SlideShare une entreprise Scribd logo

Data Security in the Insurance Industry: what you need to know about data protection and cybersecurity

XeniT Solutions nv
XeniT Solutions nv

With the amount of personal and sensitive customer information needed to accurately ensure a client, it’s no wonder the Insurance industry is a target for data security threats. While all businesses across every industry are at risk, there are a few things that make the insurance industry particularly attractive – and susceptible – to data breaches and cyber-attacks. - The sheer volume of information available - The highly sensitive nature of the information - Large amounts of unstructured data In this webinar, our speakers illustrated the state of art, including the technical and legal framework, to protect your most relevant information from cyberattacks. You will learn: - How to define a roadmap that optimizes the impact of cyber security expenditure - How to adopt a general risk management approach to identify Cyber security risks - What are the most relevant technologies available today to protect your data

Business
1  sur  94
Télécharger pour lire hors ligne
Data Security in the Insurance Industry March 15, 2022
Ground rules
Business Development Manager @Xenit Speakers Francois Collienne Chief Risk Officer @ ERGO Insurance Tim Wouters Associate Professor at the Department of Computer Science @ KU Leuven Vincent Naessens Principal Cybersecurity Consultant and BU Director @ Tereon Siebe de Roovere
What you need to know about data protection and cybersecurity • KU Leuven | Unlocking the potential of digital data • Tereon | Security for Insurance, related archives & content • Ergo | Cyber security for Insurance companies: risks and regulatory expectations • Xenit | How to archive, preserve, retrieve your information • Q&A • Wrap up and conclusions With the amount of personal and sensitive customer information needed to accurately ensure a client, it’s no wonder the Insurance industry is a target for data security threats. While all businesses across every industry are at risk, there are a few things that make the insurance industry particularly attractive – and susceptible – to data breaches and cyber-attacks. • The sheer volume of information available • The highly sensitive nature of the information • Large amounts of unstructured data Agenda
Vincent Naessens Unlocking the potential of digital data
Unlocking the potential of digital data Vincent Naessens
Digital Data is the new gold › Digitization (first wave) Personnel management Customer data Maintaining inventories › Advanced decision making (second wave) recommendations Predictions Strategic decisions 7
Improving business intelligence › Increasing data collection Fine-grained data collection Integrating multiple data sources › Increasing processing power Machine learning and AI technology Optimization algorithms 8
Integrating external data sources 9 › Crime control Goal: optimal allocation of police forces Combining governmental and financial data Personal + company data › Health, activity and lifestyle Goal: improving lifestyle Health, food and activity tracking Sensitive personal data
Controlled release of sensitive data › Why controlled release? Compliance with privacy regulation Economic loss Reputation damage › How controlled release?
Techniques for controlled release 11
Techniques for controlled release › User control Data minimization Local differential privacy 12
Techniques for controlled release › User control Data minimization Local differential privacy › Controlled query handling (pull) Query perturbation Restricted query handling Differential privacy à privacy budget 13
Controlled dataset transfer › User control Data minimization Local differential privacy › Controlled query handling (pull) Query perturbation Restricted query handling Differential privacy à privacy budget › Controlled release of datasets (push) 14
Controlled dataset transfer › Pseudonymization Replacing fields with pseudonyms Reversible › Anonymization Stripping elements Generalization, swapping, noise, … Irreversible 15
Emerging challenges
› The privacy ó utility balance › Outsourcing › Evolving attack(er)s › Every increasing complexity
18 › The privacy ó utility balance › Outsourcing › Evolving attack(er)s › Every increasing complexity
The privacy ó utility balance 19
› The privacy ó utility balance › Outsourcing › Evolving attack(er)s › Every increasing complexity
Outsourcing 21
Outsourcing 22
Outsourcing 23 Trusted Third Party Honest-but-Curious Service Provider
Outsourcing :: Software Development › Synthetic (~fake) data testing of software/scripts without privacy risks with similar statistical properties › Format-preserving encryption avoiding identifying data in test environments preserving structure/format of original data 24
Outsourcing :: Storage › Encrypted (distributed) storage Securing decryption keys › Attribute based encryption Role-based access control Limited flexibility 25
Outsourcing :: Processing › Trusted Execution Environments (TEE) TEE isolates data and code from OS Trust required in TEE vendor › Encrypted processing Fully homomorphic encryption Static set-up / simple operations 26
› The privacy ó utility balance › Outsourcing › Evolving attack(er)s › Every increasing complexity
Evolving Attacks › Attack vectors Data in Transit à secure communication channels Data in Rest Data during computation › Attacks on publicly available datasets The Prosecutor à targeting a specific induvial in dataset The Journalist à targeting any individual The Marketeer à re-identifying a large number of IDs 28
› The privacy ó utility balance › Outsourcing › Evolving attack(er)s › Every increasing complexity 29
Multiple data controllers › Federated computing › (Fully) homomorphic encryption › Oblivious join › Secure multiparty computation
Conclusions › Protection is important during the whole data lifecycle collection – storage – processing - release privacy-by-design › Apply realistic trust assumptions Apply realistic attacker models Honest-but-curious third parties › Embrace innovative software technologies Statistical methods - AI - ML Cryptographic technologies 31
Siebe de Roovere Security for Insurance, related archives and content
w YOUR COACH IN DIGITAL SECURITY w Security for Insurance, related archives and content.
w About Me & Toreon • Principal GRC consultant @ Toreon • Business Unit Director @ Toreon • Studied (Applied) Economics • 8+ years of Security Experience • Certified ISO27001 LA • Certified DPO • Lecturer @ Data Protection Institute, NCOI, Kluwer
Cyber Threats Massive data losses, theft of intellectual property, credit card breaches, identity theft, threats to our privacy, denial of service, ... This has become a way of life for all of us in cyberspace. Trust & Compliance Ever-growing landscape of Cybersecurity/Privacy laws, regulations & standards: ISO27k, NIST, CIS, GDPR, NIS, FDA Rulings, …. The Bad News
Cyber Threats Massive data losses, theft of intellectual property, credit card breaches, identity theft, threats to our privacy, denial of service, ... This has become a way of life for all of us in cyberspace. Trust & Compliance Ever-growing landscape of Cybersecurity/Privacy laws, regulations & standards: ISO27k, NIST, CIS, GDPR, NIS, FDA Rulings, …. The Bad News Negative: More Threats, Organized Threats Positive: Hackers have a Business mindset > We know how to compete in business!
Cyber Threats Massive data losses, theft of intellectual property, credit card breaches, identity theft, threats to our privacy, denial of service, ... This has become a way of life for all of us in cyberspace. Trust & Compliance Ever-growing landscape of Cybersecurity/Privacy laws, regulations & standards: ISO27k, NIST, CIS, GDPR, NIS, FDA Rulings, …. The Bad News Source: https://www.eiopa.europa.eu/document-library/report/cyber-risk-insurers-challenges-and-opportunities_en Sector Specific: Top Risks for Insurance Companies
Ransomware België - Painfull Facts • 30% heeft een jaar later nog steeds niet alle data kunnen herstellen • 10% krijgt effectief alle data terug na betalen. • 60% wordt binnen het jaar terug aangevallen. • Sector aanvallen worden de standaard!
Cyber Threats Massive data losses, theft of intellectual property, credit card breaches, identity theft, threats to our privacy, denial of service, ... This has become a way of life for all of us in cyberspace. Trust & Compliance Ever-growing landscape of Cybersecurity/Privacy laws, regulations & standards: ISO27k, NIST, CIS, GDPR, NIS, FDA Rulings, …. The Bad News Cyber Defense • We have access to an extraordinary array of security tools and technology, standards, training and classes, certifications, vulnerability databases, guidance, best practices, catalogs of security controls, and countless checklists, benchmarks, and recommendations. • We have threat information feeds, reports, tools, alert services, standards, and threat sharing frameworks. • We are surrounded by security requirements, risk management frameworks, compliance regimes, regulatory mandates, and so forth. There is no shortage of information available to security practitioners on what they should do to secure their infrastructure. The Good News
Cyber Threats Massive data losses, theft of intellectual property, credit card breaches, identity theft, threats to our privacy, denial of service, ... This has become a way of life for all of us in cyberspace. Trust & Compliance Ever-growing landscape of Cybersecurity/Privacy laws, regulations & standards: ISO27k, NIST, CIS, GDPR, NIS, FDA Rulings, …. The Bad News Cyber Defense • We have access to an extraordinary array of security tools and technology, standards, training and classes, certifications, vulnerability databases, guidance, best practices, catalogs of security controls, and countless checklists, benchmarks, and recommendations. • We have threat information feeds, reports, tools, alert services, standards, and threat sharing frameworks. • We are surrounded by security requirements, risk management frameworks, compliance regimes, regulatory mandates, and so forth. There is no shortage of information available to security practitioners on what they should do to secure their infrastructure. The Good News The Ugly Challenge The “Fog of More” • Define what risk should be addressed? • How to prioritise security spending? • Which actions have the greatest value?
Cloud Security Data Security
Voorkomen? 7 quick wins + 1 slow win 43
1. Backup Offline backups Check cloud setup Testen!
