Over the last decade, the cybersecurity environment has undergone significant changes. But while the Internet may be vast, it isn’t necessarily becoming safer. Major data leaks from high profile companies like Equifax set a clear message that even big players are vulnerable to security breaches – and companies in industries including insurance are turning to artificial intelligence (AI) to secure their sensitive data.
It is imperative that companies across all industries – especially when dealing with the personal data of consumers – work to avoid data breaches or liabilities when it comes to user information. Let’s delve into the top data security considerations for insurance companies and explore how AI can help protect enterprises of all sizes.
The Ever-Changing Cybersecurity Landscape
First, we need to ask ourselves, “What is the current state of cybersecurity in insurance and beyond?” To answer that, we must take a look at how it has developed over the years, and which threats have been consolidated to become the most common and malicious.
We have seen email threats become more sophisticated over the last decade. While there is constant advancement in spam filtering and detection, email remains one of the most common channels for ransomware and phishing. Globally, ransomware alone is likely to cause $11.5 billion in damages during 2019 – without even taking into consideration the devastating, additional impacts on organizational reputation and restoration costs. Hackers now frequently send emails that look identical to those sent out within organizations, between colleagues, or from SaaS platforms such as Dropbox, Slack, or Salesforce. These emails often do not raise suspicion even amongst the more tech-savvy employees, and organizations must be extremely wary. After all, past cases have shown that threats like WannaCry can take down an entire organization.
The rise of cryptocurrencies is something that has defined this decade. Bitcoin promised a bright future of decentralized exchange carried out in a safe environment. Still, cybercriminals found ways to exploit it – particularly through malicious attempts to mine the cryptocurrency by hijacking individuals’ central processing units (CPU). We have also seen cases where hackers encrypt and hold computer files hostage while demanding Bitcoin for their release, their favorite currency to date.
Endpoint attacks have also developed into sophisticated threats, connected to the rise of bring-your-own-device culture. With SaaS and clouds as potential entry points, the challenge for companies lies in securing access not only within offices but also off-premises. DDoS (distributed denial of service) attacks remain common as well. This type of attack drives an immense amount of traffic to a server, causing significant difficulties or shutting it down completely.
All these realities come down to one main issue. During the upcoming years mass-computing will continue to advance – and correspondingly drive advanced threats. Not only has the number of internet users more than doubled in the past 10 years, but we have also seen exponential growth in the number of objects connected to the network through the Internet of Things (IoT). This naturally brings more entry points for hackers, especially considering the difficulty in matching user safety online and IT literacy with such uncontrolled expansion.
AI: A Weapon Rather Than a Threat?
Inspecting the cybersecurity landscape, it is easy to identify that threats have been adapting with new technologies. AI and machine-learning specifically have played an increasingly important role in constructing these new, innovative threats. The so-called “Offensive AI” now includes a malicious attack code that mutates as it learns about its environment, and compromises systems without leaving any trace. At a level of sophistication where it can even copy an individual’s behaviour and language by analyzing communications, the AI can replicate anyone’s writing style to craft similar messages and disguise itself further.
Insurance companies are exceptionally vulnerable as they store large amounts of personally identifiable information (PII) and therefore, any data breach can result in a widescale occurrence of identity theft. Even if only a single piece of PII is leaked such as the full name, Social Security number, driver’s license number, bank account number, passport number, or email address, leaking this personal data can have catastrophic effects. Specific vulnerabilities vary but can be easily identified as customer portals, credit card transactions, insider threats, big data warehousing and applications, cloud storage, and more.
But we must not forget that AI is a double-edged sword. It is crucial that companies leverage the same technology to fight back. Various solutions are already being developed to counter and identify new threats. AI has the ability to adapt to new threats, eliminate human error, work more efficiently and tirelessly, innovate features that bring additional security, and constantly optimize itself.
By utilizing thousands of properties learned from historical data, the technology can easily spot any vulnerabilities even for prevention. The AI cybersecurity firm Darktrace claims that its machine-learning technology has identified over 60,000 previously unknown threats in more than 5,000 networks. The system can be taught to function without substantial human intervention and flag any file as malicious or legitimate, with over 99.9% detection accuracy. AI can help down to the user level by deploying biometric login techniques for secure authentication. By scanning fingerprints, retina, and palm prints, it can create a uniquely effective verification system that complements passwords.
Making the Best Out Of It
The most important advice for companies in the insurance and the finance industry, in general, is to truly recognize the importance of cybersecurity. Only by doing so can they develop a fully comprehensive game plan that consists of both significant and minor (yet vital) steps, such as making sure that the company is constantly aware of the latest threats and ensures that the latest software versions are in place. Likewise, by using AI specifically, companies can develop custom rules that block common attack patterns and deploy countermeasures within minutes.
When it comes to integrating the technology within existing infrastructures and operations, Dr. Kevin Curran, a computer scientist from Ulster University, says that the most practical AI-driven approaches are hybrids. IT managers must prepare their ecosystems to work effectively and confirm that their databases provide relevant data for the automation to work smoothly. Therefore, human operators must ensure that the data sets fed into AI engines are fully reliable. But apart from that, humans also need to work alongside machines and algorithms to categorize new threats and respond to new situations. The ideal case would be to have the machine learning classify straightforward cases and let the human worker focus on the grey area.
At the same time, companies cannot forget that cybersecurity is always a shared responsibility. No matter what technical safeguards or automations are in place, humans can also contribute to keeping data safe. Employees should understand how to effectively function alongside any newly adopted security measures, which is why vetting and training are of the utmost importance. Companies can either conduct in-house sessions or outsource this training by contacting organizations such as the International Association of Privacy Professionals (IAPP).
AI has the potential to become a part of robust security architectures within insurance companies and beyond. Deflecting potential threats and collecting data that drives constant optimization, the technology forms a strong bulwark against the threats of this decade and will continue to do so for the ones that follow.