Contributed by Edwin Doyle, Global Security Strategist, Check Point Software. 

March 29–Multi-billion dollar insurance conglomerate, CNA Financial, suffered a massive cyber breach that forced them to disconnect all systems from their network. CNA’s website displayed the explanation, “The attack caused a network disruption and impacted certain CNA systems, including corporate email”.

Why is this breach significant? CNA is listed as one of the top ten US providers of cyber insurance. The hackers’ interest in an insurance firm begets the question, ‘Were the threat actors looking for policy holder data?’

Using any exposed data, the hackers may quickly launch attacks on policy holders. Once these targeted attacks are in-play, the cyber criminals will be able to make exacting requests regarding ransomware payments. Why? The criminals already know how much will be paid out by the insurance firm.

We don’t know too much about how far this breach goes.  It’s disappointing to me that CNA isn’t more forthcoming with how the breach might affect their customers.

The consequence of such an attack could mean that threat actors have now created target lists from the customers of CNA in order to pinpoint those with the highest insurance policy against ransomware; harming corporations that may have taken extra steps to protect themselves from attack.

Multiple studies show that insurance companies are ripe for exploitation. I feel that given the brief response posted on CNA’s website, their disaster recovery planning needs significant upgrades; as do their cyber defenses.

For more information on hackers’ attacks on insurance companies, click here.