2. Kritieke updates Malware gebruikt bekende zwakheden
3. Antivirus Yep, good old antivirus
4. Isoleer oude systemen Firewalling, air-gap, …
5. Minimaliseer admins ‘least privilege’ Geen locale admin rechten Tools zoals LAPS, password vaults…
6. Check Cloud setup Multi-factor authentication!! Zet alle toeters en bellen aan: logging, threat protection,…
Zero Trust
7. External penetration test Laat je internet kant checken Pas op wat je blootstelt aan internet Gebruik VPNs, firewalls
En wat nog? s Awareness: 80% = gebruikersfout Continue verbetering
Siebe De Roovere Security Consultant +32 473 42 03 95 Siebe.DeRoovere@toreon.com www.linkedin.com/company/toreon Toreon Grotehondstraat 44/1 2018 Antwerpen, Belgium www.toreon.com @Toreon_BE Keep in touch!
Tim Wouters Cyber security risks for Insurance companies
Cyber security risks for insurance companies March 2022 – Tim Wouters Public
Public Cyber security risks can be identified via a general risk management approach Measure Control Monitor Report Identify Cyber security risks for insurance companies - Tim Wouters 57
Public Risk Identification Cyber security risks for insurance companies - Tim Wouters Risk sources Data at hand • Company specific information • Policyholder basic information − name, address, … • Risk insured: − house, family − medical profile − salary information • Claim information • Mainly Operational risks − Failed processes / human errors. − Restrictions from GDPR − Cyber events With a lot of possible impact on reputation. Specific attention for cloud • Strategic risks from legacy systems • Sustainability related risks 58
Public Cyber security risks can be identified via a general risk management approach Measure Control Monitor Report Identify Cyber security risks for insurance companies - Tim Wouters 59
Public Measuring the risks via likelihood and impact Cyber security risks for insurance companies - Tim Wouters Potential impact Likelihood • Loss of data • Financial loss • Business continuity Or worse • Loss of reputation • Depends on set-up − Type of data − Exposure to internet − Cloud − Automation of processes − Legacy systems − Teleworking • Can be measured with tools, audits, … 60
Public From Black Swans to Gray Rhinos Cyber security risks for insurance companies - Tim Wouters 61 Hardly any risk Black Swan Mitigated in processes / pricing Gray Rhinos
Public Cyber security risks can be identified via a general risk management approach Measure Control Monitor Report Identify Cyber security risks for insurance companies - Tim Wouters 62
Public Controlling the risks Cyber security risks for insurance companies - Tim Wouters Bring down undesired levels E.g. • Patching • Hardening Defining a risk appetite • Board level expression • What can (not) be tolerated? Drill down to specific KPIs E.g. • Number of cyber attacks • Reputational events Put governance in place • Incident process with clear responsibilities • SIRT, ISO, … If needed, apply for risk transfer or acceptance • Cyber insurance • Deliberately accept the risk Ensure measuring can be executed • Can require tools (SIEM, pentesting). • Put processes in place Controlling the risk exposure 63
Public Cyber security risks can be identified via a general risk management approach Measure Control Monitor Report Identify Cyber security risks for insurance companies - Tim Wouters 64
Public Regularly monitoring the exposure based on defined KPIs Cyber security risks for insurance companies - Tim Wouters 65 • Recurrent execution of the KPIs (e.g. number of cyber attacks, required patches, access management, reputational risk, …) • Of own company and third parties. • Where needed, taking actions to bring them in line with the risk appetite, via additional measures or ensuring that predefined processes are being carried out. • Includes creating cyber risk awareness.
Public Cyber security risks can be identified via a general risk management approach Measure Control Monitor Report Identify Cyber security risks for insurance companies - Tim Wouters 66
Public Reporting to create top management awareness Cyber security risks for insurance companies - Tim Wouters 67 • Involving in risk management strategy as end responsible. • Regularly reporting monitoring results to top management. • Allowing for steering and support. • Creating awareness. Can also involve situation exercises.
Public Cyber security risks can be identified via a general risk management approach Measure Control Monitor Report Identify Cyber security risks for insurance companies - Tim Wouters 68 Legislation
Public Financial sector is heavily regulated Cyber security risks for insurance companies - Tim Wouters Governance requirements NBB circular on governance NBB_2016_31 NBB circular on information security NBB_2021_15 Outsourcing requirements Strong requirements regarding outsourcing (to ensure to stay in control) Cloud computing Specific NBB circular regarding cloud computing requirements GDPR Privacy requirements impacting data set- up and treatment. Anti Money Laundering and Financial Sanctions Heavy data requirements to ensure compliance with laws Business Continuity Requirements Ensuring to stay up and running through crises 69
Public Cyber security risks can be identified via a general risk management approach Measure Control Monitor Report Identify Cyber security risks for insurance companies - Tim Wouters 70 Legislation
François Collienne Cybersecurity for digital assets in the Insurance Industry
About Xenit Back in 2008…What were the issues in the Insurance Industry? • Merger and Acquisition • Centralization of Digital Archives • Modernization – Cost control Those issues were not Cybersecurity related • Not the main driver • ISO 27001 Certifications • OWASP Top 10 • Security by design -> Object storage
Where do we stand today? 5 Customers in Insurance 300+ M documents 1/3 of revenues come from the Insurance Industry Long Lasting Relationship 50% increased documents stored in the archives in 5 years
Our recipe to secure Insurance related archives • Internal breaches (80%) versus external (20%) • Password protections • VLANs separations • Security logs / access logs 1. Zero Trust
Our recipe to secure Insurance related archives • We are always (at least) one step behind of an hacker • Ex. SLR Amazon S3 : 99,9999999999 durability • To achieve close to zero risks, you need at least 2 different technologies (3-2-1 rule) 2. Zero Risk does not exist
Our recipe to secure Insurance related archives • On premise Object Storage Pioneer in 2007 • High level of protection at rest • High availability with replicas/erasure coding • Lifecycle management • Encryption 3. Security by design
Object Storage for data protection Safeguard Data from attacks, failures, and mistakes Ransomware Protection Continuous Self-Healing Secure Access Disaster Recovery High Availability Alternative to tape & cloud
The present and the future How does the future look like for Archives ? • Acceleration of digital business -> More documents created -> More documents to archive • General purpose ECM are not scalable to become Digital Archive • Archives are an interesting target for Hackers (contains a footprint of the whole organization activity) What are the cyber risks associated with a future archive? • Sensitive information leakage • Personal information leakage Which one are the main threats for insurance companies? • Business Continuity • Reputational • Legal
Top challenges and solutions
1. The limits of access control
The limit of access control
OWASP* Top 10 security threats More and More APIs in cloud architecture = widening access But ! Broken Access Control has moved to top place! (*) OWASP= The Open Web Application Security Project
The limits of access control • Poorly Agile • Static • Does not scale Companies that haven’t solved for access control are not only putting themselves at risk -- they are also suboptimizing every dollar of their cybersecurity spend - Richard Bird Risk : • Access Control is the barrier against internal exposure • Bad practice to use general user (portal user) • Admin account for troubleshooting should not have access to all content (least privilege)
Next generation access control ABAC (Attribute based access control) leading to PBAC (Policy based access control)
Next generation access control Benefits: • Fine grained protection : ex. Meta-data versus Content • Context aware dynamic access rules • Better traceability • Is testable Example: Dynamic rules • Allow all access from the Benelux (IP geofencing) between 7 and 21 H, for all documents having classification “external” and have a Non-Null name for customer • Report any access user Jean had on documents containing user Pierre, either in the content or the meta-data of the document
2. Metadata based archives
Metadata based archives FROM TRADITIONAL FOLDERS TO A MULTI FACETTED UNSTRUCTURED BUSINESS ARCHIVE
Metadata based archives 1. Metadata will be crucial • Because finding back information relies on it • Because Access Control needs it • Because new business initiatives will rely on it 2. Metadata completeness and correctness is the key 3. Governance
A.I. Metadata based archives
3. API Architecture & Security
API Architecture & Security Organizations with high traffic sites offering a wide range of services often feature a large number of third-party integrations. These integrations rely on APIs to collect data from third-parties and serve it up to the user in a seamless fashion APIs tend to be compromised in ways similar to breaches of other web applications, but because they are both increasingly important and hidden from view, they arguably represent a bigger risk to the business than other assets.
API Architecture & Security ü Use secure tokens ü Rotate keys ü Use up-to-date signing algorithm ü Make sure to use Fail safe/fail secure ü Use centralized open policy agent ü Avoid caches (or refresh frequently)
Layered Security CONTENT IN MOTION CONTENT SERVICE AT THE API END POINT SECURING AUTHENTICATION PROTECTING AUTHORISATION CONTENT AT REST
Contact Details Thank You Telephone: +32(0)16 891 800 Email: sales@xenit.eu

Recommandé

how we design privacy for smart city and tech
how we design privacy for smart city and techhow we design privacy for smart city and tech
how we design privacy for smart city and techMomokoImamura
 
Spotlight on Technology 2017
Spotlight on Technology 2017Spotlight on Technology 2017
Spotlight on Technology 2017Craig Devlin
 
Cyphra - Cyber Security
Cyphra - Cyber SecurityCyphra - Cyber Security
Cyphra - Cyber SecurityNICVA
 
