Getting the basics right will help improve an organization's cybersecurity posture, a former Canadian Security Intelligence Service (CSIS) intelligence officer said at an industry event on Thursday.
“Three fundamental strategies – mitigation, isolation and positive controls – will better protect Canadian P&C insurance organizations and their customers,” said Andrew Kirsch, cybersecurity expert and founder of Canadian security consulting services firm Kirsch Group. It will be helpful.”
reduce
Mitigation measures aim to lower the surface of the threat, Kirsch said in his keynote address. Cybersecurity: Securing the digital frontier. he spoke At the Center for the Study of Insurance Operations (CSIO) 2024 Membership Meeting and Reception in Toronto.
“Reduce the amount of information about you that is available against you,” Kirsch said. “His Facebook friends and his LinkedIn contacts will be private.
“Don't hold on to information you don't need to hold on to.”
Kirsch said he's been told, “The worst thing that ever happened to me was cheap storage.” Think about how much we obsess about things. Something dangerous will happen. ”
another
Data breaches will continue to occur, Kirsch said, but we can't allow them to spill over into our lives and across our organizations.
For example, consider using a “travel cell phone” while traveling and wiping your phone when you return from a high-risk country.
positive control
“I tell people, 'Don't write anything in email or on social media that you would put on a postcard and send to your neighbor, your mother, your boss, your grandmother,'” Kirsch says. “Once you send out information and put it online, it's out of your control.”
It's important to get the basics right, like complex new passwords, multi-factor authentication, and backups that aren't in the same location as everything else.
Kirsch recounted an episode in which she told someone not to leave her car keys in a bag by the front window. “They said, 'That seems like pretty basic security advice,' and I said, 'If you stop giving it, I'll stop giving it to you.'
hack wednesday
He told attendees they may have heard of “Patch Tuesday,” when companies release software patches for security vulnerabilities. “And of course, what does that bring? Let's hack it on Wednesday, because all the hackers will reverse engineer what the patch was. They know it's a vulnerability and You can exploit that.”
Kirsch said people are often proud of having cyber insurance and will tell you how much they are covered. “I say, 'The only number you have is your phone number.'
“If something happens, who do you call? [that contact information] It doesn't work from my screen. I lost all my data because of $2 million. [in cyber coverage].that [backing up of data] It's insurance. That's the plan and that's what you need.
“So, if something goes wrong, who do I call?'' “Well, my IT guy.'' That person might not be the right person. ”
Additionally, as cyber-attacks become increasingly sophisticated, it is important for organizations to properly operate cybersecurity. “We are all access points to everyone around us, and we are made vulnerable by the least sophisticated people we connect to.”
Featured image (courtesy of iStock.com/filo)
