction information that provide real-time insightinto who's on the other end of a login or online transaction.

By implementing layered defenses and collective intelligence,insurance companies can mitigate the growing risks of malware andhijacked accounts compromising your sensitive data and damagingyour reputation and customer trust.