Digital Age-Preparing Yourself
Digital Age-Preparing YourselfDigital Age-Preparing Yourself
Digital Age-Preparing Yourselfjkl0202
 
ICO Presentation - Data Protection
ICO Presentation - Data ProtectionICO Presentation - Data Protection
ICO Presentation - Data ProtectionNICVA
 
Digital security and the IT Department cw500 M Skilton May 22 2014 London v1
Digital security and the IT Department cw500 M Skilton May 22 2014 London v1Digital security and the IT Department cw500 M Skilton May 22 2014 London v1
Digital security and the IT Department cw500 M Skilton May 22 2014 London v1Mark Skilton
 
I4ADA 2019 - Presentation Accountability & cyber security & cyber peace
I4ADA 2019 - Presentation Accountability & cyber security & cyber peaceI4ADA 2019 - Presentation Accountability & cyber security & cyber peace
I4ADA 2019 - Presentation Accountability & cyber security & cyber peacePaul van Heel
 
Cybersecurity in the Era of IoT
Cybersecurity in the Era of IoTCybersecurity in the Era of IoT
Cybersecurity in the Era of IoTAmy Daly
 

Recommandé

how we design privacy for smart city and tech
how we design privacy for smart city and techhow we design privacy for smart city and tech
how we design privacy for smart city and techMomokoImamura
 
Spotlight on Technology 2017
Spotlight on Technology 2017Spotlight on Technology 2017
Spotlight on Technology 2017Craig Devlin
 
Cyphra - Cyber Security
Cyphra - Cyber SecurityCyphra - Cyber Security
Cyphra - Cyber SecurityNICVA
 
Digital Age-Preparing Yourself
Digital Age-Preparing YourselfDigital Age-Preparing Yourself
Digital Age-Preparing Yourselfjkl0202
 
ICO Presentation - Data Protection
ICO Presentation - Data ProtectionICO Presentation - Data Protection
ICO Presentation - Data ProtectionNICVA
 
Digital security and the IT Department cw500 M Skilton May 22 2014 London v1
Digital security and the IT Department cw500 M Skilton May 22 2014 London v1Digital security and the IT Department cw500 M Skilton May 22 2014 London v1
Digital security and the IT Department cw500 M Skilton May 22 2014 London v1Mark Skilton
 
I4ADA 2019 - Presentation Accountability & cyber security & cyber peace
I4ADA 2019 - Presentation Accountability & cyber security & cyber peaceI4ADA 2019 - Presentation Accountability & cyber security & cyber peace
I4ADA 2019 - Presentation Accountability & cyber security & cyber peacePaul van Heel
 
Cybersecurity in the Era of IoT
Cybersecurity in the Era of IoTCybersecurity in the Era of IoT
Cybersecurity in the Era of IoTAmy Daly
 
Commercial Real Estate - Cyber Risk 2020
Commercial Real Estate - Cyber Risk 2020Commercial Real Estate - Cyber Risk 2020
Commercial Real Estate - Cyber Risk 2020CBIZ, Inc.
 
Cybersecurity
CybersecurityCybersecurity
CybersecurityGlenn McKnight
 
Cyber War, Cyber Peace, Stones and Glass Houses
Cyber War, Cyber Peace, Stones and Glass HousesCyber War, Cyber Peace, Stones and Glass Houses
Cyber War, Cyber Peace, Stones and Glass HousesPaige Rasid
 
7 Important Cybersecurity Trends
7 Important Cybersecurity Trends7 Important Cybersecurity Trends
7 Important Cybersecurity TrendsMarco
 
Presentasi ftii intlcyberlaw
Presentasi ftii intlcyberlawPresentasi ftii intlcyberlaw
Presentasi ftii intlcyberlawftii
 
4.01 Cyber Conference_ press release5.13
4.01 Cyber Conference_ press release5.134.01 Cyber Conference_ press release5.13
4.01 Cyber Conference_ press release5.13Signals Defense, LLC
 
Nordic IT Security 2014 agenda
Nordic IT Security 2014 agendaNordic IT Security 2014 agenda
Nordic IT Security 2014 agendaCopperberg
 
Security economics
Security economicsSecurity economics
Security economicsYansi Keim
 
[Webinar Slides] Data Privacy Solving Negligence, Bad Practices, Access Contr...
[Webinar Slides] Data Privacy Solving Negligence, Bad Practices, Access Contr...[Webinar Slides] Data Privacy Solving Negligence, Bad Practices, Access Contr...
[Webinar Slides] Data Privacy Solving Negligence, Bad Practices, Access Contr...AIIM International
 
21stC Trends in FinTech Security - AI, Deep Learning & Blockchain
21stC Trends in FinTech Security - AI, Deep Learning & Blockchain21stC Trends in FinTech Security - AI, Deep Learning & Blockchain
21stC Trends in FinTech Security - AI, Deep Learning & BlockchainDr David Probert
 
Singapore Cybersecurity Strategy and Legislation (2018)
Singapore Cybersecurity Strategy and Legislation (2018)Singapore Cybersecurity Strategy and Legislation (2018)
Singapore Cybersecurity Strategy and Legislation (2018)Benjamin Ang
 
24/7 Intelligent Video Surveillance: Securing Your Business Data & Privacy
24/7 Intelligent Video Surveillance: Securing Your Business Data & Privacy24/7 Intelligent Video Surveillance: Securing Your Business Data & Privacy
24/7 Intelligent Video Surveillance: Securing Your Business Data & PrivacyDr David Probert
 
SMi Group's 6th annual European Smart Grid Cyber Security 2016
SMi Group's 6th annual European Smart Grid Cyber Security 2016SMi Group's 6th annual European Smart Grid Cyber Security 2016
SMi Group's 6th annual European Smart Grid Cyber Security 2016Dale Butler
 
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...IBM Security
 
What Is Digital Asset Security. What Are the Risks Associated With It.docx.pdf
What Is Digital Asset Security. What Are the Risks Associated With It.docx.pdfWhat Is Digital Asset Security. What Are the Risks Associated With It.docx.pdf
What Is Digital Asset Security. What Are the Risks Associated With It.docx.pdfSecureCurve
 
Gus Hunt's Work-Bench Enterprise Security Summit Keynote
Gus Hunt's Work-Bench Enterprise Security Summit KeynoteGus Hunt's Work-Bench Enterprise Security Summit Keynote
Gus Hunt's Work-Bench Enterprise Security Summit KeynoteWork-Bench
 
Cybersecurity and continuous intelligence
Cybersecurity and continuous intelligenceCybersecurity and continuous intelligence
Cybersecurity and continuous intelligenceNISIInstituut
 
The significance of the 7 Colors of Information Security
The significance of the 7 Colors of Information SecurityThe significance of the 7 Colors of Information Security
The significance of the 7 Colors of Information Securitylearntransformation0
 
Cyber Security Privacy Brochure 2015
Cyber Security Privacy Brochure 2015Cyber Security Privacy Brochure 2015
Cyber Security Privacy Brochure 2015sarah kabirat
 
Threat Ready Data: Protect Data from the Inside and the Outside
Threat Ready Data: Protect Data from the Inside and the OutsideThreat Ready Data: Protect Data from the Inside and the Outside
Threat Ready Data: Protect Data from the Inside and the OutsideDLT Solutions
 
Why Cyber Security Is Needed.pdf
Why Cyber Security Is Needed.pdfWhy Cyber Security Is Needed.pdf
Why Cyber Security Is Needed.pdfBytecode Security
 
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnovProtecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnovEric Vanderburg
 

Contenu connexe

Tendances

Commercial Real Estate - Cyber Risk 2020
Commercial Real Estate - Cyber Risk 2020Commercial Real Estate - Cyber Risk 2020
Commercial Real Estate - Cyber Risk 2020CBIZ, Inc.
 
Cyber War, Cyber Peace, Stones and Glass Houses
Cyber War, Cyber Peace, Stones and Glass HousesCyber War, Cyber Peace, Stones and Glass Houses
Cyber War, Cyber Peace, Stones and Glass HousesPaige Rasid
 
7 Important Cybersecurity Trends
7 Important Cybersecurity Trends7 Important Cybersecurity Trends
7 Important Cybersecurity TrendsMarco
 
Presentasi ftii intlcyberlaw
Presentasi ftii intlcyberlawPresentasi ftii intlcyberlaw
Presentasi ftii intlcyberlawftii
 
4.01 Cyber Conference_ press release5.13
4.01 Cyber Conference_ press release5.134.01 Cyber Conference_ press release5.13
4.01 Cyber Conference_ press release5.13Signals Defense, LLC
 
Nordic IT Security 2014 agenda
Nordic IT Security 2014 agendaNordic IT Security 2014 agenda
Nordic IT Security 2014 agendaCopperberg
 
Security economics
Security economicsSecurity economics
Security economicsYansi Keim
 
[Webinar Slides] Data Privacy Solving Negligence, Bad Practices, Access Contr...
[Webinar Slides] Data Privacy Solving Negligence, Bad Practices, Access Contr...[Webinar Slides] Data Privacy Solving Negligence, Bad Practices, Access Contr...
[Webinar Slides] Data Privacy Solving Negligence, Bad Practices, Access Contr...AIIM International
 
