May 29, 2019 10:00am CDT (16:00 BST) | 30 Minutes
Mobile Threat Defense Software
The competitive frontier for property and casualty insurers is in mobile apps. Agents, field service teams, and the insured customers themselves, are using native apps on iOS and Android phones to interact with their accounts and capture claims data, pictures and reports from the field. While the insurance industry’s increased usage of smart mobile devices greatly improves customer responsiveness and quality of coverage, these assets also greatly expand the cyber attack surface for hackers and malware.
Insurance companies already focus on network and laptop security to protect sensitive data from the headquarters to the agent’s office. With mobile technology coming to the forefront, insurers who do not proactively address the risks posed by advanced and persistent mobile threats remain liable for data breaches from cyberattacks on insured customers no matter what the entry point. What is your firm’s position on mobile threat defense?
Gartner Predicts 2017: Endpoint and Mobile Security, Analyst(s): John Girard | Dionisio Zumerle | Brian Reed | Peter Firstbrook | Bart Willemsen, 16 November 2016
Sensitive data resides on mobile devices used for property and casualty insurance work. Captured claims photos and geolocations, customer identity information, financial data, employee data and internal agency communications on devices are of potential value to hackers and cybercriminals. Device, network and application (or “DNA”) cyberattacks have become so prevalent across all industries that insurers are now indemnifying enterprises with standalone cyber-insurance policies, for an estimated $3.25B in gross written premiums for 2016. Here are the top reasons why mobile security is challenging for insurance companies:
When customers and agents increasingly bring their own devices (BYOD) for both personal and work purposes, the insurance firm cannot legally maintain the same level of surveillance they once imposed on corporate-issued equipment. Even when mobile devices are issued by the company, security policies become difficult to enforce in the field, because if an employee can see sensitive personal information, hackers can as well.
Agents and customers using mobile insurance apps and mobile web portals can log onto untrusted Wi-Fi networks for internet access. This opens the door for Man-in-the-Middle (MITM) attacks that intercept messages and emails, and sensitive account information passing between the user’s device and the insurer’s mobile app or site. Network attacks can be easily executed and may even install code or malware on the device to allow root-level control.
Many P&C insurance apps are designed to interact directly with the device’s hardware and OS to enable native capabilities like camera and geolocation for claims assistance. Relying on the base level security of the phone’s OS creates a high-value attack surface for hackers to apply malware or install code on the device, since users can run the app on an outdated Android or iOS operating system with known vulnerabilities.
Zimperium offers insurance companies, agents and insured customers the most complete, comprehensive and real-time Mobile Threat Defense solution for automatically detecting, reporting and remediating today’s -- and tomorrow’s -- advanced mobile threats.
Our zIPS™ app provides continuous self-service mobile threat detection and defense for Android, iOS and Windows mobile devices against network-based (or MITM) attacks, rogue application installs and OS vulnerabilities. Users are immediately alerted to threats and can resolve them and have forensics sent to the security team. Our patented machine-learning detection technology and custom mobile security research guards against new and evolving threats to insurance services firms, employees and customers.
Our z9 engine automatically detects and remediates issues on-device rather than requiring an Internet connection, admin privileges or tunneling to a cloud service. This approach keeps private client data secure on the device without impacting performance. Threats at the device, network, and app level are communicated to the insurance company’s InfoSec team for responsive issue resolution and compliance without compromising privacy regulations.
Embed cyber security into your insurance apps with Zimperium’s zIAP (In-App Protection) solution. This innovative SDK is completely configurable by developers to detect and remediate threats to a device while that application is active, including detection of suspicious user behaviors, network attacks and interference from other apps. Self-protecting apps equipped with zIAP can take immediate action according to the policies set by the app developer. Enable your app to report suspicious activity, shut down a user session, run in read-only mode, delete cache or force a password reset to protect data when threats are detected.