Proactive cyber: Preventing a claim before it happens
Cyber protection has evolved considerably over the years, from a defensive strategy to what has become an offensive strategy.
Cyber insurance used to be a promise to pay out a claim, attendees heard Thursday at the CFC Summit 2024 in Toronto. Now, it’s a promise to protect a client without the client needing to install new technology.
Proactive cyber is the ability to detect and stop an event before it occurs. The fundamental objective is stopping claims, Jason Hart, CFC’s head of Proactive Insurance said during the summit, which brought together hundreds of brokers, mainly from Canada but also from the United States and other countries.
“What if I can tell you that we can detect if ransomware has been deployed within an organization and is yet to be activated?” Hart says. “We do that.
“What if I can tell you that we can detect if an organization has been prone to a phishing attack where the threat actor has been able to compromise the username and password, but has yet to use it?” Hart asks. “That’s what we’re doing in real time…and all of this is without the ability or the need for the insured to install technology.”
To do this, Hart’s organization gathers intelligence data, public data and proprietary data collected over 20 years. Using massive computing power and CFC’s enhanced algorithms, it can distill an accurate profile of the business in question and stitch it all together in real time, Hart explains. For a typical business, this means processing about 208,000 data points within 10 milliseconds, which Hart says is unique within the market.
“In real time, we are identifying every single piece of technology that is connected to the internet that has a relationship with the insured,” he says, adding there are 50 million devices connected to the internet and the quote could involve any of the 500 million business across the globe. Using the organization’s domain name, CFC then pre-populates the business’s information.
The proactive service takes into account situational awareness and trends that will form the likelihood or probability of an attack. “Not every threat or risk is going to translate into an event occurring,” Hart says. “The proactive service is continually looking at risks and threats across people, technology and process, and assessing the trends and the patterns’ likelihood of an attack happening.
“This enables the identification of the risks or threat that could potentially be exploited or will be exploited by the threat actor.”
As an example, CFC had real-time visibility of command-and-control infrastructure where a brain injury clinic had been infected with ransomware. Luckily, the ransomware hadn’t been activated yet. “I can assure you if it would have been activated, lives would have been at risk,” Hart says, adding the incident response team was able to eradicate the ransomware.
In another case, data identified a manufacturing business had been compromised, including a CEO’s password, username, and one-time password. “We knew exactly when they were going to attack the manufacturing business,” Hart says. “Proactive service kicked in, and we informed the insured an event was going to occur and we took them on a journey to remove the appropriate risks to prevent the attacker from targetting.”
Any business can be a target. Hart reports CFC itself has been targetted 4.5 million times since the beginning of the year. “Those threat actors have been trying to target key individuals, new senior stakeholders, processes and technology,” he says. “But of course, they were unsuccessful.
“Four-and-a-half million times is not unique to CFC, and it’s typical for any modern business.”
Feature image by iStock.com/phuttaphat tipsana