Advertise Here
Icon

Directory

IconAccounting & Tax
IconActuaries
IconAdministrators
IconAppraisers & Valuers
IconArbitration Services
IconASIB
IconAssessors & Loss Adjusters
IconAssist and Lifestyle Benefits
IconAssociations & Institutes
IconAuditors
IconBBBEE Consulting and Verification Agencies
IconBroker Acquisition Financing
IconBrokers for Brokers
IconBusiness Process Management
IconBusiness Process Outsourcing
IconCall Centre Outsourcing & Sales
IconCompany Secretarial Services
IconCompliance
IconConsumer Protection
IconCorporate Governance
IconCredit Bureaus
IconDebit Order Collection Facilities
IconDefensive Driver Training
IconEducation and Training
IconEmergency Medical Rescue
IconFAIS
IconFire, Storm, Flood Damage Specialists
IconForensic Investigation Services
IconHuman Resources
IconIndustrial Cleaners
IconInformation Technology and Software Partners
IconInsurance Companies
IconLegal
IconLightning Damage & Surge Protection Specialists
IconNiche Insurance Products
IconOmbud
IconOutbound Sales
IconOutsourcing Companies
IconPolicy Administration
IconPremium Financing
IconPublic Loss Adjustors
IconPublications
IconRating Agencies
IconReference Books & Material
IconRegulatory Authorities
IconRisk Finance
IconRisk Management
IconRisk Surveyors
IconSalvage Operators
IconSpecialized Claims Investigations & Assessing
IconSurveys and Research
IconTraining Courses & Workshops
IconUnderwriting Managers
IconVehicle Accident Management
IconVehicle and Household Risk Inspection Services
IconVehicle Tracking
IconWellness Programs
IconWholesale Brokers
IconZZZZZZ
Image
  Subscribe To »

Growing cyber risk emanating from within

Published

2019

Fri

18

Oct

Excess privileges and shadow IT increase employee and vendor risks

 

Whether through malicious acts or negligence, employees, suppliers and third-party vendors remain one of the most common causes of security breaches, identified in Aon’s Cyber Risk Report.  In a 2018 survey of cyber security professionals, 53% said their organisations had experienced an insider-related attack within the last year.  And respondents were split on whether they worried most about accidental mistakes such as clicking on phishing links (51%) or malevolent employee/vendor behaviour (47%).

 

“As companies seek to increase efficiency through technology, they often give users more liberal access privileges than may be needed, which can increase risk,” says Zamani Ngidi, Client Manager: Cyber Solutions at Aon South Africa.  He uses an example of system administrators tasked with managing more systems who correspondingly need broader privileges, which increases the potential damage if those privileges are misused or compromised. “Technology also enables employees to capture an increasing amount of sensitive information – by recording video conferences or taking screenshots, for example – potentially amplifying risk exposure,” Zamani adds. 

 

Shadow IT

The omnipresence of cloud computing platforms and applications intensifies the ‘shadow IT’ problem, in which departments or business units independently adopt technology without telling the central IT organisation.  “It’s often faster and easier for departments to directly establish accounts for cloud-based applications and services than to submit technology requisition requests to a central IT group.  It has the potential to expose the organisation to new, unknown risks, since IT may not even know which services are being used and is therefore unable to assess their security or enforce the use of strong login credentials,” explains Zamani.

 

As privacy regulations increase in response to the digital economy transformation, the consequences of compromised personal and business data are growing.  “It’s becoming even more important to establish a comprehensive approach to mitigate insider risks – including strong data governance, communicating cyber security policies through the organisation and implementing effective access and data-protection controls,” Zamani urges. 

 

Third-party risk

As enterprises derive more efficiencies from working with SMEs, hackers will pinpoint smaller businesses that utilise IoT platforms and devices to gain entry into larger businesses. An example is criminals targeting ATM manufacturers and maintenance vendors working with large banks.

 

“Organisations face risks from smaller service providers of printers or copy machines, security camera systems and other connected endpoints through which client data can be exposed, if hacked.  As a result, demand for visibility into third-party security will increase and smaller vendors bidding for contracts will have to demonstrate a stronger cybersecurity environment in general, that includes protocols around Internet of Things (IoT) endpoints,” says Zamani.

