Combatting Cyber Threats: Predict, Prevent, Persist
Carlos Fernandes | February 12, 2014
U.S. companies have become a target for hackers across the world.
By Carlos Fernandes
Cyber incidents are on the rise, with nearly 100 percent of Forbes Global 2000 companies reporting breaches within the last 18 months. With the emphasis placed on new and emerging technologies, corporate America has become an attractive target for cyber criminals.
Contrary to rising domestic and international accusations and mistrust of U.S. government cyber programs, prompted by media attention to NSA contractor Edward Snowden and the NSA Surveillance Program, the U.S., by policy, does not engage in economic espionage. By contrast, most other nations do. We have all heard news reports of nation-state sponsored cyber activities, targeting U.S. public and private sector organizations, allegedly from China and Iran.
It is further alleged that Iran, in retaliation for the Stuxnet incident in 2010 responsible for setting back their nuclear ambitions, has recruited the largest army of hackers on the planet. According to Vice Admiral Mike McConnell, former NSA and DNI Director, speaking at the Bloomberg Cybersecurity Conference in October 2013, it is estimated that over 200 nations have an active Cyber Intelligence capability.
Cyber tools, used for computer network exploitation, can also be used for cyber-attacks. These capabilities are cheap and are being built by the thousands. The alarming reality is that most U.S. corporations have been penetrated and in most if not all cases malware has been installed and hidden within their networks, with data either currently being “exfiltrated,” or with an ability to do so remotely and at will.
It is estimated that over the next 10 years, if these clandestine operations against U.S. corporations continue, there will be serious consequences to our free market economy. Our market-leading, competitive advantage in research and development and world class innovations could be greatly reduced, potentially hurting our ability to compete globally.
We believe that the answer to combatting this threat is focused around the concept of precognitive capabilities, a holistic approach utilizing both artificially intelligent technologies and top industry cyber professionals, with a laser focus on predicting, preventing, and persisting against cyber incidents.
An ethical hacker was recently quoted saying, “Given enough time and resources, I have always been able to breach my target. I start with the low-hanging fruit. The sad truth is that there is so much low hanging fruit to choose from. If I can do it, there are others that can, too.”
The fact is that much of this low-hanging fruit can be eliminated with the 80-20 rule. About 80 percent of cyber breaches can be prevented with the application of industry security best practices. It’s the remaining 20 percent that causes C-level executives (especially those from Target and Neiman Marcus) to lose sleep at night.
The alarming reality is that regardless of how diligent any organizations’ IT department is at reaching compliance with security best practices, it is impossible to eliminate all vulnerabilities. I equate it to the legend of the Dutch boy plugging the hole in the dike with his finger, in an effort to hold back the Atlantic Ocean. You plug one hole only to find ten more. You simply end up running out of fingers.
So, what’s there to do and where to begin? We can no longer afford to wait for a breach to occur before we respond. We must predict and prevent—educate, train, and employ security best practices so that when the adversary strikes we are ready. The following is a simple list that, if applied, is guaranteed to reduce cyber incidents.
- Develop a security and risk assessment strategy
- Implement the strategy
- Establish a security baseline, aligned with best practices
- Identify security gaps
- Prioritize findings
- Develop and implement a mitigation strategy
- Continuously monitor network assets
But to stop there would be a mistake; we must persist. It has been said more than once that the solution is less technical and much more philosophical and political. Cyber security is not a once and done IT project. It is an ongoing effort with newly evolving threats that we must anticipate and adapt to overcome.
I encourage those of us that have been in the fight for many years to not grow weary and continue to look for ways to find common ground for reaching collaboration between public, private, and international communities, with the realization that cyber security is a journey, not a destination … it never ends.
Carlos Fernandes is Salient’s director of the Cyber Security Center of Excellence. He is a Certified Information Systems Security Professional (CISSP) with over 21 years of experience in information security. Prior to joining Salient, Carlos served as founder and managing pPrincipal/CEO of Agile Cybersecurity Solutions. He can be reached via email at email@example.com
- Take a Business-Driven Approach to Continuous Improvement for Core Systems and Processes
- Electronic Chat with Ron Glozman
- Guidewire’s Data Guru Mike Byam on How Insurers are Using Internal and Third-Party Data
- Electronic Chat with Russ Bostick
- Electronic Chat with Rock Schindler
- Electronic Chat with John Siegman
- Electronic Chat with Martin Burlingame
- Insurtech Landscape 2019: Top 5 Takeaways
- Grinnell Mutual Tackles Massive Transformation -- in Stride
- A Candid Conversation with Paul Mang
- SageSure Insurance Managers Improved Competitiveness by Consolidating Payments to a Single Digital Platform
- Digital Does Matter in Insurance-- And Insurers are Missing the Mark
- The 22nd-Century Insurer: Taking a Cloud-First IT Approach
- The September/October 2019 issue of ITA PRO magazine is now available in digital format here:
- ITA Pro Magazine May/June 2019
- Spotlight on the 2019 IASA Conference
- ValueMomentum Selects Erie as Site of Regional Development Center
- Capgemini and Majesco Become Alliance Partners
- Electronic Chat with Dr. Dan Shoham
- Electronic Chat with Todd Greenbaum
- Martha Notaras: The “Outsider” with an Amazing Inside View
- Electronic Chat with Larissa Tosch
- Martha Notaras Will Join ITA LIVE 2019 as a Keynote Speaker
- Five Things to Consider When Evaluating Your Cyber Risk
- ITA Pro Magazine, January/February 2019
- Synergy Between Insurers' IT and Analytics Teams Key to Operationalizing Insights, Says Novarica
- Major Ransomware Attack Could Hit U.S. with $89B In Economic Damages
- ITA Announces 1st of Three Keynote Speakers at ITA LIVE 2019
- Electronic Chat with Jeroen Morrenhof
- Legacy Systems Are Dead. Really? Don't Count On It.
