In the aftermath of the WannaCry ransomware attack over the weekend it is noteworthy to point out that no marquee insurance names were on the list of victims, which has a price tag of $4 billion in incurred business opportunity losses.
Aflac CISO Tim Callahan clued in trade publication
Information Management on the insurance industry’s secrets to keeping such malicious attacks at bay.
He pointed out that it is important to keep up with patches to make sure data systems are constantly updated to deal with such attacks. Callahan noted that Microsoft released patches to combat the ransomware weeks prior to the attack.
Furthermore, he said, his team continuously updates its list of malicious IP addresses, which it blocks based on the “confidence factor” which the company uses to manage network traffic, since blocking IP addresses has downstream implications on data systems.
“We have a few sources, some we pay for, some that come along with a membership, that give us active pushes on any bad IP addresses,” Callahan explained. “The Department of Homeland Security, for example, has an automated indicator sharing program, if we get that information and it passes a certain confidence factor then we can auto-apply a block.”
He added that Aflac emerged relatively unscathed from the WannaCry attack because the company received a list of malicious IP addresses early in the crisis and blocked traffic to and from those addresses.
Training employees is also crucial in dealing with such attacks, Callahan emphasized.
“Not everything is going to be prevented based on fundamentals, but most of the time we see when you do the forensics it’s the lack of hygiene that allowed it to affect you. It prevents enough that it’s worth doing,” he concluded.
Related stories:
Ransomware attack sheds light on drastically underinsured area
Online insurance platform focuses on tailored products