How the cyber insurance industry detects the next big attacks

Jenny Soubra, Allianz's US head of cyber, talked with TechRepublic about counterintelligence measures on the dark web and Yelp-style sites for rating ransomware.

How the insurance industry prepares for massive cyberattacks

TechRepublic's Dan Patterson talked with Jenny Soubra, US head of cyber for Allianz Global Corporate & Specialty, about how the cyber insurance industry detects and warns clients about rising threats. Here's their conversation:

Patterson: We see massive attacks all the time. That is the state of normal. Mura, WannaCry, and Petya in the last year or two. When you, as an insurance industry, look at these massive attacks, what do you see next, and not just for companies out there, but how do you prepare yourself to deal with the known unknowns? You know something massive is coming. You don't know what it is, and you don't necessarily know what the costs are, other than they might be massive. How do you prepare yourself and the industry for these massive cyber attacks?

Soubra: That's an interesting question. Well, what we have done is try to rely on counterintelligence measures. So, organizations that specialize in going on to the dark web, and being able to see some of this activity, and be able to identify when these large attacks are coming. There were organizations that knew that WannaCry was coming a month before it happened, and were able to notify their clients, get those patches out, take the mitigation measures, whatever they can do to try to become less exposed to the attack. Of course, this is not going to catch everything. That's really the magic of the dark web.

We're looking at robotic-hacking out there. It's no longer a single individual targeting an individual company with an attack. It's more of a scattershot approach, where it's like, okay, proof of concept: how many unpatched machines can we hit with this one thing? We have Yelp-like sites on the dark web, where people can actually go and see ratings for different types of ransomware. Is it a two-star ransomware? Does it get five stars? How effective is it? What is it used for? Kind of like this robotic hacking that's happening in the background. You don't need to be a big household name. We're seeing that, actually, it's much easier to hack small and mid-sized businesses, versus the large organizations. We have that piece of it, which can be slightly combated by the counterintelligence piece.

SEE: IT pro's guide to effective patch management (free PDF) (TechRepublic)

But, honestly, it's not able to catch everything; and so we are bracing ourselves, because we really don't know what's coming next. WannaCry, for an example, globally cost over $1.5 billion, and hit over 150 countries. These attacks are getting bigger and bigger, and in terms of the aggregation issue that could exist for the insurance industry, the risk is significant. Just trying to get out ahead of some of these trends through technology, through artificial intelligence, through counterintelligence, as well, is really something that we're looking at very closely and taking seriously.

Patterson: That's a fantastic lead in to the follow up, then. All right, what's coming next?

Seriously, though, when you do an analysis of the space, and you're able to at least see a little bit into the future, how does that change your interactions with, not just your clients, but your colleagues and others in this space. This not like an individual or a consumer buying car insurance, where it's a one off, or it's isolated. This, when we see massive cyber attacks, they have the potential to harm many people, governments included. So how do you interoperate with your colleagues and peers in the cyber insurance industry?

SEE: Security awareness and training policy (Tech Pro Research)

Soubra: You can't continue to do things the same way. This is completely unlike insurance, like property or casualty, that's been around for hundreds of years, where you are going to look at the same thing every time. What's your building made of? Do you have sprinklers in place? And be able to determine what your risk factor is just based on the normal things. This is not an area that has a lot of actuarial data. Cyber insurance, the way that we know it today, has really only been around for 15 years or so, depending on who you ask; 15 to 20 years. Being able to pivot, being able to make changes and be nimble, in terms of what the coverage is that we're offering, what services are that we're offering to mitigate risk, and being able to make those decisions quickly is really the key in operating in this space. Being able to respond to the new attacks, and then, of course, being able to tie what we're offering to new technology, as well, is critical for our survival.

Also see

cybersecurity command center protection cyber attack