21stC Trends in FinTech Security - AI, Deep Learning & Blockchain
21stC Trends in FinTech Security - AI, Deep Learning & Blockchain21stC Trends in FinTech Security - AI, Deep Learning & Blockchain
21stC Trends in FinTech Security - AI, Deep Learning & BlockchainDr David Probert
 
Singapore Cybersecurity Strategy and Legislation (2018)
Singapore Cybersecurity Strategy and Legislation (2018)Singapore Cybersecurity Strategy and Legislation (2018)
Singapore Cybersecurity Strategy and Legislation (2018)Benjamin Ang
 
24/7 Intelligent Video Surveillance: Securing Your Business Data & Privacy
24/7 Intelligent Video Surveillance: Securing Your Business Data & Privacy24/7 Intelligent Video Surveillance: Securing Your Business Data & Privacy
24/7 Intelligent Video Surveillance: Securing Your Business Data & PrivacyDr David Probert
 
SMi Group's 6th annual European Smart Grid Cyber Security 2016
SMi Group's 6th annual European Smart Grid Cyber Security 2016SMi Group's 6th annual European Smart Grid Cyber Security 2016
SMi Group's 6th annual European Smart Grid Cyber Security 2016Dale Butler
 

Tendances (13)

Commercial Real Estate - Cyber Risk 2020
Commercial Real Estate - Cyber Risk 2020Commercial Real Estate - Cyber Risk 2020
Commercial Real Estate - Cyber Risk 2020
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 
Cyber War, Cyber Peace, Stones and Glass Houses
Cyber War, Cyber Peace, Stones and Glass HousesCyber War, Cyber Peace, Stones and Glass Houses
Cyber War, Cyber Peace, Stones and Glass Houses
 
7 Important Cybersecurity Trends
7 Important Cybersecurity Trends7 Important Cybersecurity Trends
7 Important Cybersecurity Trends
 
Presentasi ftii intlcyberlaw
Presentasi ftii intlcyberlawPresentasi ftii intlcyberlaw
Presentasi ftii intlcyberlaw
 
4.01 Cyber Conference_ press release5.13
4.01 Cyber Conference_ press release5.134.01 Cyber Conference_ press release5.13
4.01 Cyber Conference_ press release5.13
 
Nordic IT Security 2014 agenda
Nordic IT Security 2014 agendaNordic IT Security 2014 agenda
Nordic IT Security 2014 agenda
 
Security economics
Security economicsSecurity economics
Security economics
 
[Webinar Slides] Data Privacy Solving Negligence, Bad Practices, Access Contr...
[Webinar Slides] Data Privacy Solving Negligence, Bad Practices, Access Contr...[Webinar Slides] Data Privacy Solving Negligence, Bad Practices, Access Contr...
[Webinar Slides] Data Privacy Solving Negligence, Bad Practices, Access Contr...
 
21stC Trends in FinTech Security - AI, Deep Learning & Blockchain
21stC Trends in FinTech Security - AI, Deep Learning & Blockchain21stC Trends in FinTech Security - AI, Deep Learning & Blockchain
21stC Trends in FinTech Security - AI, Deep Learning & Blockchain
 
Singapore Cybersecurity Strategy and Legislation (2018)
Singapore Cybersecurity Strategy and Legislation (2018)Singapore Cybersecurity Strategy and Legislation (2018)
Singapore Cybersecurity Strategy and Legislation (2018)
 
24/7 Intelligent Video Surveillance: Securing Your Business Data & Privacy
24/7 Intelligent Video Surveillance: Securing Your Business Data & Privacy24/7 Intelligent Video Surveillance: Securing Your Business Data & Privacy
24/7 Intelligent Video Surveillance: Securing Your Business Data & Privacy
 
SMi Group's 6th annual European Smart Grid Cyber Security 2016
SMi Group's 6th annual European Smart Grid Cyber Security 2016SMi Group's 6th annual European Smart Grid Cyber Security 2016
SMi Group's 6th annual European Smart Grid Cyber Security 2016
 

Similaire à Data Security in the Insurance Industry: what you need to know about data protection and cybersecurity

Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...IBM Security
 
What Is Digital Asset Security. What Are the Risks Associated With It.docx.pdf
What Is Digital Asset Security. What Are the Risks Associated With It.docx.pdfWhat Is Digital Asset Security. What Are the Risks Associated With It.docx.pdf
What Is Digital Asset Security. What Are the Risks Associated With It.docx.pdfSecureCurve
 
Gus Hunt's Work-Bench Enterprise Security Summit Keynote
Gus Hunt's Work-Bench Enterprise Security Summit KeynoteGus Hunt's Work-Bench Enterprise Security Summit Keynote
Gus Hunt's Work-Bench Enterprise Security Summit KeynoteWork-Bench
 
Cybersecurity and continuous intelligence
Cybersecurity and continuous intelligenceCybersecurity and continuous intelligence
Cybersecurity and continuous intelligenceNISIInstituut
 
The significance of the 7 Colors of Information Security
The significance of the 7 Colors of Information SecurityThe significance of the 7 Colors of Information Security
The significance of the 7 Colors of Information Securitylearntransformation0
 
Cyber Security Privacy Brochure 2015
Cyber Security Privacy Brochure 2015Cyber Security Privacy Brochure 2015
Cyber Security Privacy Brochure 2015sarah kabirat
 
Threat Ready Data: Protect Data from the Inside and the Outside
Threat Ready Data: Protect Data from the Inside and the OutsideThreat Ready Data: Protect Data from the Inside and the Outside
Threat Ready Data: Protect Data from the Inside and the OutsideDLT Solutions
 
Why Cyber Security Is Needed.pdf
Why Cyber Security Is Needed.pdfWhy Cyber Security Is Needed.pdf
Why Cyber Security Is Needed.pdfBytecode Security
 
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnovProtecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnovEric Vanderburg
 
Trending it security threats in the public sector
Trending it security threats in the public sectorTrending it security threats in the public sector
Trending it security threats in the public sectorCore Security
 
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015Joe Bartolo
 
The Legal Case for Cybersecurity
The Legal Case for CybersecurityThe Legal Case for Cybersecurity
The Legal Case for CybersecurityShawn Tuma
 
Cybersecurity Threats - NI Business Continuity Forum
Cybersecurity Threats - NI Business Continuity ForumCybersecurity Threats - NI Business Continuity Forum
Cybersecurity Threats - NI Business Continuity ForumDavid Crozier
 
2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization
2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization
2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your OrganizationRaffa Learning Community
 
2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurityMatthew Rosenquist
 
Symantec 2011 State of Security Survey Global Findings
Symantec 2011 State of Security Survey Global FindingsSymantec 2011 State of Security Survey Global Findings
Symantec 2011 State of Security Survey Global FindingsSymantec
 
ISO27k Awareness presentation v2.pptx
ISO27k Awareness presentation v2.pptxISO27k Awareness presentation v2.pptx
ISO27k Awareness presentation v2.pptxNapoleon NV
 
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)Andris Soroka
 
Meeting the cyber risk challenge
Meeting the cyber risk challengeMeeting the cyber risk challenge
Meeting the cyber risk challengeFERMA
 

Similaire à Data Security in the Insurance Industry: what you need to know about data protection and cybersecurity (20)

Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...
 
What Is Digital Asset Security. What Are the Risks Associated With It.docx.pdf
What Is Digital Asset Security. What Are the Risks Associated With It.docx.pdfWhat Is Digital Asset Security. What Are the Risks Associated With It.docx.pdf
What Is Digital Asset Security. What Are the Risks Associated With It.docx.pdf
 
Gus Hunt's Work-Bench Enterprise Security Summit Keynote
Gus Hunt's Work-Bench Enterprise Security Summit KeynoteGus Hunt's Work-Bench Enterprise Security Summit Keynote
Gus Hunt's Work-Bench Enterprise Security Summit Keynote
 
Cybersecurity and continuous intelligence
Cybersecurity and continuous intelligenceCybersecurity and continuous intelligence
Cybersecurity and continuous intelligence
 
The significance of the 7 Colors of Information Security
The significance of the 7 Colors of Information SecurityThe significance of the 7 Colors of Information Security
The significance of the 7 Colors of Information Security
 
Cyber Security Privacy Brochure 2015
Cyber Security Privacy Brochure 2015Cyber Security Privacy Brochure 2015
Cyber Security Privacy Brochure 2015
 
Threat Ready Data: Protect Data from the Inside and the Outside
Threat Ready Data: Protect Data from the Inside and the OutsideThreat Ready Data: Protect Data from the Inside and the Outside
Threat Ready Data: Protect Data from the Inside and the Outside
 
Why Cyber Security Is Needed.pdf
Why Cyber Security Is Needed.pdfWhy Cyber Security Is Needed.pdf
Why Cyber Security Is Needed.pdf
 
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnovProtecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
 
Trending it security threats in the public sector
Trending it security threats in the public sectorTrending it security threats in the public sector
Trending it security threats in the public sector
 
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015
 
Information security
Information securityInformation security
Information security
 
The Legal Case for Cybersecurity
The Legal Case for CybersecurityThe Legal Case for Cybersecurity
The Legal Case for Cybersecurity
 
