MGA : TPA
Jinivizian believes foundational preventative technologies are key . But he also says that they are simply part of the overall solution , which is about managing business risk from a holistic perspective . “ In an ideal situation , the conversation should start with senior management , about what assets are at risk and need to be protected , what is our level of security maturity , and what are we aspiring to achieve through our cybersecurity strategy .”
He explains that , if 50 % or more UK businesses have experienced a material breach or event in the past 12 months ( UK DCMS report ), then it ’ s evident many technologies are being bypassed . While every organisation is different , basic security hygiene – such as proactive patch management , implementing multi-factor authentication , and considering zero-trust and privileged-access management – is essential .
“ Given the move to home working , having the right tools to monitor and manage those laptops and mobile devices is key . But assuming some threats bypass those technologies , there ’ s the need for businesses to act and respond , isolate and contain those threats to avert a compromise or critical event .”
That capability can be partly automated through technology , but with more and more sophisticated attacks being augmented by ‘ hands-on ’ adversaries ( in other words , an individual on the adversary side actively engaged on a computer at critical points in attack to bypass defensive controls ), experienced threat hunting and threat response skills are becoming more and more important . “ Businesses need to recognise that a capability beyond prevention should be in place , as ideally should an incident response plan .”
Back to basics to prevent cybercrime The insurance industry itself is a large target for criminals , who purposely select those industries that rely on a wider ecosystem , managing and collecting vast amounts of personal data . The stakes have never been higher for both insurance companies that rely on easily breached legacy systems and insurtechs that enjoy a large number of strategic collaborations .
Carmine Del Guercio , Manager of Cyber Attack and Defence , Mazars , says it ’ s no surprise that the insurance industry and its technology is a high-value target to malicious actors . “ They often house vast arrays of sensitive information that can be sold on the dark web – from personal and financial information to actual hard cash . The insurance industry will continue to be a target for those looking for a modern-day heist .”
88 May 2022