The cyber security and insurance industries are focusing too much on products and neglecting the human factor that is at play in 95% of data breaches, a conference heard.
Casey Fleming, CEO of Blackops Partners, a US-based security consultancy, told Advisen’s Cyber Risk Insights Conference that online attacks had doubled from 2016 to 2017 and that one-third of attacks against companies were successful.
“In the cyber industry, we’re fighting a ghost,” he said.
“We’ve got the wrong focus on products. Products are only protecting companies 4%. 95% of breaches are human-involved”.
“We still need the products,” Fleming added. “We’ve got to master the big picture, we must know our adversaries”.
He described a new global competitive model characterised by “asymmetrical hybrid warfare”.
“It’s non-conventional warfare; the battlefield is in our companies, in our homes,” he warned, explaining that China, Russia, India, Iran, and North Korea were waging this warfare with the aim of changing the world order.
“Nation states are using the dark net as another means of penetrating our companies,” Fleming said.
One-third of the UK GDP is stolen each year, he claimed. He said the war is Asian in its design and its development, pointing the finger at the Chinese Communist Party as the main instigator, but also noting that Russia had upped its game recently.
“It is the Cold War on steroids because of the speed of the internet,” Fleming said. “The ultimate goal is to choke the economies.”
In the UK and the US, cyber security is looked at from an operational or tactical point of view, whereas “our adversaries have cyber security at the strategic level”, he said.
“The industry is very reactive-based, not proactive based at all,” he continued. “We’re looking through the wrong end of the telescope.”
He urged: “We’ve got to focus on the human factor, we’ve got to focus on our adversaries. Our industry is driven by products that provide less than 5% protection.”
He stressed that cyber attacks had doubled from 2016 to 2017 and that one-third of attacks against companies were successful. “It’s a business risk issue, it’s a human factor issue, it’s not an IT issue,” he insisted.
As corporate strategies need to be adapted to this cyber warfare, he urged risk managers to make their boardrooms aware of these risks and to “get the conversation started”.
To protect a company’s assets against cyber risks, he recommended the use of a VPN and the following recipe: “Identify the crown jewel of your company. Identify that information, limit access to it, keep that locked down.”
- Roundtable: Is a single customer view taking off in insurance?
- O’Connor replaces Fairchild at the helm of Broker Network
- Home insurance insurtech Buzzvault launches
- Stackhouse Poland makes fourth acquisition of the year
- CBL Corporation expected to be placed in liquidation, sees further delays to watershed meeting
- Ed unveils CEO Hearn’s replacement and plots Bermuda office
- Hyperion hires CFO to replace Oliver Corbett