This latest Opinion piece is by AJ Thompson, CCO at Northdoor plc and it looks at cyber resilience. It isn’t just about hackers and phishing, it’s about back-up plans and managing emerging threats company-wide.
The last year has been a challenging one for all in the insurance sector. Huge change in the way companies work, employees working remotely or as part of a hybrid team and an increase in the demand from customers wanting the most up-to-date and accurate information.
On the whole, the sector has coped well with this huge amount of flux. However, one area that has remained a real concern has been cyberattacks. We have seen a real increase in the number and level of sophistication of these attacks, with cyber criminals upping their efforts to take advantage of the uncertainty and change of circumstances for companies and individuals.
Most insurance firms will have some form of cyber defence in place as well disaster recovery solutions. Some think that this is enough to protect against the growing threat of cybercrime. However, this approach is no longer as effective as it once was, as threats become more sophisticated and damaging.
The impact of cybercrime on the insurance sector
The impact of cybercrime has had a double impact on the sector. Unlike other sectors the insurance industry also has deal with the impact of cybercrime on other companies. Cyber insurance is a quickly growing part of the industry, and one, in the face of such increased cyber-criminal activity, that has been incredibly busy over the past few months.
Due to the focus on the cyber insurance side of the sector, the threat to insurance companies themselves can sometimes be somewhat overlooked. However, with the amount of hugely sensitive, and therefore valuable, data now collected and stored by insurance firms, they have become an attractive target for cyber criminals. It is not just the confusion and change caused by the pandemic that has increased the risk for insurance firms. The whole sector has been embracing digital transformation projects in order to help keep up with customer expectations. This has led to more ‘entrances’ into data and infrastructure as well as closer working relationships with partner companies and third parties, again increasing risk.
All of this combined has meant that the insurance sector has seen an increase in the number of attempts by cyber criminals to gain access to key data and infrastructure. One of the main threats facing the insurance industry in that of ransomware attacks.
Cyber criminals are using increasingly sophisticated approaches to gain access to data and infrastructure. Phishing and malware attacks are on the rise and once the criminals have access to the data, they are often free to roam unobserved, identifying key data deposits and taking what they want, when they want to.
Indeed, we have seen criminals remain unobserved in infrastructure and systems for months as they identify the key data and information that holds the most value or has the potential to do the most damage.
Once the data is in their possession criminals are not only selling it, but they are increasingly holding it to ransom. Hiscox’s Cyber Readiness Report 2021 has highlighted that ransomware is now commonplace. It found that one in six firms (16 percent) was targeted with ransomware, of which, and most disturbingly, over half (58 percent) paid the ransom. It found that phishing attacks were the most common entry point and that the cost of recovery from a ransomware attack was almost as high as any ransom paid (making up an average of 45 percent of the overall cost).
Cybersecurity remains important, but cyber resilience is now critical
The nature and volume of the cyber-attacks now targeting the insurance industry means that many of the tools currently utilised by firms are no longer effective enough to ensure that businesses can recover in the face of a successful hack. Cyber resilience is increasingly being seen as a key tool for insurance firms to turn to, to ensure that they are able to continue trading effectively, before, during and in the aftermath of a cyber-attack.
Cyber resilience solutions differ substantially from cybersecurity tools. Cybersecurity tools focus on protecting companies from cyber-attack. They are designed to make it as difficult as possible for cyber-criminals to get through. Certainly, firewalls, anti-phishing and anti-malware solutions can be effective, but there tends to be an over reliance from companies on these tools and an assumption that with them in place they are completely secure.
However, cyber-criminals are increasing not just the volume of attacks but the level of sophistication too. Insurance firms that sit behind firewalls thinking that a criminal will never gain access, have to rethink. Cyber-criminals will always be one or two steps ahead of cybersecurity solutions, with security vendors playing catch-up. Sitting behind walls that the cyber-criminal may already have the tools to scale is a somewhat naïve approach.
Putting in place solutions that help to protect insurance firms if the worst happens and a company is successfully hacked or data is breached, is an approach many in the insurance sector are starting to take. Cyber resilience helps organisations protect against cyber risks, but also limit the impact of any damage, helping to ensure the company can continue trading during and in the aftermath of a cyberattack.
Disaster Recovery vs cyber resilience in the insurance sector
Cybersecurity solutions have to be in place to put some form of defence against cybercriminals trying to gain access. Likewise, many insurance companies, especially after the last year of huge change, have in place Disaster Recovery (DR) infrastructure and plans. Like cybersecurity, firms are using cyber resilience alongside DR. Indeed, cyber resilience assumes that DR infrastructure is already in place. Recovery from a specific, destructive cyber-attack can be a very different proposition from the recovery from another disaster like a power surge, a flood, fire or similar event.
Cyber-attacks are typically not limited to a specific location so the potential of their impact can be wide ranging and potentially disastrous, even with traditional disaster recovery solutions in place. These traditional backup and recovery approaches have proven insufficient to fend off these evolving and increasingly sophisticated threats. Backup and DR solutions were never designed to minimise production exposures and avoid the resulting negative business impacts.
One key aspect of the cyber resilience tool kit, is cyber recovery. It is very different to disaster recovery as it provides an isolated, operational air gap for data vaulting. This is a crucial difference. A true logical air gap needs to be inaccessible and offline – not just in a different location, otherwise it can still be compromised by cybercriminals.
Unlike data recovery, cyber recovery identifies the key data and claims it. DR simply takes the data pushed from the website or infrastructure. It is not specifically identified as key data and comes in huge volume. DR then takes the large quantity of data collected and places it in a data centre and in some cases a secondary, backup data centre. In contrast, the cyber recovery solution takes the business-critical data collected and holds it in separate offline silos, ensuring that the data is inaccessible to criminals who might gain access to infrastructure.
The way the data is collected also means that the silo is only open for the split second it needs to grab what it has identified as business critical information. The DR solution approach means that the portal is almost constantly open, offering cybercriminals an easier route in.
Resilience within the insurance sector
Resilience has been the key word for all in the insurance sector over the course of the last year. By showing resilience insurance firms have been able to continue through uncertain and ever-changing times. This resilience should be taken into protecting data, which is now more valuable and sensitive than ever before.
By using cyber resilience tools alongside existing DR and cybersecurity solutions insurance firms can have some peace of mind that they are building more resilience into their business. Cyber resilience not only helps to keep the cybercriminal out, but also ensures, in the worst-case scenario, that the most business-critical data is safe, allowing companies to continue working in spite of the successful attack, mitigating damage to infrastructure, reputation, and finances.