The incident affected network availability, but did not, insofar as is known at this point, involve any data exposure or compromise.
Insurance firm reports cyber incident.
American Family Insurance has confirmed that it sustained a cyber incident that led to IT outages, BleepingComputer reports.
Outages, but no data compromise found so far.
A spokesperson for the company told BleepingComputer, “This week, the technology teams at American Family Insurance detected unusual activity in a portion of our network. We quickly took precautionary measures to protect data and resources and shut down several business systems. We recognize the system outages are impacting customers, agents and employees and we appreciate their patience and understanding. Our investigation into the activity is ongoing and includes internal and third-party experts. To date, we have not detected any compromises to critical business, customer data processing or storage systems, and several components of our enterprise continue to operate without interruption.”
Difficulties of remediating an incident when availability is paramount.
Howard Goodman, Technical Director at Skybox Security, notes the difficulty of scanning and fixing network devices without affecting availability.
“The recent cyberattack emphasizes the growing importance for large organizations to protect their networks. In the case of American Family Insurance, where customers reported website outages, it is important to highlight the challenges associated with scanning and patching these network devices. Many of these devices are difficult to patch without disrupting services, making it essential for security teams to utilize additional tools for identifying and addressing security weaknesses, especially when immediate patching is not feasible.
“Organizations must implement a comprehensive approach to consolidate cybersecurity functions and eliminate the disconnects and vendor fatigue. By managing vulnerabilities, compliance issues and network risks through an integrated platform, enterprises can gain visibility into their entire threat landscape. The recent cyberattack on American Family Insurance underscores the importance of addressing vulnerabilities in network devices and adopting a holistic cybersecurity approach to safeguard sensitive data and maintain operational continuity.”