Can machine learning save the insurance industry from cyberattacks?


Akamai, the global technology company headquartered in Boston, believes artificial intelligence can save the industry from this systemic threat.

The company, whose name means “smart” in Hawaiian, is one of the world’s largest cloud delivery and cybersecurity platforms, or content delivery networks (CDNs).

“When you think about it, it really is an arms race. So the smarter the attackers, the smarter the defenders have to be, and the defenders want to be a step or two ahead of the attackers at all times, ”said Richmond.

Read more : AIG explains its Cyber ​​Risk Handbook

Akamai monitors and tracks the behavior of malicious bots as they interact with its customers’ websites and uses what it calls Akamai Cloud Security Intelligence (CSI), a data processing engine, to analyze threats.

“What we’re seeing here at Akamai and other parts of the industry is automation, machine learning, artificial intelligence and, finally, third-party artificial intelligence, to make sure our capabilities have a head start, ”said Richmond.

He said this was important for combating bot trafficking, as these cyber threats use the same types of tools to launch attacks.

“Any attacker can really use these fundamental tools to launch attacks against an insurance company from within the country, from abroad, from both, which is sometimes very difficult to control, from inside your own network and so that these attacks become defensive. the mechanisms are triggered, ”he said.

He added that it is now very common for cybercriminals to change their attack pattern while their attack is in progress.

“So maybe they’re trying to kick your front door down while trying to jump out the side window at the same time.” As soon as you close the door and window, now they’re looking for windows upstairs and everywhere else. All of them are looking to disrupt your business, steal or both, hold you for ransom, all of those things, it’s awful! Richmond said.

Today’s cyber attacks can be as simple as automating a network of bots to find a website.

“So they have 100,000 machines all putting one web address and pressing OK at the same time and if the architecture is not ready for that it will cause serious operational problems. The website could fail or strangle other things, ”said Richmond.

Attackers also use smarter bots that can exploit stolen information. These smarter bots steal the credentials when a user logs in and then use that information elsewhere.

“If LinkedIn is hacked, and it’s hacked a lot, then attackers can use their bot network to pretend they’re me, for example, and throw my username and password on the website.” from an insurance company and log in under my name. There’s all the details of my wife and kids, there’s my medical history, there’s my credit card number, ”said Richmond.

The more authentication criteria bots accumulate, the more damage they can potentially cause.

“They can go and try to connect to other places or pretend they’re me and launder money and do all kinds of horrible things,” he explained.

He believes the best cyber defenses for the insurance industry should be based on machine learning and automation, combined with global experience in tackling similar threats.

“It can only put you in the best possible position to stand in front of your customers and reassure them that everything will be fine,” he said.

Richmond said that, compared to other sectors, the insurance industry’s natural risk aversion culture and regulatory obligations are positive starting points for competent cyber defense.

He said the government’s Security Law Amendment (Critical Infrastructure) Bill 2020 presented to Parliament in December last year, global privacy obligations and regulatory responsibilities under the Australian Prudential Regulation Authority (APRA) are all pushing the insurance industry towards more cybersecurity.

“These three factors put the insurance industry in a much more mature and rigorous security posture,” said Richmond.

However, he said, the big challenge for the industry is its legacy technology and the low rate of adoption of new technologies.

“Because the insurance industry is conservative – it wasn’t the first industry to go into the cloud, it wasn’t the industry to open up like the guys in the bank did or commerce – industry is a follower of a less traditional architectural strategy. , “he noted.

Then listen: Cyberinsurance – the latest trends and how brokers can move forward

Richmond said this can make insurance companies easy targets for cyber attacks. The industry’s attempt to protect itself, he said, should incorporate a defense system based on what is called a zero trust model.

“We can no longer all be sitting in the castle just accessing our desktop,” he said. “So what the idea of ​​zero trust means is that no matter where you are, or what device you use, however how you choose to log in, authentication is carried out one by one. “

Richmond said the pandemic-inspired remote working era, when employees use different devices across a range of networks, in the office, at home and elsewhere, is pushing the insurance industry towards this style of protection.

“So no one is a castle anymore. Now you need to protect your external websites and apps, as well as your internal apps. It’s a fascinating evolution of security in large companies, especially in the insurance industry, ”he said.

Akamai has a considerable pedigree when it comes to cybersecurity. Current co-founder and CEO Dr Tom Leighton is considered one of the world’s foremost authorities on algorithms for network applications and cybersecurity. The Massachusetts Institute of Technology (MIT) professor was the company’s chief scientist before becoming CEO.

Co-founder Daniel Lewin, also an MIT alumnus, was considered a math genius. Tragically, he died at the age of 31 in the attacks of September 11, 2001.


Leave A Reply