Latest advice for companies large and small from BAE Systems, experts in cyber defence strategy;
Looking ahead to the rest of 2020, what can insurers, brokers and agents communicate to their clients when it comes to cyber risks and regulations? Regardless of the General Election result and Brexit, it seems likely that EU rules on GDPR, data handling in general and email privacy will apply to the UK too, at least in the short term. But insurance is a global business, so what else is worth considering?
Well it’s likely that we will see more attempts at data hacking and ransomware this year and it’s the truly global nature of insurance that amplifies the risk. A 2019 study by Cambridge University put the Insurance sector at sixth place in terms of cyber attack risk, with Healthcare, Engineering, Media and IT Services all ranked even riskier. Top of that list was Biotech and Pharma, and the key factor identified by Cambridge University was the supply chain involved in Pharma.
From marketing to packaging, consumer leaflet translation, research into active ingredients, clinical trials results, plus submission for approval in different regulatory markets, the pharma product development cycle typically involves hundreds of companies and potentially thousands of individuals.
This highlights one of the key risks that insurers can communicate to their clients; data touch points, especially involving third party suppliers. This daisy chain of data is something that BAE Systems understands extremely well, because within each link there is the possibility of a virus being passed on via an attachment, or web link, plus the chance of data being copied and pasted, or sent somewhere insecure.
What insurers need to tell clients is that not only traditional emails, but social media channels like Whatsapp, Twitter or LinkedIn all have their pitfalls, as well as benefits, and it is essential that data needs to be tracked and verified at every stage. Verifying ID, in real time, is one of the key areas that BAE Systems sees as becoming much more important in 2020. This will be a year when companies will need to be very aware of fake ID being submitted online, not just to try old fashioned financial scams, but to acquire data, which is not only valuable to hackers, but that breach can cost your company millions in GDPR/ICO fines.
THE BEGINNING OF THE END FOR PASSWORDS
BAE Systems sees 2020 as being a year when we begin to phase out old fashioned passwords, at least within the corporate world. The reasons are two-fold; first, AI is going to help hackers automate their attacks on an even bigger scale, with password guessing attempts being made at a rate of millions per minute. Interestingly, a University study in Texas carried out in 2019 found that AI software could analyse the sound of smartphone or laptop keystrokes, and guess a password from the acoustic sound wave pattern.
This means the rise of the Internet of Things offers another way for your password to be recorded and copied by Artificial Intelligence, and then sold onto pro hackers.
So these are two reasons why we see some kind of AI or deep learning software being developed to combat such automated online attacks, and ultimately, the phasing out of passwords entirely. A combination of facial scanning, plus real-time verification codes is perhaps the most likely replacement for the cumbersome password system.
Finally, the introduction of new data privacy rules in the State of California may well prompt more stringent legislation across the USA in 2020, with companies having to implement strict rules on consent, data storage and sharing to third parties. Just as we have seen in the UK and EU markets with GDPR, big fines are likely for breaches, so it seems that insurers active in the US would be wise to prepare their clients to adapt to the new regulations right now.
Have a busy, and virus-free 2020!
This article is sponsored content, produced in association with BAE Systems