Cybersecurity Threats - NI Business Continuity Forum
Cybersecurity Threats - NI Business Continuity ForumCybersecurity Threats - NI Business Continuity Forum
Cybersecurity Threats - NI Business Continuity Forum
 
2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization
2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization
2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization
 
2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity
 
Symantec 2011 State of Security Survey Global Findings
Symantec 2011 State of Security Survey Global FindingsSymantec 2011 State of Security Survey Global Findings
Symantec 2011 State of Security Survey Global Findings
 
ISO27k Awareness presentation v2.pptx
ISO27k Awareness presentation v2.pptxISO27k Awareness presentation v2.pptx
ISO27k Awareness presentation v2.pptx
 
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
 
Meeting the cyber risk challenge
Meeting the cyber risk challengeMeeting the cyber risk challenge
Meeting the cyber risk challenge
 

Plus de XeniT Solutions nv

Driving full-scale productivity and collaboration with the Alfresco connector...
Driving full-scale productivity and collaboration with the Alfresco connector...Driving full-scale productivity and collaboration with the Alfresco connector...
Driving full-scale productivity and collaboration with the Alfresco connector...XeniT Solutions nv
 
How to solve your toughest performance issues in Alfresco
How to solve your toughest performance issues in AlfrescoHow to solve your toughest performance issues in Alfresco
How to solve your toughest performance issues in AlfrescoXeniT Solutions nv
 
How do you secure an electronic signature?
How do you secure an electronic signature?How do you secure an electronic signature?
How do you secure an electronic signature?XeniT Solutions nv
 
How to increase user's productivity with Alfred Desktop and Alfred Finder
How to increase user's productivity with Alfred Desktop and Alfred FinderHow to increase user's productivity with Alfred Desktop and Alfred Finder
How to increase user's productivity with Alfred Desktop and Alfred FinderXeniT Solutions nv
 
How to Scale Information Dissemination to the Virtual Digital Workspace
How to Scale Information Dissemination to the Virtual Digital WorkspaceHow to Scale Information Dissemination to the Virtual Digital Workspace
How to Scale Information Dissemination to the Virtual Digital WorkspaceXeniT Solutions nv
 
THE ALFRESCO FOUNDATION ARCHITECTURE FOR INTEGRATED FULL DIGITAL INSURANCE PR...
THE ALFRESCO FOUNDATION ARCHITECTURE FOR INTEGRATED FULL DIGITAL INSURANCE PR...THE ALFRESCO FOUNDATION ARCHITECTURE FOR INTEGRATED FULL DIGITAL INSURANCE PR...
THE ALFRESCO FOUNDATION ARCHITECTURE FOR INTEGRATED FULL DIGITAL INSURANCE PR...XeniT Solutions nv
 
Webinar | New release Alfred Desktop 3.7
Webinar | New release Alfred Desktop 3.7Webinar | New release Alfred Desktop 3.7
Webinar | New release Alfred Desktop 3.7XeniT Solutions nv
 
Webinar: How to turn Alfresco Digital Business Platform into a Managed Service
Webinar: How to turn Alfresco Digital Business Platform into a Managed ServiceWebinar: How to turn Alfresco Digital Business Platform into a Managed Service
Webinar: How to turn Alfresco Digital Business Platform into a Managed ServiceXeniT Solutions nv
 
Key points quality leaders should know about intelligent information manageme...
Key points quality leaders should know about intelligent information manageme...Key points quality leaders should know about intelligent information manageme...
Key points quality leaders should know about intelligent information manageme...XeniT Solutions nv
 
Decouple and simplify access to Alfresco with Alfred Edge - Webinar September...
Decouple and simplify access to Alfresco with Alfred Edge - Webinar September...Decouple and simplify access to Alfresco with Alfred Edge - Webinar September...
Decouple and simplify access to Alfresco with Alfred Edge - Webinar September...XeniT Solutions nv
 
Leuven European actuarial journal conference 20180911
Leuven European actuarial journal conference 20180911Leuven European actuarial journal conference 20180911
Leuven European actuarial journal conference 20180911XeniT Solutions nv
 
How to configure alfred desktop in your alfresco project in two days
How to configure alfred desktop in your alfresco project in two daysHow to configure alfred desktop in your alfresco project in two days
How to configure alfred desktop in your alfresco project in two daysXeniT Solutions nv
 
GDPR READY SOLUTION FOR UNSTRUCTURED DATA
GDPR READY SOLUTION FOR UNSTRUCTURED DATAGDPR READY SOLUTION FOR UNSTRUCTURED DATA
GDPR READY SOLUTION FOR UNSTRUCTURED DATAXeniT Solutions nv
 
REDUCING TOTAL COST OF OWNERSHIP AND INCREASING SCALABILITY WITH XENIT SOLUTI...
REDUCING TOTAL COST OF OWNERSHIP AND INCREASING SCALABILITY WITH XENIT SOLUTI...REDUCING TOTAL COST OF OWNERSHIP AND INCREASING SCALABILITY WITH XENIT SOLUTI...
REDUCING TOTAL COST OF OWNERSHIP AND INCREASING SCALABILITY WITH XENIT SOLUTI...XeniT Solutions nv
 
Introducing Alfred Desktop 3.6
Introducing Alfred Desktop 3.6 Introducing Alfred Desktop 3.6
Introducing Alfred Desktop 3.6 XeniT Solutions nv
 
How to implement gdpr in your document repository
How to implement gdpr in your document repository How to implement gdpr in your document repository
How to implement gdpr in your document repository XeniT Solutions nv
 
Introducing Alfred Finder 2.0
Introducing Alfred Finder 2.0 Introducing Alfred Finder 2.0
Introducing Alfred Finder 2.0 XeniT Solutions nv
 
20151201 swm elba_alfresco_user_day_wien
20151201 swm elba_alfresco_user_day_wien20151201 swm elba_alfresco_user_day_wien
20151201 swm elba_alfresco_user_day_wienXeniT Solutions nv
 
Usg people netherlands Alfresco User Day Amsterdam 3 dec 2015
Usg people netherlands Alfresco User Day Amsterdam 3 dec 2015Usg people netherlands Alfresco User Day Amsterdam 3 dec 2015
Usg people netherlands Alfresco User Day Amsterdam 3 dec 2015XeniT Solutions nv
 

Plus de XeniT Solutions nv (20)

Driving full-scale productivity and collaboration with the Alfresco connector...
Driving full-scale productivity and collaboration with the Alfresco connector...Driving full-scale productivity and collaboration with the Alfresco connector...
Driving full-scale productivity and collaboration with the Alfresco connector...
 
How to solve your toughest performance issues in Alfresco
How to solve your toughest performance issues in AlfrescoHow to solve your toughest performance issues in Alfresco
How to solve your toughest performance issues in Alfresco
 
How do you secure an electronic signature?
How do you secure an electronic signature?How do you secure an electronic signature?
How do you secure an electronic signature?
 
How to increase user's productivity with Alfred Desktop and Alfred Finder
How to increase user's productivity with Alfred Desktop and Alfred FinderHow to increase user's productivity with Alfred Desktop and Alfred Finder
How to increase user's productivity with Alfred Desktop and Alfred Finder
 
How to Scale Information Dissemination to the Virtual Digital Workspace
How to Scale Information Dissemination to the Virtual Digital WorkspaceHow to Scale Information Dissemination to the Virtual Digital Workspace
How to Scale Information Dissemination to the Virtual Digital Workspace
 
THE ALFRESCO FOUNDATION ARCHITECTURE FOR INTEGRATED FULL DIGITAL INSURANCE PR...
THE ALFRESCO FOUNDATION ARCHITECTURE FOR INTEGRATED FULL DIGITAL INSURANCE PR...THE ALFRESCO FOUNDATION ARCHITECTURE FOR INTEGRATED FULL DIGITAL INSURANCE PR...
THE ALFRESCO FOUNDATION ARCHITECTURE FOR INTEGRATED FULL DIGITAL INSURANCE PR...
 
Webinar | New release Alfred Desktop 3.7
Webinar | New release Alfred Desktop 3.7Webinar | New release Alfred Desktop 3.7
Webinar | New release Alfred Desktop 3.7
 
Webinar: How to turn Alfresco Digital Business Platform into a Managed Service
Webinar: How to turn Alfresco Digital Business Platform into a Managed ServiceWebinar: How to turn Alfresco Digital Business Platform into a Managed Service
Webinar: How to turn Alfresco Digital Business Platform into a Managed Service
 
Key points quality leaders should know about intelligent information manageme...
Key points quality leaders should know about intelligent information manageme...Key points quality leaders should know about intelligent information manageme...
Key points quality leaders should know about intelligent information manageme...
 
Decouple and simplify access to Alfresco with Alfred Edge - Webinar September...
Decouple and simplify access to Alfresco with Alfred Edge - Webinar September...Decouple and simplify access to Alfresco with Alfred Edge - Webinar September...
Decouple and simplify access to Alfresco with Alfred Edge - Webinar September...
 
