Cyber risk and advisory programs that identify security gaps and build strategies to address them.
MDR that provides improved detection, 24/7 threat hunting, end-to-end coverage and most of all, complete Response.
Our team delivers the fastest response time in the industry. Threat suppression within just 4 hours of being engaged.
Visibility and response across your entire Microsoft security ecosystem.
XDR with Machine Learning that eliminates noise, enables real-time detection and response, and automatically blocks threats.
Be protected by the best from Day 1.
24/7 Threat Investigation and Response.
Expert threat hunting, original research, and proactive threat intelligence.
TRU is foundational to our MDR service. No add-ons or additional costs required.
Stop ransomware attacks before they disrupt your business.
Detect and respond to zero-day exploits.
Protect against third-party and supply chain risk.
Adopt a risk-based approach to cybersecurity.
Protect your most sensitive data.
Meet cybersecurity regulatory compliance mandates.
Eliminate misconfigurations and policy violations.
Prevent business disruption by outsourcing MDR.
Defend brute force attacks, active intrusions and unauthorized scans.
Safeguard endpoints 24/7 by isolating and mediating threats to prevent lateral spread.
Enhance investigation and threat detection across multi-cloud or hybrid environments.
Remediate critical misconfigurations, security vulnerabilities and policy violations across cloud and containerized environments.
Detect malicious insider and identity-based behavior leveraging machine learning models.
Our Threat Response Unit (TRU) publishes security advisories, blogs, reports, industry publications and webinars based on its original research and the insights driven through proactive threat hunts.
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 2000+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company's mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
We believe a multi-signal approach is paramount to protecting your complete attack surface. See why eSentire MDR means multi-signal telemetry and complete response.
See how our 24/7 SOC Cyber Analysts and Elite Threat Hunters stop even the most advanced cyberattacks before they disrupt your business.
Choose the right mix of Managed Detection and Response, Exposure Management, and Incident Response services to strengthen your cyber resilience.
Try our interactive tools including the MITRE ATT&CK Tool, the SOC Pricing Calculator, the Cybersecurity Maturity Assessment, and our MDR ROI Calculator.
Read the latest security advisories, blogs, reports, industry publications and webinars published by eSentire's Threat Response Unit (TRU).
See why 2000+ organizations count on eSentire to build resilience and prevent business disruption.
Within the first half of 2021, we have already seen ransomware attacks crippling many industry giants, resulting in massive operational disruption and costing millions in recovery efforts.
While threat actors have made it a habit to target organizations within the utilities, healthcare, and food & agriculture sectors, a new target has emerged within the past year: the insurance sector. Major insurance providers have reported being the targets of ransomware attacks and surprisingly, some have also admitted to paying the ransom.
Chubb, an insurance giant, was targeted by the infamous Maze ransomware group.
AXA’s Asian branch suffered a ransomware attack at the hands of the Avaddon group.
CNA Financial was the target of a sophisticated ransomware attack by a group known as Phoenix.
Arthur J. Gallagher (AJG), a global insurance brokerage, suffered a ransomware attack after hackers successfully remained undetected in their network for three months.
Adversaries are fueled by the personally identifiable information (PII) that insurance companies hold for their clients. Since much of this data (e.g. medical records, financial statements, government-issued identification, etc.) is used for underwriting and claims preparation, it is highly sensitive, and insurers collect and store a lot of it. In the hands of a threat actor, this data can easily be used to commit medical, insurance, and/or identity fraud on unknowing victims. Therefore, insurers are at a heightened risk of experiencing financial and reputational loss as well as regulatory repercussions.
Additionally, despite the global adoption of digital transformation, the insurance industry is still very much reliant on legacy systems due to the cost associated with modernizing technology and digitizing client records. However, a move towards modernization can be a double edged sword; the digitization of insurance records and client data can expose insurance firms to third-party risk as well as expand the threat surface as organizations adopt hybrid infrastructures.
As a result of this treasure trove of highly-valuable client data, weak security defenses, and a lack of internal resources driven by a skills shortage in cybersecurity, it’s clear that cyber criminals have found themselves a new opportune target in insurance providers and brokerage firms. Additional risk factors that have contributed to the increasing ransomware attacks include human error and an evolving threat landscape.
