I have been a staunch advocate of cyber collective defense for the last several years. While most people agree with the key tenets of the approach, finding leaders who are willing to be first in a collective defense arrangement can be difficult. Certain industries and business sectors are more prone to collaboration and sharing with regard to cybersecurity, and certainly the insurance sector, particularly those who underwrite cyber insurance, belongs to this group.
Insurance companies are fiercely competitive on product offerings, customer service, and best-in-class coverage but, at the same time, they recognize that no one benefits when a peer business is the victim of a cyber-attack. A direct attack on one firm is an indirect attack on the sector at large. As we have seen of late with supply chain attacks such as SolarWinds, moreover, no individual company is immune.
We can look to the insurance sector as a model of working together, as cyber insurance companies have a number of business-driven underwriting motives for leveraging the visibility, shared and anonymized metadata, and collaboration that comes with a collective cyber defense approach.
There are three foundational capabilities that define collective cyber defense.
- An engine that detects anomalies in network traffic. Detecting network traffic anomalies is essential to finding more sophisticated attackers who employ polymorphic malware, credential harvesting, domain generation algorithms, as well as misuse open-source software, common protocols, services, and applications. Signature-based detection simply cannot keep up. A sophisticated network detection and response platform can detect threats ahead of the curve.
- The capability of creating a common picture of the entire attack surface relevant to the business. A near real-time picture of events impacting similar companies based on sector or business size is important to separate active threats from all possible threats. A view of the supply chain or value chain is also critical for detecting campaigns or attacks against partners, suppliers, or distributors where the ultimate objective is to cause harm to your business.
- A collaboration platform that allows members of the collective to share anonymized metadata about the attacks. This capability results in “crowd-sourcing” of technology and human talent, in turn driving more effective use of existing resources by leveraging the strengths of each participant to the benefit of the group. The resulting shared intelligence is specific and relevant to your company. The information is timely, and it contains the necessary metadata to allow operators to take action. And finally, it is anonymized so that companies do not expose themselves to liability concerns or exposure of sensitive information.
What are the benefits for insurance firms that offer cyber insurance?
Collective cyber defense benefits all insurance companies from an enterprise perspective, but for companies that also offer cyber insurance, there are additional benefits to the underwriting business. Here are the top five benefits.
- Lowered cyber risk to the enterprise. Moving from a single enterprise approach to a collective cyber defense approach provides a more complete understanding of the threat landscape, allowing the company to prioritize limited resources against the most relevant threats. A collective approach drives a more proactive approach to cyber defense and minimizes the impact of a successful breach. And finally, collective cyber defense maximizes current investments in both technology and human expertise by leveraging the strengths of each member to benefit the group.
- A model of best practices for insured clients. At the risk of stating the obvious, the role of insurance is to allow companies to transfer risk. It is in the best interest of the insurance company to reduce the residual risk each client faces. Collective cyber defense lowers that risk. Knowing which capabilities their insurance company uses to protect itself is a good reference for clients who are deciding how to mature their internal cybersecurity capabilities.
- Reduced risk for the industry. In the same way a massive natural disaster hurts the entire industry, a successful cyber-attack has the same impact, if not an amplified one. Natural disasters have finite reach based on geography. Cyber-attacks do not respect physical boundaries, and the potential scope and scale of a sophisticated attack has the ability to impact a wide cross section of businesses. What’s more, there is no defined duration. Cyber-attacks and their fallout can continue for an extended time period, making it difficult to know when all the damage has been identified. Working collectively to quickly identify and contain attacks benefits the entire industry.
- Short-term underwriting benefits. Real-time visibility over sectors and supply chains can support business decisions as underwriters assess the “next five” opportunities. Seeing near real-time changes in the level and sophistication of activity can inform underwriting decisions over the short term and offer opportunities to proactively reach out to clients who may be subject to heightened risk and proactively offer assistance. This information can also be informative to identify conditions that have changed since the policy was written.
- Actuarial modeling. Over the longer term, collective defense can provide data to support underwriting business decisions. The collective defense platform can help companies validate and test assumptions and then update actuarial data and risk models. In addition, the data from the collective could support the creation of client specific baselines to inform renewals targeting and pricing.
IronNet's Collective Defense platform is a Cyber CatalystSM-designated solution.
Collective defense has a multiplying impact for companies that provide cyber insurance. They can recognize immediate benefits in terms of protecting the enterprise and, at the same time, gain valuable insights into their insured base to support better business decisions.