Fight against hackers is like 'Cold War on steroids'

Hacker

The cyber security and insurance industries are focusing too much on products and neglecting the human factor that is at play in 95% of data breaches, a conference heard.

Casey Fleming, CEO of Blackops Partners, a US-based security consultancy, told Advisen’s Cyber Risk Insights Conference that online attacks had doubled from 2016 to 2017 and that one-third of attacks against companies were successful.

“In the cyber industry, we’re fighting a ghost,” he said.

“We’ve got the wrong focus on products. Products are only protecting companies 4%. 95% of breaches are human-involved”.

“We still need the products,” Fleming added. “We’ve got to master the big picture, we must know our adversaries”.

He described a new global competitive model characterised by “asymmetrical hybrid warfare”.

“It’s non-conventional warfare; the battlefield is in our companies, in our homes,” he warned, explaining that China, Russia, India, Iran, and North Korea were waging this warfare with the aim of changing the world order.

“Nation states are using the dark net as another means of penetrating our companies,” Fleming said.

One-third of the UK GDP is stolen each year, he claimed. He said the war is Asian in its design and its development, pointing the finger at the Chinese Communist Party as the main instigator, but also noting that Russia had upped its game recently.

“It is the Cold War on steroids because of the speed of the internet,” Fleming said.  “The ultimate goal is to choke the economies.”

In the UK and the US, cyber security is looked at from an operational or tactical point of view, whereas “our adversaries have cyber security at the strategic level”, he said.

“The industry is very reactive-based, not proactive based at all,” he continued. “We’re looking through the wrong end of the telescope.”

He urged: “We’ve got to focus on the human factor, we’ve got to focus on our adversaries. Our industry is driven by products that provide less than 5% protection.”

He stressed that cyber attacks had doubled from 2016 to 2017 and that one-third of attacks against companies were successful. “It’s a business risk issue, it’s a human factor issue, it’s not an IT issue,” he insisted.

As corporate strategies need to be adapted to this cyber warfare, he urged risk managers to make their boardrooms aware of these risks and to “get the conversation started”.

To protect a company’s assets against cyber risks, he recommended the use of a VPN and the following recipe: “Identify the crown jewel of your company. Identify that information, limit access to it, keep that locked down.”

  • LinkedIn  
  • Save this article
  • Print this page  

You need to sign in to use this feature. If you don’t have an Insurance Post account, please register for a trial.

Sign in
You are currently on corporate access.

To use this feature you will need an individual account. If you have one already please sign in.

Sign in.

Alternatively you can request an indvidual account here: