Reflections from AIRMIC 2024: Hack to the future – using today’s data to protect against tomorrow’s risk
Authored by Liberty Specialty Markets Principal Cyber Security Consultation, London, Jon Hawes
Organisations must continuously adopt new technologies and expand their ecosystem of 3rd party partners to stay competitive. This can create conditions that benefit threat actors. Liberty Mutual has created a framework to provide the insurance, risk, and security communities a way to use today’s data to take a proactive approach to tomorrow’s cyber risk. The framework has five lenses: threat access, culture, resilience, planning and engineering, and partnerships. Looking through these lenses enables us to simplify both how we understand the conditions threat actors exploit to achieve their goals, as well as how we can invest to control those conditions.
Lens 1: Threat access
To minimise the time and cost to achieve their goals, threat actors want to take the path of least resistance. To gain initial access to systems and data, threat actors benefit from conditions such as the use of default or weak credentials, a lack of multi-factor authentication (MFA), the absence of email filtering to counter phishing, incomplete asset inventories, inconsistent vulnerability management and patching cycles, and the absence of endpoint protection for workstations and servers.
To protect against threat access, there are four main areas organisations need to focus on
Safeguarding credentials themselves – and minimising the impact of a compromised credential by deploying MFA and monitoring for signals of compromise.
Countering phishing attacks that aim to harvest credentials or download malware by deploying email protections such as filtering and sandboxing, and ensuring users have an easy way to report suspicious emails so they can be investigated.
Minimising the number of internet- facing assets that threat actors can use to gain access to a company’s resources and keeping them up to date
Blocking persistent malware from being able to run on machines.
Lens 2: Culture
Threat actors benefit from gaps in organizational culture where there are inconsistencies in alignment, decision-making criteria, and information flows about either what security measures are implemented and how. These can manifest as implementing security measures as a compliance checkbox, bypassing IT and security processes without documenting exceptions, and treating security as a purely technical concern. The more gaps there are, the greater opportunity threat actors have to maximise disruption.
Where employees are empowered with the right information, decision-making criteria, incentives, and tools for their role then organisational gaps are limited and opportunities for disruption are minimized.
Implementing a threat-resistant culture is a multi-faceted effort that involves stakeholders ranging from the executive leadership to teams in product management, application development, legal and procurement. It requires explicit frameworks that formalise governance and investment decisions, so that trade-offs are clear at the right levels of management.
Lens 3: Resilience
When an incident impacts a business process, its level of resilience can be measured by the speed and cost to return to normal operations. Threat actors benefit from fragile systems where even small impacts require a lot of time and effort to return to normal. As severe security incidents are something organisations experience rarely, threat actors also benefit where their targets must work out how to respond without existing playbooks that establish roles, communication flows, and steps to take to safely return to operations.