Leuven European actuarial journal conference 20180911
Leuven European actuarial journal conference 20180911Leuven European actuarial journal conference 20180911
Leuven European actuarial journal conference 20180911
 
How to configure alfred desktop in your alfresco project in two days
How to configure alfred desktop in your alfresco project in two daysHow to configure alfred desktop in your alfresco project in two days
How to configure alfred desktop in your alfresco project in two days
 
Xenit diary dev con 2018
Xenit diary dev con 2018Xenit diary dev con 2018
Xenit diary dev con 2018
 
GDPR READY SOLUTION FOR UNSTRUCTURED DATA
GDPR READY SOLUTION FOR UNSTRUCTURED DATAGDPR READY SOLUTION FOR UNSTRUCTURED DATA
GDPR READY SOLUTION FOR UNSTRUCTURED DATA
 
REDUCING TOTAL COST OF OWNERSHIP AND INCREASING SCALABILITY WITH XENIT SOLUTI...
REDUCING TOTAL COST OF OWNERSHIP AND INCREASING SCALABILITY WITH XENIT SOLUTI...REDUCING TOTAL COST OF OWNERSHIP AND INCREASING SCALABILITY WITH XENIT SOLUTI...
REDUCING TOTAL COST OF OWNERSHIP AND INCREASING SCALABILITY WITH XENIT SOLUTI...
 
Introducing Alfred Desktop 3.6
Introducing Alfred Desktop 3.6 Introducing Alfred Desktop 3.6
Introducing Alfred Desktop 3.6
 
How to implement gdpr in your document repository
How to implement gdpr in your document repository How to implement gdpr in your document repository
How to implement gdpr in your document repository
 
Introducing Alfred Finder 2.0
Introducing Alfred Finder 2.0 Introducing Alfred Finder 2.0
Introducing Alfred Finder 2.0
 
20151201 swm elba_alfresco_user_day_wien
20151201 swm elba_alfresco_user_day_wien20151201 swm elba_alfresco_user_day_wien
20151201 swm elba_alfresco_user_day_wien
 
Usg people netherlands Alfresco User Day Amsterdam 3 dec 2015
Usg people netherlands Alfresco User Day Amsterdam 3 dec 2015Usg people netherlands Alfresco User Day Amsterdam 3 dec 2015
Usg people netherlands Alfresco User Day Amsterdam 3 dec 2015
 

Dernier

Darshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdfDarshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdfShashank Mehta
 
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deckPitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deckHajeJanKamps
 
Buy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail AccountsBuy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail AccountsBuy Verified Accounts
 
Fordham -How effective decision-making is within the IT department - Analysis...
Fordham -How effective decision-making is within the IT department - Analysis...Fordham -How effective decision-making is within the IT department - Analysis...
Fordham -How effective decision-making is within the IT department - Analysis...Peter Ward
 
Driving Business Impact for PMs with Jon Harmer
Driving Business Impact for PMs with Jon HarmerDriving Business Impact for PMs with Jon Harmer
Driving Business Impact for PMs with Jon HarmerAggregage
 
Innovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdfInnovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdfrichard876048
 
WSMM Technology February.March Newsletter_vF.pdf
WSMM Technology February.March Newsletter_vF.pdfWSMM Technology February.March Newsletter_vF.pdf
WSMM Technology February.March Newsletter_vF.pdfJamesConcepcion7
 
Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.Anamaria Contreras
 
Entrepreneurship lessons in Philippines
Entrepreneurship lessons in PhilippinesEntrepreneurship lessons in Philippines
Entrepreneurship lessons in PhilippinesDavidSamuel525586
 
Pitch Deck Teardown: Xpanceo's $40M Seed deck
Pitch Deck Teardown: Xpanceo's $40M Seed deckPitch Deck Teardown: Xpanceo's $40M Seed deck
Pitch Deck Teardown: Xpanceo's $40M Seed deckHajeJanKamps
 
How To Simplify Your Scheduling with AI Calendarfly The Hassle-Free Online Bo...
How To Simplify Your Scheduling with AI Calendarfly The Hassle-Free Online Bo...How To Simplify Your Scheduling with AI Calendarfly The Hassle-Free Online Bo...
How To Simplify Your Scheduling with AI Calendarfly The Hassle-Free Online Bo...SOFTTECHHUB
 
Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...
Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...
Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...ssuserf63bd7
 
Horngren’s Financial & Managerial Accounting, 7th edition by Miller-Nobles so...
Horngren’s Financial & Managerial Accounting, 7th edition by Miller-Nobles so...Horngren’s Financial & Managerial Accounting, 7th edition by Miller-Nobles so...
Horngren’s Financial & Managerial Accounting, 7th edition by Miller-Nobles so...ssuserf63bd7
 
Healthcare Feb. & Mar. Healthcare Newsletter
Healthcare Feb. & Mar. Healthcare NewsletterHealthcare Feb. & Mar. Healthcare Newsletter
Healthcare Feb. & Mar. Healthcare NewsletterJamesConcepcion7
 
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptx
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptxGo for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptx
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptxRakhi Bazaar
 
Supercharge Your eCommerce Stores-acowebs
Supercharge Your eCommerce Stores-acowebsSupercharge Your eCommerce Stores-acowebs
Supercharge Your eCommerce Stores-acowebsGOKUL JS
 
20200128 Ethical by Design - Whitepaper.pdf
20200128 Ethical by Design - Whitepaper.pdf20200128 Ethical by Design - Whitepaper.pdf
20200128 Ethical by Design - Whitepaper.pdfChris Skinner
 
Ten Organizational Design Models to align structure and operations to busines...
Ten Organizational Design Models to align structure and operations to busines...Ten Organizational Design Models to align structure and operations to busines...
Ten Organizational Design Models to align structure and operations to busines...Seta Wicaksana
 
trending-flavors-and-ingredients-in-salty-snacks-us-2024_Redacted-V2.pdf
trending-flavors-and-ingredients-in-salty-snacks-us-2024_Redacted-V2.pdftrending-flavors-and-ingredients-in-salty-snacks-us-2024_Redacted-V2.pdf
trending-flavors-and-ingredients-in-salty-snacks-us-2024_Redacted-V2.pdfMintel Group
 

Dernier (20)

Darshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdfDarshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdf
 
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deckPitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
 
Buy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail AccountsBuy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail Accounts
 
Fordham -How effective decision-making is within the IT department - Analysis...
Fordham -How effective decision-making is within the IT department - Analysis...Fordham -How effective decision-making is within the IT department - Analysis...
Fordham -How effective decision-making is within the IT department - Analysis...
 
Driving Business Impact for PMs with Jon Harmer
Driving Business Impact for PMs with Jon HarmerDriving Business Impact for PMs with Jon Harmer
Driving Business Impact for PMs with Jon Harmer
 
Innovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdfInnovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdf
 
WSMM Technology February.March Newsletter_vF.pdf
WSMM Technology February.March Newsletter_vF.pdfWSMM Technology February.March Newsletter_vF.pdf
WSMM Technology February.March Newsletter_vF.pdf
 
Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.
 
Entrepreneurship lessons in Philippines
Entrepreneurship lessons in PhilippinesEntrepreneurship lessons in Philippines
Entrepreneurship lessons in Philippines
 
Pitch Deck Teardown: Xpanceo's $40M Seed deck
Pitch Deck Teardown: Xpanceo's $40M Seed deckPitch Deck Teardown: Xpanceo's $40M Seed deck
Pitch Deck Teardown: Xpanceo's $40M Seed deck
 
How To Simplify Your Scheduling with AI Calendarfly The Hassle-Free Online Bo...
How To Simplify Your Scheduling with AI Calendarfly The Hassle-Free Online Bo...How To Simplify Your Scheduling with AI Calendarfly The Hassle-Free Online Bo...
How To Simplify Your Scheduling with AI Calendarfly The Hassle-Free Online Bo...
 
Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...
Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...
Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...
 
Horngren’s Financial & Managerial Accounting, 7th edition by Miller-Nobles so...
Horngren’s Financial & Managerial Accounting, 7th edition by Miller-Nobles so...Horngren’s Financial & Managerial Accounting, 7th edition by Miller-Nobles so...
Horngren’s Financial & Managerial Accounting, 7th edition by Miller-Nobles so...
 