 

“It is absolutely critical that large organisations broaden their third-party risk management programs and due diligence processes to account for weaknesses in vendor IoT security. Likewise, SMEs bidding to work with them will need to improve and document their cybersecurity measures,” Zamani explains.

 

“A good starting point, for both SME’s and large corporations alike, is to evaluate current agreements that are in place in addition to initiating a thorough cyber risk analysis to understand where liability lies if a breach should occur.  The findings could well point to a ‘large corporation’ type risk lying in the hands of a small firm,” Zamani illustrates. 

 

IoT

There is no denying the burgeoning growth of digital, web-enabled devices in the business environment and throughout product categories. There were 8.7 billion IoT devices in 2012. Seven years later, that number has grown to 34.5 billion. By 2020, the McKinsey Global Policy Institute anticipates that there will be 50 to 100 billion IoT devices.

 

“While hailed as an enabler, one cannot forget that two ransomware campaigns (WannaCry and Not Petya) have incurred more than USD3 billion in losses since Aon's last Global Risk Management Survey in 2017.  Annually, companies are now bearing US$550 billion in cyber-related losses.  As digital transformation proliferates, the ‘attack surface’ of global business expands rapidly, and in sometimes unexpected ways,” says Zamani.

 

It’s a modern digital twist on a story as old as time:  with great opportunity comes great risk. 

 

“To mitigate that risk, corporations must exercise constant vigilance over their fast-changing enterprise cyber risk profiles – from the boardroom to the supply chain, and from IT infrastructure to every other facet of business operations.  That means organisations must stay informed, understand their risk profile and be proactive in their defences by sharing threat intelligence with employees and third parties to help keep the entire business community safe, hunt to detect bad actors before they cause damage and perhaps, above all else, be prepared for a cyberattack,” says Zamani.

 

“The risk that cyber-crime poses affect all companies, big and small, and that is why you need a qualified risk advisor by your side who is able to take your business through a comprehensive cyber risk assessment in order to mitigate your exposure to first- and third-party risks and exposures,” Zamani concludes.

 
Source: CONNY MANASO TS COMMUNICATIONS
 
« Back to previous page Print this page » |
 

Breaking News »

Interview with Bright Rock CEO, Schalk Malan about their ground-breaking temporary disability cover

In October 2019 Needs-matched life insurance provider, BrightRock, announced enhancements to their temporary expenses cover. Read More More recently Insurancegateway® Interviewed Schalk Malan to not only ...
Read More »

  

The Importance of an effective online campaign

As we enter the age of the fourth industrial revolution, a technological transformation driven by the internet, it seems almost unthinkable that the web would not be the preferred platform chosen by businesses ...
Read More »

  

Allianz and Embry-Riddle University aviation study: Safer skies but claims and risks grow

Fewer fatal accidents, but growing number of costly claims for the aviation industry and insurers from collisions, groundings and aircraft repairs Analysis of 50,000 aviation insurance claims shows collision/crash ...
Read More »

  

Allianz and Embry-Riddle Aeronautical University report: Flying has never been safer

Despite record numbers of passengers, 2017 and 2018 are among the three safest years of the aviation industry for fatal plane crashes Safety driven by design, technology and training improvements Strap yourself ...
Read More »

 

More News »

Image

Healthcare »

Image

Investment »

Image

Life »

Image

Retirement »

Advertise Here
Image
Image
Image
Image
Image
Image
Image
Advertise Here

From The Glossary »

Icon

Guaranteed Capital Fund:

As the name implies this fund guarantees your net investment during the entire term of the investment. This is a low risk fund. The growth in the fund is added to your investment as a bonus that becomes part of the investment and cannot be lost. Bonuses are added daily or monthly, depending on the type of investment.
More Definitions »

 

Advertise

 

eZine

 

Contact IG

 

Media Pack

 

RSS Feeds

By using this website you agree to the Terms of Use.
Copyright © Insurance Gateway (Pty) Ltd 2004 - 2019. All Rights Reserved.