In the past couple of years, a new organizational structure has emerged for cyber criminals. Gone are the days when organizations were dealing with a lone hacker. Today, we’re seeing the formation of highly-organized ‘cyber cartels’, wherein cyber criminals have come together to collaborate on leveraging specialized attack tactics to maximize ransom payouts.
One such attack tactic that has rapidly gained momentum is double extortion, through which threat actors first gain access into the corporate environment, exfiltrate all the data on to their own servers, and then deploy ransomware.
Ultimately, even if the target organization is able to restore their data without paying the ransom, threat actors can still cause financial loss & liability, reputational damage, and impact the business’s bottom line by threatening to make the stolen data public.
As a result, it’s increasingly difficult for the insurance industry to keep up with the sophistication of today’s ransomware attacks. In fact, nearly every major insurance firm that suffered a ransomware attack within the past year was also the victim of double extortion:
When the Maze group attacked Chubb, it not only encrypted every device as it spread through the network, it also exfiltrated data to the group’s servers.
Prior to launching the ransomware attack on AXA, the Avaddon group stole 3TB worth of customer data, including bank account statements, medical reports, payment records, etc.
As part of the AJG’s data compromise, the (still unknown) group behind the attack was able to steal a significant portion of their data, including medical data & records, passport & other government identification number, social security information, financial records, and more.
With CNA Financial, the Phoenix group not only locked their employees out of their internal networks, but also stole corporate data in an effort to guarantee the ransom payment. It worked; CNA Financial admitted to paying $40 million earlier this year.
It seems that the message to the insurance industry is clear: your data is highly valuable and cyber criminals will use any means necessary to extort you.
As a response to the sharp rise of ransomware threats against the insurance sector, the National Association of Insurance Commissioners (NAIC) established the Cybersecurity Task Force in 2015 to address cybersecurity within insurance companies.
In order to remain compliant, firms must demonstrate they have followed the programmatic and operational requirements outlined by the NAIC. This should serve as a clear sign that insurance providers must evaluate their risk exposure on a continual basis.
The reality is that the threat landscape will continue to evolve. Understandably, insurance firms must begin to take threats more seriously and act with diligence to not only prevent incidents, but to take measures to detect and contain if and when they do occur.
Much of prevention is rooted in how the insurance sector manages cyber risk. Ask yourself:
Am I providing my employees the necessary phishing and security awareness training to eliminate the risk of human error?
Are my employees enabling multi-factor authentication (MFA) or using a VPN to securely access corporate data when working remotely?
Have I implemented network segmentation to limit the movement of threat actors across my network if they’re able to gain access?
Have I implemented roles-based access and/or privileged access management to ensure only the staff that require access to sensitive data have access to it?
Do I have the in-house security resources I need to successfully protect my clients’ data and my organization’s crown jewels?
Do I know where my current security gaps are and more importantly, do I have a detailed roadmap to fill those gaps?
When cyber criminals target your organization, you must be able to detect their presence and immediately contain them to limit their spread.
While prevention certainly plays a role in cyber resilience, it’s evident that insurance firms must take a comprehensive approach to protect clients’ data. Instead of solely relying on preventative measures, insurance firms should have the ability to respond to any threats before they disrupt business operations.
Cybersecurity investment may be a big undertaking for insurance providers and brokerage firms, but it’s an investment that is now a necessity.
To learn more about how Managed Detection & Response can help your organization detect and contain threats before they become business-disrupting events, book a meeting with an eSentire security specialist.
eSentire, Inc., the Authority in Managed Detection and Response (MDR), protects the critical data and applications of 2000+ organizations in 80+ countries, across 35 industries from known and unknown cyber threats by providing Exposure Management, Managed Detection and Response and Incident Response services designed to build an organization’s cyber resilience & prevent business disruption. Founded in 2001, eSentire protects the world’s most targeted organizations with 65% of its global base recognized as critical infrastructure, vital to economic health and stability. By combining open XDR platform technology, 24/7 threat hunting, and proven security operations leadership, eSentire's award-winning MDR services and team of experts help organizations anticipate, withstand and recover from cyberattacks. For more information, visit: www.esentire.com and follow @eSentire.