Healthcare Feb. & Mar. Healthcare Newsletter
Healthcare Feb. & Mar. Healthcare NewsletterHealthcare Feb. & Mar. Healthcare Newsletter
Healthcare Feb. & Mar. Healthcare Newsletter
 
Japan IT Week 2024 Brochure by 47Billion (English)
Japan IT Week 2024 Brochure by 47Billion (English)Japan IT Week 2024 Brochure by 47Billion (English)
Japan IT Week 2024 Brochure by 47Billion (English)
 
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptx
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptxGo for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptx
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptx
 
Supercharge Your eCommerce Stores-acowebs
Supercharge Your eCommerce Stores-acowebsSupercharge Your eCommerce Stores-acowebs
Supercharge Your eCommerce Stores-acowebs
 
20200128 Ethical by Design - Whitepaper.pdf
20200128 Ethical by Design - Whitepaper.pdf20200128 Ethical by Design - Whitepaper.pdf
20200128 Ethical by Design - Whitepaper.pdf
 
Ten Organizational Design Models to align structure and operations to busines...
Ten Organizational Design Models to align structure and operations to busines...Ten Organizational Design Models to align structure and operations to busines...
Ten Organizational Design Models to align structure and operations to busines...
 
trending-flavors-and-ingredients-in-salty-snacks-us-2024_Redacted-V2.pdf
trending-flavors-and-ingredients-in-salty-snacks-us-2024_Redacted-V2.pdftrending-flavors-and-ingredients-in-salty-snacks-us-2024_Redacted-V2.pdf
trending-flavors-and-ingredients-in-salty-snacks-us-2024_Redacted-V2.pdf
 

Data Security in the Insurance Industry: what you need to know about data protection and cybersecurity

