Israel is no stranger to cybersecurity attacks, as data breaches and digital infiltration become more prevalent forms of international interference, it seems that each week there is a new attempted cyberattack.
Since the pandemic, Israel has seen a huge spike in cyberattack operations. Going back to November, 141 companies have been targeted by ransomware attacks. Israel’s internal defense has precluded some cyberattacks from succeeding, while others have gone through, though these have largely inflicted only minimal damage.
News of the recent massive security breach at Shirbit Insurance Company has shaken the public and private sectors, alerting both customers and other companies alike of potential vulnerabilities. In this article, we will take a look at what happened at Shirbit, and what it means for the broader financial services industry.
The Shirbit Breach: What Happened?
The insurance company Shirbit is one of the leading providers of vehicle insurance in Israel. On Tuesday, December 8, Shirbit was the victim of a ransomware attack, launched by a hacker group calling itself Black Shadow.
The group claimed that they had successfully acquired all of Shirbit’s private records and demanded that the insurance company provide them with a ransom fee of almost $1 million. If Shirbit did not comply, Black Shadow threatened to publicly release customers’ private records, including those of top government employees. Black Shadow shared screenshots of messages with Shirbit on their Telegram channel, including messages in which Shirbit declined to pay the ransom fee by the 9 AM deadline, stating they will “not give in to this kind of terrorism.”
Since the attack launched, Black Shadow has released three rounds of company data. They have published files that include customers’ marriage certificates, financial documents, identity card scans, and medical documents. In the face of Shirbit’s continued refusal to pay, they have increased their ransom fees and published messages from parties who appear to be interested in purchasing the stolen data. One of these parties allegedly wants to purchase the data in order to hand it over to Israel’s long-time enemy, Iran.
Not only has this massive breach harmed Shirbit’s present finances but, more significantly, its lasting reputation. Despite its low insurance rate offerings, expect some percentage of potential customers to avoid the company altogether going forward, feeling they can no longer trust that it can maintain secure records.
Since the data leak, the government seems to have taken a hands-off approach, at least until further information is revealed. There will be no offensive attack launched against Black Shadow for now. In the meantime, government agencies recommend that victims of the hack should acquire new identity cards, including driver’s licenses.
What Shirbit Means for Other Companies
Israel has been on the receiving end of plenty of cybersecurity threats before, but the Shirbit incident has revealed significant weaknesses in the digital security fabric of at least one of the nation’s leading companies. The purloined sensitive information not only included customers, but also government employees, meaning that the Shirbit attack constituted a threat to Shirbit Insurance, but also became a matter of national security.
So what does this mean for other companies?
In short, the Shirbit attack reveals the need to address internal digital security, especially as related to a number of common issues. These days, most every company of any size has a smartphone app. Unfortunately, they aren’t all well-designed, and hackers know this.
Likewise, something as simple as an employee’s browser of choice can open the doors to a hacker break-in. In other words, some browsers are inherently more secure and private than others. The good news is that simple actions like shoring up these kinds of vulnerabilities can go a long way towards addressing easy access points and raising the overall cybersecurity level within the company.
The Israel Privacy Authority recently released a statement noting that companies’ security systems are not secure enough to protect their customers’ sensitive information with confidence and that many companies do not currently meet the legal standard of data safety.
Had Shirbit made its digital security a top priority, it is possible the attack could have been prevented. An egregious lack of oversight was partly to blame for the breach. This attack should serve as a significant wake-up call to companies in the broader financial sector and beyond. Instead of waiting for an attack to inflict massive damage on your company’s finances, time, and reputation, get proactive and take steps now to preclude an attack’s success.
The Shirbit attack is the largest and most damaging among a spike of cyberattacks in recent months, but you can bet it won’t be the last. Insurance companies are among the most targeted sectors. Experts suggest that these attacks are largely money and opportunity-driven. This type of company tends to be able to access a lot of the former and hasn’t thus far demonstrated much of the latter. In fact, according to the CEO of MonsterCloud, Zohar Pinhasi, these attacks are caused by “a lack of cybersecurity knowledge.”
In 2018, the Capital Market, Insurance and Savings Authority, which regulates Shirbit, among other companies, held a surprise investigation to test the cybersecurity of organizations within the industry. From this surprise inspection, the Authority was able to determine that not only were companies vulnerable to breaches but that there are 24 different kinds of cybersecurity weaknesses noted in these systems.
The Authority found that potential hackers could access weak security spots in Shirbit’s system by uploading and downloading files and information from unprotected local workstations and access vast files of important data.
While most organizations have some kind of cybersecurity protocols and preventive measures in place, it obviously hasn’t been given high enough priority, especially in the insurance sector. To date, insurers have not demonstrated the wherewithal to invest in the necessary resources to create and maintain a top-level security system. If many other Shirbit type scenarios break out, that will likely change because such attacks can be apocalyptic in nature, with the potential to result in the end of the company altogether. Not a pleasant option to ponder in an industry that makes a LOT of money.