Presenter: Kevin Baker, Westfield
Ransomware is multibillion-dollar business. Same old crimes.
Different methods. Unfortunately, you cant really count on law enforcement for
cyber crime. Prevention is, therefore, crucial.
If you call yourself a risk manager, can you really not do well at
cyber risk? It requires investment in people and will not be easy to prove ROI
because you are trying to answer the question, What didnt happen?
Building a solid cyber-security program requires a series of
steps. First, we have to know what we are threatened by. Then we need to
ascertain what we can do to shut out or shut down those threats. Most cyber
security starts with moats or firewalls that stop intruders from incursions in
the first place. More-sophisticated programs increase protection through a
layered method that blocks intrusion but responds if something harmful gets
through.
Now, many larger companies can react very fast and shut an
incursion down before serious harm is done. As a carrier, we dont trust any
single control. It is the aggregation of many solutions that provides true security.
We use artificial intelligence, automation and big data analysis to secure our
systems and track hackers.
Attributes of a good information security program:
Is deliberate
Doesnt depend on a single defense
Assumes intrusion will occur
Automates detection and reaction
Moves away from signature-based technology toward behavior-based tech and then to AI
Doesnt allow security vendors to drive program strategy
Isnt a battle you can win by yourself
The NAIC Model Law for cyber security is gaining adoption by
statesknow it and know your vendors. You are responsible. Remember, compliance
doesnt produce security; rather, security will make you compliant.
We are going to have to share our experiences to beat cyber crime.
The bad guys are sharing methods. Why arent we? Banks are, which makes them
smarter. We need to also.
Technology is only part of the answer - Changing behavior is the
major part.
Some carriers are taking steps to enforce cyber security. For
example, Westfield is rolling out multifactor authentication for our new agency
partners beginning this summer.