  • 3. Business Development Manager @Xenit Speakers Francois Collienne Chief Risk Officer @ ERGO Insurance Tim Wouters Associate Professor at the Department of Computer Science @ KU Leuven Vincent Naessens Principal Cybersecurity Consultant and BU Director @ Tereon Siebe de Roovere
  • 4. What you need to know about data protection and cybersecurity • KU Leuven | Unlocking the potential of digital data • Tereon | Security for Insurance, related archives & content • Ergo | Cyber security for Insurance companies: risks and regulatory expectations • Xenit | How to archive, preserve, retrieve your information • Q&A • Wrap up and conclusions With the amount of personal and sensitive customer information needed to accurately ensure a client, it’s no wonder the Insurance industry is a target for data security threats. While all businesses across every industry are at risk, there are a few things that make the insurance industry particularly attractive – and susceptible – to data breaches and cyber-attacks. • The sheer volume of information available • The highly sensitive nature of the information • Large amounts of unstructured data Agenda
  • 5. Vincent Naessens Unlocking the potential of digital data
  • 6. Unlocking the potential of digital data Vincent Naessens
  • 7. Digital Data is the new gold › Digitization (first wave) Personnel management Customer data Maintaining inventories › Advanced decision making (second wave) recommendations Predictions Strategic decisions 7
  • 8. Improving business intelligence › Increasing data collection Fine-grained data collection Integrating multiple data sources › Increasing processing power Machine learning and AI technology Optimization algorithms 8
  • 9. Integrating external data sources 9 › Crime control Goal: optimal allocation of police forces Combining governmental and financial data Personal + company data › Health, activity and lifestyle Goal: improving lifestyle Health, food and activity tracking Sensitive personal data
  • 10. Controlled release of sensitive data › Why controlled release? Compliance with privacy regulation Economic loss Reputation damage › How controlled release?
  • 12. Techniques for controlled release › User control Data minimization Local differential privacy 12
  • 13. Techniques for controlled release › User control Data minimization Local differential privacy › Controlled query handling (pull) Query perturbation Restricted query handling Differential privacy à privacy budget 13
  • 14. Controlled dataset transfer › User control Data minimization Local differential privacy › Controlled query handling (pull) Query perturbation Restricted query handling Differential privacy à privacy budget › Controlled release of datasets (push) 14
  • 15. Controlled dataset transfer › Pseudonymization Replacing fields with pseudonyms Reversible › Anonymization Stripping elements Generalization, swapping, noise, … Irreversible 15
  • 17. › The privacy ó utility balance › Outsourcing › Evolving attack(er)s › Every increasing complexity
  • 18. 18 › The privacy ó utility balance › Outsourcing › Evolving attack(er)s › Every increasing complexity
  • 19. The privacy ó utility balance 19
  • 20. › The privacy ó utility balance › Outsourcing › Evolving attack(er)s › Every increasing complexity
  • 24. Outsourcing :: Software Development › Synthetic (~fake) data testing of software/scripts without privacy risks with similar statistical properties › Format-preserving encryption avoiding identifying data in test environments preserving structure/format of original data 24
  • 25. Outsourcing :: Storage › Encrypted (distributed) storage Securing decryption keys › Attribute based encryption Role-based access control Limited flexibility 25
  • 26. Outsourcing :: Processing › Trusted Execution Environments (TEE) TEE isolates data and code from OS Trust required in TEE vendor › Encrypted processing Fully homomorphic encryption Static set-up / simple operations 26
  • 27. › The privacy ó utility balance › Outsourcing › Evolving attack(er)s › Every increasing complexity
  • 28. Evolving Attacks › Attack vectors Data in Transit à secure communication channels Data in Rest Data during computation › Attacks on publicly available datasets The Prosecutor à targeting a specific induvial in dataset The Journalist à targeting any individual The Marketeer à re-identifying a large number of IDs 28
  • 29. › The privacy ó utility balance › Outsourcing › Evolving attack(er)s › Every increasing complexity 29
  • 30. Multiple data controllers › Federated computing › (Fully) homomorphic encryption › Oblivious join › Secure multiparty computation
  • 31. Conclusions › Protection is important during the whole data lifecycle collection – storage – processing - release privacy-by-design › Apply realistic trust assumptions Apply realistic attacker models Honest-but-curious third parties › Embrace innovative software technologies Statistical methods - AI - ML Cryptographic technologies 31
  • 32. Siebe de Roovere Security for Insurance, related archives and content
  • 33. w YOUR COACH IN DIGITAL SECURITY w Security for Insurance, related archives and content.
  • 34. w About Me & Toreon • Principal GRC consultant @ Toreon • Business Unit Director @ Toreon • Studied (Applied) Economics • 8+ years of Security Experience • Certified ISO27001 LA • Certified DPO • Lecturer @ Data Protection Institute, NCOI, Kluwer
  • 35. Cyber Threats Massive data losses, theft of intellectual property, credit card breaches, identity theft, threats to our privacy, denial of service, ... This has become a way of life for all of us in cyberspace. Trust & Compliance Ever-growing landscape of Cybersecurity/Privacy laws, regulations & standards: ISO27k, NIST, CIS, GDPR, NIS, FDA Rulings, …. The Bad News
  • 36. Cyber Threats Massive data losses, theft of intellectual property, credit card breaches, identity theft, threats to our privacy, denial of service, ... This has become a way of life for all of us in cyberspace. Trust & Compliance Ever-growing landscape of Cybersecurity/Privacy laws, regulations & standards: ISO27k, NIST, CIS, GDPR, NIS, FDA Rulings, …. The Bad News Negative: More Threats, Organized Threats Positive: Hackers have a Business mindset > We know how to compete in business!
  • 37. Cyber Threats Massive data losses, theft of intellectual property, credit card breaches, identity theft, threats to our privacy, denial of service, ... This has become a way of life for all of us in cyberspace. Trust & Compliance Ever-growing landscape of Cybersecurity/Privacy laws, regulations & standards: ISO27k, NIST, CIS, GDPR, NIS, FDA Rulings, …. The Bad News Source: https://www.eiopa.europa.eu/document-library/report/cyber-risk-insurers-challenges-and-opportunities_en Sector Specific: Top Risks for Insurance Companies
  • 38. Ransomware België - Painfull Facts • 30% heeft een jaar later nog steeds niet alle data kunnen herstellen • 10% krijgt effectief alle data terug na betalen. • 60% wordt binnen het jaar terug aangevallen. • Sector aanvallen worden de standaard!
  • 39.
  • 40. Cyber Threats Massive data losses, theft of intellectual property, credit card breaches, identity theft, threats to our privacy, denial of service, ... This has become a way of life for all of us in cyberspace. Trust & Compliance Ever-growing landscape of Cybersecurity/Privacy laws, regulations & standards: ISO27k, NIST, CIS, GDPR, NIS, FDA Rulings, …. The Bad News Cyber Defense • We have access to an extraordinary array of security tools and technology, standards, training and classes, certifications, vulnerability databases, guidance, best practices, catalogs of security controls, and countless checklists, benchmarks, and recommendations. • We have threat information feeds, reports, tools, alert services, standards, and threat sharing frameworks. • We are surrounded by security requirements, risk management frameworks, compliance regimes, regulatory mandates, and so forth. There is no shortage of information available to security practitioners on what they should do to secure their infrastructure. The Good News
  • 41. Cyber Threats Massive data losses, theft of intellectual property, credit card breaches, identity theft, threats to our privacy, denial of service, ... This has become a way of life for all of us in cyberspace. Trust & Compliance Ever-growing landscape of Cybersecurity/Privacy laws, regulations & standards: ISO27k, NIST, CIS, GDPR, NIS, FDA Rulings, …. The Bad News Cyber Defense • We have access to an extraordinary array of security tools and technology, standards, training and classes, certifications, vulnerability databases, guidance, best practices, catalogs of security controls, and countless checklists, benchmarks, and recommendations. • We have threat information feeds, reports, tools, alert services, standards, and threat sharing frameworks. • We are surrounded by security requirements, risk management frameworks, compliance regimes, regulatory mandates, and so forth. There is no shortage of information available to security practitioners on what they should do to secure their infrastructure. The Good News The Ugly Challenge The “Fog of More” • Define what risk should be addressed? • How to prioritise security spending? • Which actions have the greatest value?
  • 43. Voorkomen? 7 quick wins + 1 slow win 43
  • 44. 1. Backup Offline backups Check cloud setup Testen!
  • 45. 2. Kritieke updates Malware gebruikt bekende zwakheden
  • 46. 3. Antivirus Yep, good old antivirus
  • 47. 4. Isoleer oude systemen Firewalling, air-gap, …
  • 48. 5. Minimaliseer admins ‘least privilege’ Geen locale admin rechten Tools zoals LAPS, password vaults…
  • 49. 6. Check Cloud setup Multi-factor authentication!! Zet alle toeters en bellen aan: logging, threat protection,…
  • 50.
  • 52. 7. External penetration test Laat je internet kant checken Pas op wat je blootstelt aan internet Gebruik VPNs, firewalls
  • 53. En wat nog? s Awareness: 80% = gebruikersfout Continue verbetering
  • 54. Siebe De Roovere Security Consultant +32 473 42 03 95 Siebe.DeRoovere@toreon.com www.linkedin.com/company/toreon Toreon Grotehondstraat 44/1 2018 Antwerpen, Belgium www.toreon.com @Toreon_BE Keep in touch!
  • 55. Tim Wouters Cyber security risks for Insurance companies
  • 56. Cyber security risks for insurance companies March 2022 – Tim Wouters Public
  • 57. Public Cyber security risks can be identified via a general risk management approach Measure Control Monitor Report Identify Cyber security risks for insurance companies - Tim Wouters 57
  • 58. Public Risk Identification Cyber security risks for insurance companies - Tim Wouters Risk sources Data at hand • Company specific information • Policyholder basic information − name, address, … • Risk insured: − house, family − medical profile − salary information • Claim information • Mainly Operational risks − Failed processes / human errors. − Restrictions from GDPR − Cyber events With a lot of possible impact on reputation. Specific attention for cloud • Strategic risks from legacy systems • Sustainability related risks 58
  • 59. Public Cyber security risks can be identified via a general risk management approach Measure Control Monitor Report Identify Cyber security risks for insurance companies - Tim Wouters 59
  • 60. Public Measuring the risks via likelihood and impact Cyber security risks for insurance companies - Tim Wouters Potential impact Likelihood • Loss of data • Financial loss • Business continuity Or worse • Loss of reputation • Depends on set-up − Type of data − Exposure to internet − Cloud − Automation of processes − Legacy systems − Teleworking • Can be measured with tools, audits, … 60
  • 61. Public From Black Swans to Gray Rhinos Cyber security risks for insurance companies - Tim Wouters 61 Hardly any risk Black Swan Mitigated in processes / pricing Gray Rhinos
  • 62. Public Cyber security risks can be identified via a general risk management approach Measure Control Monitor Report Identify Cyber security risks for insurance companies - Tim Wouters 62
  • 63. Public Controlling the risks Cyber security risks for insurance companies - Tim Wouters Bring down undesired levels E.g. • Patching • Hardening Defining a risk appetite • Board level expression • What can (not) be tolerated? Drill down to specific KPIs E.g. • Number of cyber attacks • Reputational events Put governance in place • Incident process with clear responsibilities • SIRT, ISO, … If needed, apply for risk transfer or acceptance • Cyber insurance • Deliberately accept the risk Ensure measuring can be executed • Can require tools (SIEM, pentesting). • Put processes in place Controlling the risk exposure 63
  • 64. Public Cyber security risks can be identified via a general risk management approach Measure Control Monitor Report Identify Cyber security risks for insurance companies - Tim Wouters 64
  • 65. Public Regularly monitoring the exposure based on defined KPIs Cyber security risks for insurance companies - Tim Wouters 65 • Recurrent execution of the KPIs (e.g. number of cyber attacks, required patches, access management, reputational risk, …) • Of own company and third parties. • Where needed, taking actions to bring them in line with the risk appetite, via additional measures or ensuring that predefined processes are being carried out. • Includes creating cyber risk awareness.
  • 66. Public Cyber security risks can be identified via a general risk management approach Measure Control Monitor Report Identify Cyber security risks for insurance companies - Tim Wouters 66
  • 67. Public Reporting to create top management awareness Cyber security risks for insurance companies - Tim Wouters 67 • Involving in risk management strategy as end responsible. • Regularly reporting monitoring results to top management. • Allowing for steering and support. • Creating awareness. Can also involve situation exercises.
  • 68. Public Cyber security risks can be identified via a general risk management approach Measure Control Monitor Report Identify Cyber security risks for insurance companies - Tim Wouters 68 Legislation
  • 69. Public Financial sector is heavily regulated Cyber security risks for insurance companies - Tim Wouters Governance requirements NBB circular on governance NBB_2016_31 NBB circular on information security NBB_2021_15 Outsourcing requirements Strong requirements regarding outsourcing (to ensure to stay in control) Cloud computing Specific NBB circular regarding cloud computing requirements GDPR Privacy requirements impacting data set- up and treatment. Anti Money Laundering and Financial Sanctions Heavy data requirements to ensure compliance with laws Business Continuity Requirements Ensuring to stay up and running through crises 69
  • 70. Public Cyber security risks can be identified via a general risk management approach Measure Control Monitor Report Identify Cyber security risks for insurance companies - Tim Wouters 70 Legislation
  • 71. François Collienne Cybersecurity for digital assets in the Insurance Industry
  • 72. About Xenit Back in 2008…What were the issues in the Insurance Industry? • Merger and Acquisition • Centralization of Digital Archives • Modernization – Cost control Those issues were not Cybersecurity related • Not the main driver • ISO 27001 Certifications • OWASP Top 10 • Security by design -> Object storage
  • 73. Where do we stand today? 5 Customers in Insurance 300+ M documents 1/3 of revenues come from the Insurance Industry Long Lasting Relationship 50% increased documents stored in the archives in 5 years
  • 74. Our recipe to secure Insurance related archives • Internal breaches (80%) versus external (20%) • Password protections • VLANs separations • Security logs / access logs 1. Zero Trust
  • 75. Our recipe to secure Insurance related archives • We are always (at least) one step behind of an hacker • Ex. SLR Amazon S3 : 99,9999999999 durability • To achieve close to zero risks, you need at least 2 different technologies (3-2-1 rule) 2. Zero Risk does not exist
  • 76. Our recipe to secure Insurance related archives • On premise Object Storage Pioneer in 2007 • High level of protection at rest • High availability with replicas/erasure coding • Lifecycle management • Encryption 3. Security by design
  • 77. Object Storage for data protection Safeguard Data from attacks, failures, and mistakes Ransomware Protection Continuous Self-Healing Secure Access Disaster Recovery High Availability Alternative to tape & cloud
  • 78. The present and the future How does the future look like for Archives ? • Acceleration of digital business -> More documents created -> More documents to archive • General purpose ECM are not scalable to become Digital Archive • Archives are an interesting target for Hackers (contains a footprint of the whole organization activity) What are the cyber risks associated with a future archive? • Sensitive information leakage • Personal information leakage Which one are the main threats for insurance companies? • Business Continuity • Reputational • Legal
  • 79. Top challenges and solutions
  • 80. 1. The limits of access control
  • 81. The limit of access control
  • 82. OWASP* Top 10 security threats More and More APIs in cloud architecture = widening access But ! Broken Access Control has moved to top place! (*) OWASP= The Open Web Application Security Project
  • 83. The limits of access control • Poorly Agile • Static • Does not scale Companies that haven’t solved for access control are not only putting themselves at risk -- they are also suboptimizing every dollar of their cybersecurity spend - Richard Bird Risk : • Access Control is the barrier against internal exposure • Bad practice to use general user (portal user) • Admin account for troubleshooting should not have access to all content (least privilege)
  • 84. Next generation access control ABAC (Attribute based access control) leading to PBAC (Policy based access control)
  • 85. Next generation access control Benefits: • Fine grained protection : ex. Meta-data versus Content • Context aware dynamic access rules • Better traceability • Is testable Example: Dynamic rules • Allow all access from the Benelux (IP geofencing) between 7 and 21 H, for all documents having classification “external” and have a Non-Null name for customer • Report any access user Jean had on documents containing user Pierre, either in the content or the meta-data of the document
  • 87. Metadata based archives FROM TRADITIONAL FOLDERS TO A MULTI FACETTED UNSTRUCTURED BUSINESS ARCHIVE
  • 88. Metadata based archives 1. Metadata will be crucial • Because finding back information relies on it • Because Access Control needs it • Because new business initiatives will rely on it 2. Metadata completeness and correctness is the key 3. Governance
  • 91. API Architecture & Security Organizations with high traffic sites offering a wide range of services often feature a large number of third-party integrations. These integrations rely on APIs to collect data from third-parties and serve it up to the user in a seamless fashion APIs tend to be compromised in ways similar to breaches of other web applications, but because they are both increasingly important and hidden from view, they arguably represent a bigger risk to the business than other assets.
  • 92. API Architecture & Security ü Use secure tokens ü Rotate keys ü Use up-to-date signing algorithm ü Make sure to use Fail safe/fail secure ü Use centralized open policy agent ü Avoid caches (or refresh frequently)
  • 93. Layered Security CONTENT IN MOTION CONTENT SERVICE AT THE API END POINT SECURING AUTHENTICATION PROTECTING AUTHORISATION CONTENT AT REST
  • 94. Contact Details Thank You Telephone: +32(0)16 891 800 Email: sales@xenit.eu