Other parts of this series:
As cyber attacks grow more sophisticated and frequent, so do tools to combat them. Combating vulnerabilities by enlisting effective internal and external resources can enhance security—and sleep.
While you are lying in bed worrying about the ability of your firewall to withstand an attack, you may be focusing on something new: The next attack could originate from within your building.
A new survey by HIS Research and Accenture revealed that insider data theft tops the list of concerns for enterprise security executives and other IT professionals across industries and geographic areas. In fact, a whopping 69 percent of respondents reported that their data had been subjected to attempted or successful theft or corruption by insiders during the past 12 months.
Insurance executives do have a choice. They can allow their list of worries to keep growing, or they can take more action to lessen the dangers and mitigate any cyber intrusion. Assembling and training a best-of-breed staff can certainly help, but going further and getting outside help from those with expertise to handle the latest threats can be even more beneficial for many organizations.
So how do you keep your business resilient? Here are a few things to consider:
- Know your vulnerabilities. Only 5 percent of insurance executives surveyed by Accenture reported that they proactively test systems on a continuous basis by running inward-directed attacks and provoking intentional systems failures. And only 25 percent consistently design resilience parameters into their operating models and technology architectures.
- Make real, informed decisions on spending to protect vs. spending to enable. Resources are limited in most organizations, so there can be a lot of tension between both camps. Clearly business must invest to grow, but it is equally important to factor in the potential cost of down time, loss of business, dollars and reputation when deciding how to allocate resources.
- Resilience is a leadership issue – not just a systems test. In companies with effective resilience practices, these start with the CEO and usually include the CIO and at least one other C-suite executive responsible for continuously monitoring and improving business resilience. A board-level committee is also an advantage in getting everyone prepared for any scenario.
In insurance, as in other industries, problems with talent can thwart better systems protection. Of the executives in the HIS Research-Accenture survey, nearly one-third of respondents reported that either lack of training or inadequate staffing budget was the greatest inhibitor to combating attacks. That makes sense, given the explosion of new technologies in use and of data to protect.
Meanwhile, hackers have grown much more sophisticated, but so has the availability of tools and skills that can more quickly identify patterns left by the hackers. Even sophisticated attacks often can be prevented or mitigated before they do real harm. The bar is high, and organizations need to keep current with the proper plans and staff ready to deploy where needed. In many cases, the best response is probably a combination of better hiring/training for internal security personnel, plus engaging outside organizations to help prevent and mitigate high-level attacks.
For example, D.C.-based FusionX specializes in performing a deep penetration into a client’s system, hacking away until they enter or break a system that might previously have been thought secure. As an outside entity, FusionX has the advantages of detachment, sophisticated tools and the knowledge of new intrusion techniques early in their lifecycle. This enables them to help protect, detect and respond to intrusions in ways most organizations cannot do for themselves.
Meanwhile hard-core insomniacs have something positive on which to focus: Accenture’s new Cybersecurity Research and Development (R&D) Lab.
The Cybersecurity R&D lab, which opened in June, is focused on unique projects in advanced-threat intelligence, active defense and industrial Internet of Things security. Located in Israel—home to much of the world’s breakthough security expertise—it is using the latest developments in artificial intelligence, blockchain and advanced analytics from across Accenture’s global network to give clients access to advanced security innovations.
At the end of the day, no organization can—or should—publicly announce it is completely secure. That’s like running into a bullring dressed in red. But there are steps to take and expertise into which to tap that can make an organization more resilient, and help an executive sleep better.