The New Not-So Normal: Contact Centers for Insurance Companies are Hot Spots for Internal Breaches


November 2020

By: Ali Gomulu

The year of COVID-19 has been a nightmare on so many levels, with over a million dead globally, and nearly a quarter of those in the USA.

The rapid spread of the virus, and recent surge as we hit the cold weather months, mean that working from home is a trend that is never going away, and in fact having home-based agents dealing with the most sensitive personal information means compromised networks (home WiFi), and lack of in-person supervision.

Software to the rescue, especially for insurance companies – whether unemployment insurance (where massive frauds are costing state governments in the US millions of dollars each day) or property and casualty insurance based on upheavals in the real estate market, and a temptation to file for claims given economic circumstances.

The challenges for insurance businesses and government agencies are due in large part to still silo-ed business structures, which can make it difficult for insurers to recognize and coordinate fraud responses.

Adversaries and criminals know this and take advantage by attacking from every direction.

In March, the abrupt shift to remote living caused chaos for businesses and consumers alike, with many turning to computers and other devices for work, school, socializing and shopping.

Throughout this chaos, many businesses failed to put in place the proper security measures, including the control of privileged access management, leaving them vulnerable to insider threats.

Insurance Contact Center agents and managers have truly been “front line workers” this year, as they were confronted with record call volumes, spiking as high as 1000% from normal levels as the virus peaked during its first cycle.

With insurance call centers typically working quickly to keep customers happy and pay out insurance claims, call volumes of this magnitude would create disarray at any time. But the COVID-19 pandemic environment has sadly been a windfall for opportunistic adversaries.

According to a research report by Pindrop, “Fighting fraud in the call center can be particularly challenging for property and casualty insurance providers, which typically have separate call centers for sales, servicing, claims and specific types on insurance. As a result, it can be difficult for insurers to recognize and coordinate fraud response efforts. Fraudsters know this and take advantage by attacking from every direction.”

According to the research, around 1 in every 5,600 calls into a P&C contact center is fraudulent. This is a lot when you consider that the average call center takes in around 60 million customer calls per year. Pindrop estimates that about 90 voice channel attacks occur every single minute, but this has risen substantially during COVID-19.

“Dec Diving” or policy declaration diving, is one form of attack, very attractive to internal actors as these files contain personal information about the policyholder, including name, addresses, and any mortgages they might have, and can be used by bad actors for “account takeover.”

We can outsmart the criminals through stronger security postures, agent training, manager intervention and more – but the core is really the privileged access layer.

With PAM from Ironsphere, Contact Centers can capture real time information about which employees are accessing which systems, datasets and more – and where they are geographically located – time of day – and other contextual information.

Privileged Access Management (PAM) is a cyber security domain within Identity and Access Management (IAM) that focuses on monitoring and controlling privileged users and privileged accounts within an organization.

In an organization, privileged users have access to IT and network infrastructure for operation and administration purposes or have access to sensitive information or assets, such as customer records, employees’ payroll and financial records. Sample privileged users are:

  • System, database and application administrators who have continuous and unrestricted access to a broad range of assets
  • Help desk agents who have restricted access to a broad range of assets
  • Business Application (e.g. ERM, Salesforce) users or users of an organization’s social media (e.g. LinkedIn, twitter) accounts
  • Nonemployees such as vendor support, consultants, contractors

Privileged users access an organization’s critical systems, resources and assets using elevated or unrestricted accounts, i.e. privileged accounts. These accounts include local and domain administrative accounts, service accounts, emergency accounts, application accounts, and are referred to as “the keys to the kingdom.”

They are primary targets of both external and internal malicious users and have been used in successful attacks to gain access to an organization’s critical systems and resources, resulting in data breaches or service outages that have material business impact. So, privileged accounts are a potential source of threats to the security posture of any organization because of their elevated/unrestricted access to critical systems and sensitive information.

Please contact us for more about PAM for Contact Centers – an ideal investment for the new year ahead.

Similar Blogs

Mitigating Risks of Root Access for Superusers

Mitigating Risks of Root Access for Superusers

Depending on the nature of their work, IT superusers have or need root access to be efficient and productive. Creating a team of superusers makes sense, especially for large organizations, with thousands of servers under management. With a well-managed sysadmin team, their work can be streamlined, and mistakes can be reduced when the team shares the same root accounts on all servers.

read more