Technology
Published by Gbaf News
Posted on October 25, 2016
Global Banking and Finance Review
Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.
Published by Gbaf News
Posted on October 25, 2016
Robert Rutherford, CEO of the business and technical consultancy QuoStar
Robert Rutherford
In the British Insurance Brokers’ Association (Biba)’s 2016 manifesto, the Rt. Honourable Matthew Hancock, MP and Minister for the Cabinet Office, stated that “cyber-security is a significant and growing threat to the UK”. This could not be truer than for the insurance industry.With 70% of large insurance firms having reported a serious hacking attempt, it is clear that hackers are still capitalising on vulnerabilities, both old and new, alongside traditional social engineering techniques. The big guys are at risk, but it’s now the smaller operations that are key targets for exploitation.
The security breaches faced by organisations within the insurance industry are part of a larger cycle – crucially, the time lag between a vulnerability being identified and being fixed by the vendor of the software needs to be as short as possible, and yet many businesses still don’t truly understand the risks and potential damage. In a bid to rectify security awareness within the insurance industry, Biba announced at its 2016 conference that it would be forming a cyber committee to help the industry identify and control their risks more effectively. However, until this committee is put into action, firms remain vulnerable and must take responsibility for their own cybersecurity strategies.
The risks of dated software
The outdated legacy systems retained by a surprisingly large portion of the financial sector does not always hold up in the face of a barrage of cyber attacks, particularly if an attacker gets past perimeter defences. Hackers are attracted by the monetary value of transactions flooding through these firms on a daily basis.
One of the main entry points for hackers is based on the susceptibility of these dated systems. Hackers are constantly evolving and sharing their methods to attack via a weakness in security systems, so firms need to continue to implement controls such as portable encryption, endpoint protection, email content control, data leak prevention, intrusion detection and prevention systems as a minimum.
The ISO 27001 standard is an international standard for best practice and continual improvement in IT security and is an excellent starting point in building an effective Information Security Management system, one which has to continually improve to remain certified. It’s a sensible route for a firm’s leadership to take so they can truly understand and take top-level accountability for risks and controls without needing to get into technical detail.
Employee education
The primary cause of data breaches comes through a lack of employee awareness, which can lead to staff being unknowingly socially engineered. It is an organisation’s responsibility to understand the risks associated with being hacked; ranging from reputational damage to financial damage, or even to the loss of client data. Employee training is undoubtedly a necessity to complement updated software. It is clear that to protect a firm’s interests; employees must be installed as the first line of defence. Technology is swiftly advancing, and unless employees are regularly retrained in the guises of cyber attacks, they can become easy targets.
The larger the firm, the larger the risk
What is normally lacking from IT security knowledge revolves around just how many access points there are for hackers.It is not just the computers in an office at risk; each server, printer, entry system, or device logged into an office cloud based software is a potential breach. With every new connection to the network, a new risk point is created, presenting a significant problem particularly for larger firms with an extensive employee and client network. Therefore, firms across the insurance industry must train their employees effectively and increase awareness of just how easy it can be to succumb to a hack. Whilst technology is a key part of the cyber security puzzle, it must be recognized that there is a level of human interaction too; without a full risk assessment and employee understanding of how to minimise the chances of a breach, any organisation could be considered to remain vulnerable to hackers. The days of spam emails and simplistic viruses are over, it’s a global threat and people are hacking for financial gain. All insurance firms must realise that they are definitely at risk.
Robert Rutherford, CEO of the business and technical consultancy QuoStar
Robert Rutherford
In the British Insurance Brokers’ Association (Biba)’s 2016 manifesto, the Rt. Honourable Matthew Hancock, MP and Minister for the Cabinet Office, stated that “cyber-security is a significant and growing threat to the UK”. This could not be truer than for the insurance industry.With 70% of large insurance firms having reported a serious hacking attempt, it is clear that hackers are still capitalising on vulnerabilities, both old and new, alongside traditional social engineering techniques. The big guys are at risk, but it’s now the smaller operations that are key targets for exploitation.
The security breaches faced by organisations within the insurance industry are part of a larger cycle – crucially, the time lag between a vulnerability being identified and being fixed by the vendor of the software needs to be as short as possible, and yet many businesses still don’t truly understand the risks and potential damage. In a bid to rectify security awareness within the insurance industry, Biba announced at its 2016 conference that it would be forming a cyber committee to help the industry identify and control their risks more effectively. However, until this committee is put into action, firms remain vulnerable and must take responsibility for their own cybersecurity strategies.
The risks of dated software
The outdated legacy systems retained by a surprisingly large portion of the financial sector does not always hold up in the face of a barrage of cyber attacks, particularly if an attacker gets past perimeter defences. Hackers are attracted by the monetary value of transactions flooding through these firms on a daily basis.
One of the main entry points for hackers is based on the susceptibility of these dated systems. Hackers are constantly evolving and sharing their methods to attack via a weakness in security systems, so firms need to continue to implement controls such as portable encryption, endpoint protection, email content control, data leak prevention, intrusion detection and prevention systems as a minimum.
The ISO 27001 standard is an international standard for best practice and continual improvement in IT security and is an excellent starting point in building an effective Information Security Management system, one which has to continually improve to remain certified. It’s a sensible route for a firm’s leadership to take so they can truly understand and take top-level accountability for risks and controls without needing to get into technical detail.
Employee education
The primary cause of data breaches comes through a lack of employee awareness, which can lead to staff being unknowingly socially engineered. It is an organisation’s responsibility to understand the risks associated with being hacked; ranging from reputational damage to financial damage, or even to the loss of client data. Employee training is undoubtedly a necessity to complement updated software. It is clear that to protect a firm’s interests; employees must be installed as the first line of defence. Technology is swiftly advancing, and unless employees are regularly retrained in the guises of cyber attacks, they can become easy targets.
The larger the firm, the larger the risk
What is normally lacking from IT security knowledge revolves around just how many access points there are for hackers.It is not just the computers in an office at risk; each server, printer, entry system, or device logged into an office cloud based software is a potential breach. With every new connection to the network, a new risk point is created, presenting a significant problem particularly for larger firms with an extensive employee and client network. Therefore, firms across the insurance industry must train their employees effectively and increase awareness of just how easy it can be to succumb to a hack. Whilst technology is a key part of the cyber security puzzle, it must be recognized that there is a level of human interaction too; without a full risk assessment and employee understanding of how to minimise the chances of a breach, any organisation could be considered to remain vulnerable to hackers. The days of spam emails and simplistic viruses are over, it’s a global threat and people are hacking for financial gain. All insurance firms must realise that they are definitely at risk.