- Now Accepting Nominations for the 2019 ITA Bridge Awards
- It's time to register for ITA LIVE!
- Registration is Now Open for ITA LIVE 2019!
- What to Expect from a Digital Experience Platform Implementation
- ITA Pro Magazine September Edition is Now Available
- It's National IT Professionals Day
- Save the Date for ITA-LIVE 2019
- OneShield Software and UrbanStat Work Together to Improve Real-Time Analytics and Risk Decision-Making
- ITA LIVE 2019 - SAVE THE DATE!
- Insurance Technology Association Announces New Editor-in-Chief
- August 2018 Edition ITA Pro Magazine is Now Available
- Enterprise Architecture in an Agile World
- Top 10 Tips for Securing Your Mobile Devices and Sensitive Client Data
- Industry Insight: 4 Global Insurance Trends in Digital, Data, Content Services and Security
- Diving Deeper into Prioritizing Your Strategic Digital investments
- Why Content Rules
- How Mass Personalization Will Open the Small Business Benefits Market
- At Year End 2017, Will Your Organization Be Protected from Cyber Risks?
- Do Insurance Bots Dream of Mitigating Risk?
- Conditioned to Respond
- Managing & Mobilizing Insurance Data in a Connected World
- Race to the Finish Line
- New Tools, New Opportunities in Claims
- ITA LIVE: Reaching Insurance Industry Crossroads
- Advice to Insurance IT Leaders: Keep Your Eye on the Ball
- New Date, Venue for ITA LIVE 2017
- Guidewire Makes Major Push to Small and Midtier Market by Acquiring ISCS
- Insurance Disruption is Happening Right Now
- Insurity Adds Strategic Investment Partner, General Atlantic
- Beyond Transformation: The Convergence of Finance, Risk, and Actuarial Functions
- The Rapid Evolution of Consumer Protection Regulation
- Talent Hunt: Finding, Attracting, Retaining Top People
- Insurers Flexing Their Distribution Models
- Technology Driving Disruption in Insurance
- Fear of ‘Next Bubble’ Challenges Life, Annuity Carriers
- Technology Allows Commercial Lines Insurers to Stand Out
- Single Sign-on Viewed as Biggest Tech Challenge for Agencies
- ISCS Observes 20th Anniversary; Scurto Predicts Major Changes Ahead
- Policyholders and Their First Impressions
- Progressive Making Progress on the UBI Front
- High and Dry: Insurers Search for Disaster Recovery Plans
- Insurers Sign The (Un)Dotted Line
- Reflections of a Retired Insurance CIO
- Mobile Device Management Just One Answer to BYOD Issue
- Lessons from GEICO and Progressive on Winning the Critical Buying Stage
- You Are a Target for a Cyber Attack
- Web-based Systems are the Next Evolution in Claims Technology
- Gaining a “Wow” Experience from Web Users
- Time to Shift from Business/IT Alignment to Business/IT Alliance
- Healthcare Insurers Changing to Consumer Model
- Organization is the Key for Selecting Software Vendors
- Analysts Expound on the Needs of the Mid-tier Insurance Market
- Finding the Cure for Obamacare’s Website
- New Software Solutions Benefit Insurers on the Inside and Outside
- Products, Market Impede Investment in Systems for Life Insurers
- Combatting Cyber Threats: Predict, Prevent, Persist
- The Future of Telematics Heads Beyond Insurance
- The Shame in Cyber Security Lapses
- Building Policy Administration Systems for the Future
- Insurers Look Into The Eyes of Their Policyholders
- It’s a New Dawn for the ITA
INSURANCE IT NEWS
- SDRefinery Rebrands to Reflect Evolving Business Model and Announces New Appointments
- Zywave Acquires Data Analytics Provider miEdge
- Trov Launches White-Label Renters Insurance Application in Partnership with Lloyds Banking Group
- Bestow Announces Executive Hires
- OCTO Acquires Nebula Systems, Reinforcing Leadership in Intelligent Vehicle Diagnostics
- Eastern Alliance Insurance Group Selects Insurity’s Cloud-hosted “Workers’ CompXPress Suite”
- SageSure Insurance Managers Appoints Paul VanderMarck to Accelerate Innovation
- The Commonwell Mutual Insurance Group Deploys Guidewire InsurancePlatform in Deloitte’s InsurCloud
The Email Chat is a regular feature of the ITA Pro magazine and website. We send a series of questions to an insurance IT leader in search of thought-provoking responses on important issues facing the insurance industry.
ITA LIVE 2020
ITA LIVE 2020 –SAVE THE DATE!
April 5th – 7th, 2020
The Diplomat Resort
Become a member today to receive updates – www.itapro.org/MR
BLOGS AND COLUMNS
You have surely heard it said that small businesses are the growth engine for America. Today, the phrase has a special ring to it for benefits... READ MORE
With stagnant growth and lingering low interest rates, the life insurance industry faces a challenging future... READ MORE
Finding insurance carriers willing to write commercial lines risks has always been a challenge for producers... READ MORE
As Guidewire Software prepares for the start of Connections, its 11th annual user conference that begins on Nov. 2, Brian Desmond, chief marketing... READ MORE