Cyber Landscape Worsening for Insurers

The Australian insurance sector will struggle to stay on top of an increasingly hostile cyber terrain as threat actors, including state-backed gangs, step up their attacks on the financial services industry, according to IT security specialist BlackBerry.

BlackBerry says based on trends observed so far, it expects cyber criminals to focus on industry-specific attacks, especially targeting those seen as “susceptible”, which includes financial services providers like insurers.

While it has no Australian insurance-specific data, BlackBerry says the country is in the top 10 list of countries that experienced the most number of attempted cyber attacks in the 90-day period from September to November last year.

Australian clients using BlackBerry’s Cylance Endpoint Security Solutions accounted for about 4% of attempted hits, four spots below the US (65%).

During the 90-day period BlackBerry stopped about 62,000 unique attacks and threats, APAC Director of Engineering Jonathan Jackson says.

“And that equates to around about an attack every two minutes. So that is about 29 per hour. Australia is also in the top five attack countries in the world,” he told today.

“Heading into February we stopped cyber attacks every single day. And you know, in the last 18 minutes that we’ve been speaking together, we’ve stopped nine in Australia.”

He says the reality of the cyber threat landscape in Australia as well as globally is that it’s very difficult to keep up with the criminals.

“It’s a continuous battle that we face every day for defence and prevention,” Jackson said. “Australia is definitely a target for cyber criminals as well as nation state threat actors. So yes the insurance industry is a target.”

He says cyber criminals as well as nation state actors and threat groups are very good at exploiting vulnerabilities, yet it is no easy task to defend against them.

Cyber criminals are very quick to be able to pivot their attacks, including automation and evasive techniques, he says.

“And keeping up to date with that is a challenge for time poor organisations, including insurers.”

He says the insurance industry needs to take a deep look at where those vulnerabilities might lie.

“And they need to be across everything, they need to be across the people, across the networks, across their assets and how people are gaining access to the information,” he said.

“I don’t think there’s any system out there which can provide 100% prevention or protection, but there are specific measures that you can implement – including the use of AI, Machine Learning and getting access to real-time threat intelligence – to be able to make that as close to 100% as possible. It’s definitely a challenge.”