Many readers will have heard of the plethora of cyber risks lurking behind every device on any platform.
But what should brokers recommend to their clients to mitigate the dangers of digital operations?
Integrated online security network,
ITC, gave advice in conjunction with its StormCloud Cybersecurity Conference.
Kevin Whelan, chief technology officer at ITC, said telling clients to follow the Center for Internet Security and the National Institute for Technology’s best practices is only the start.
“A lot of people think IT security is just ticking boxes, but actually it isn’t, and it’s when it becomes just ticking boxes that it becomes unrealistic,” Whelan said.
Putting solutions into place and addressing issues that come out of regular testing of your security system is the “primary mitigation to risk to insurance company customers,” he argued.
Guarding clients from malicious insiders, a threat many argue is nearly half the total cyber danger, relies on behaviour analysis technology according to Whelan.
It’s a relatively recent innovation “which enables you to profile a normal activity of a user on the network” Whelan said, saying his company uses products called SecurOnix and Darktrace.
“They identify what’s normal on the internal network and when something abnormal happens they raise it as an incident,” he explained.
If someone from the development department from any given company started uploading files online for the first time, for example, behaviour analytics would alert the security team.
Want the latest insurance industry news first? Sign up for our completely free newsletter service now.
“The first thing to do is to identify what a business’s crown jewels are,” Whelan said. “We have a three-step process for implementing security, the first one is to make sure you have the ability to make logs, the second step is to build an asset model.”
An asset model means two things, Whelan explained: laying out what a company owns or operates and how important that asset is to the company.
The third step is identifying vulnerabilities.
“We take all that information and process it using a correlation engine called a seam platform,” Whelan said. “We look at all the attacks coming into your systems, we know what you’re vulnerable to, what you’re not vulnerable to.”
Whelan made the point that companies shouldn’t spend their security budget evenly across their business but instead identify what needs protecting and where.
The biggest trends in cybersecurity for 2017 are APIs or the method computers talking to each other being exploited, companies launching on the cloud as well as denial of service and ransomware “continuing to be a pain in everyone’s butt” Whelan said.
Related stories:
