Staying One Step Ahead of the Hackers
A brief reflection together with some key points coming out of last week's Insurance Insider “Cyber Summit 2021”; where CGI were a sponsor.
The conference gathered some of the leaders from across cyber insurance to discuss the rapidly changing landscape, as we face headline-grabbing attacks and rising costs of cyber related issues. While the topics included claims experience, pricing, reinsurance, or analytics, our attention was drawn to “How to Stay Ahead of the Hackers”.
Graeme King from Volante reminded us that the brazenness of the attacks on the Colonial pipeline or on the JBS meat supplier raised awareness of cybercrime. Most businesses and consumers sadly now know what a ransomware cyber-attack is!
Graeme Newman form CFC Underwriting gave us some pragmatic measures: company revenue is a good proxy for size of exposure, while spend on IT security is a good proxy for quality of cyber defences.
Jason Crabtree from Qomplx gave us deep insights how cyber criminals act: Adversaries are moving where the targets are softer. It is no longer a teenage hacker in their bedroom – these are nefarious state actors or organised criminal cartels. An attack on a network core leads to largest losses, hence active directory domain controllers are most valuable targets to cyber criminals, “if you control key distribution centres, you own the network”. As a CISO if you are not looking at your domain controllers all the time, bad guys will find it first. The attack on Maersk nearly led to massive insurance and societal costs.
Finally, our own Richard Holmes from CGI offered few tips how to stay ahead of the hackers. All businesses are targets, whether big or SMEs with ransomware being the greatest threat. Unfortunately, the question to companies is not “if” but “when” they might be attacked, and incident response preparedness is key. Every organisation can and should take inexpensive steps to prepare, including:
· Check frequently that your back-ups are working
· Segment particular parts of your network
· Monitor all and turn-off unused/suspicious log-ins.
We at CGI are passionate about cyber-security. Working here in the UK and globally, with our clients across Financial Services, government agencies, UK Police Force & the Royal Navy we are privileged to contribute to some of the best world-class cyber security. Regardless of your business size, you will always want to remain one step ahead of the hackers.
Paul, thank you for sharing these thought-provoking insights.?Cyber is an exponentially growing risk for businesses and society, with the insurance and IT professions looking for solutions.??Great to have experts like Jason Crabtree or Paul Wishman on our side.
Managing Director of Advisory at Bubblegum Consulting
3 年Hi Wish, the current issue regards ransomware is wider here than companies are admitting. Those who spend a fortune protecting their estate are often too embarrassed to discuss openly as they have reputational concerns. As you rightly say it’s not a question of “if”, it’s more regards “when”, the recovery solution and how you take proactive steps in reducing that risk. Munge