Hacker Stories

An insurance brokerage took BOXX’s Digital Health Summer Challenge (aka the ‘Sneakers Challenge’)

Why Summer? You may be taking a vacation, but we can promise you, hackers are not.

Do you remember ‘Sneakers’ released in 1992? Robert Redford, Ben Kingsley, Sidney Poitier, Dan Aykroyd, Mary McDonnell. Redford heads a group of cyber experts who specialize in testing security systems by trying to break into them.

I watched it again recently. It made me think about how many of BOXX’s broker partners know how digitally secure their firms are. We asked one of BOXX’s partner brokers to take our Digital Health Summer Challenge and allow professional hackers to see how easy it was to break into their network.

Why Summer? You may be taking a vacation, but we can promise you, hackers are not. In fact, many hackers wait for times like these when IT teams are likely to be short staffed.  In addition, as many employees are working remotely, or simply checking-in from their vacation, potential security pitfalls loom all around.

Results from our first BOXX Broker’s Digital Health Challenge

We brought in security experts, Digital Boundary Group (DBG), to perform a detailed penetration test to assess the broker’s security posture.

A pen test helps you understand what could happen if a hacker was to target you, as well as how they would do so, and the ease with which they could succeed.

Here are the high-level findings from the test conducted by Digital Boundary Group:

External Penetration Test

Type of Test: Being hacked by the good guys

The Risk: An external penetration test evaluates how easy it is to break into the network. The test identifies vulnerabilities, validates how effective current safeguards are, demonstrates existing risks by attempting to take control of the corporate network and provides remediation strategies.

The Result: During the test, DBG found weak passwords in use. Based on these findings, the broker was deemed to be at high risk of an attacker gaining unauthorized access to the internal network and privileged information.

Social Engineering Test

Type of Test: Testing your Human Firewall

The Risk: Social Engineering attacks should always be of concern. DBG sent a phishing email containing a hyperlink to the employees. Once the hyperlink was clicked, employees were asked to insert credentials and download a file.

The Result: A quarter of the broker’s employees clicked on the hyperlink found in the email message. Social engineering attacks could lead to hackers gaining access to confidential information.

Network Security Assessment Test

Type of Test: Testing your security controls

The Risk: A network security assessment evaluates the security posture of an organization’s internal network. Various aspects are assessed including remote access / VPN, firewall security, antivirus and malicious code and password strength, among others.

The Result: The broker’s internal security posture was deemed as being high-risk. Digital Boundary Group was able to gain full control over the broker’s network.

Should your firm test their Digital Health?

For the same reason you go to a healthcare provider for an annual wellness check, it makes sense to turn to highly-trained security consultants to check out your security.

A brokerage that does not take cybersecurity seriously exposes their firm to both financially motivated scams and damages and fines for failing to protect their client and employee data in the event of a cyber breach.

And the risks are getting bigger.

Many brokerages allow their staff to work remotely that amplifies their risk.  The demand on your IT team is also that much higher. Few companies have cyber specialists on staff.And, if you outsource your IT, the MSP provider that maintains your technology may not have the time, skills, or objectivity needed to identify security flaws, understand your organization’s risk level, or help address and fix critical issues. 

“Money’s most powerful ability is to allow bad people to continue doing bad things at the expense of those who don’t have it.” – Ben Kingsley in ‘Sneakers’

 

Blog written by Vishal Kundi,
CEO & Co-Found of BOXX Insurance Inc.

Related Posts

Insurance 101 Everybody has a game plan, but the plan changes after the first punch

Everybody has a game plan, but the plan changes after the first punch

In Boxing, as in business, there will always be winners and losers. In sporting events there are referees and rules that govern behaviour. In business, accountants and regulators guide us. However, there are no set rules when it comes to businesses impacted by cybercrime.

01/02/2022
Hacker Stories Don’t be fooled, phishing is no joke …

Don’t be fooled, phishing is no joke …

We recently conducted a test to highlight the threats of spear phishing. We did this to show how easy it is to be tricked by a phishing email, and why we all have to remind ourselves ever day to be extra vigilant.

01/04/2022

Sign up for the BOXX Insurance Newsletter

Get the latest updates about Cyber Insurance and Protection with our newsletter.