As with most customer facing industries, insurance too is striving towards better customer centricity. This means being able delight the customers by providing the experiences they need using the interaction channel they prefer. Therefore, the focus for most organizations today is shifting towards ensuring security while enabling a superior customer experience.
For Aegon Life Insurance, one of the leading private sector insurance companies in India, the year 2018 was a step in that direction as the company decided to embark upon a journey to strengthen its information and cybersecurity framework in order to become more cyber resilient to help meet the evolving customer expectations in a secure manner.
According to Fal Ghancha, CISO, Aegon Life Insurance, “Unlike earlier days where we used to work in silos, we had decided to take an overall approach for our information and cybersecurity framework. The major issue around the solutions was that they didn’t talk to each other.”
Connecting the dots was made possible through streamlining the information and cybersecurity framework and aligning priorities through it. The company took a strong call to start with upgrading Security Incident and Event Management platform to talk to the entire infrastructure to provide best in class reports, threat feeds and near real-time input to help the organization fight with latest security threats. The SIEM solution has been integrated with the entire ecosystem, which includes firewalls, IDS/IPs, infrastructure and applications.
The framework included initiatives like adoption of Identity and Access Management with automated provisioning and de-provisioning features, streamlining of governance framework and reporting, which includes key performance and risk indicators. The end objective was achieved through providing a dashboard, which helped create complete visibility around the cybersecurity posture to the senior management.
The last initiative within the cybersecurity framework was creating employee awareness considering the human factor is the weakest link in information security. Ghancha affirms that constant intuitive way of creating awareness is the only solution to addressing the human factor of information security.
Going into 2019, Ghancha feels that identity threat is going to be one of the most critical cybersecurity threats with the potential to unsettle the world. He quips that everyday we come across installing many new applications for our mobile devices and while installing them we don’t really check the permissions like SMS, call, storage, photos, locations, etc. that they ask for.
“We want all our applications to work with single identity like Google/Facebook and most of our apps are linked with one account. However, we forget that once these applications get access to our phone, they can track our location, read SMS to use our identity,” he adds.
He believes that identity threat is a huge threat in the future as if there is an attacker/group of attackers who want to target the individual/state/country they can find the most popular mobile app and try to break into the system to gain access to the information.
“While we are implementing a lot of tools and technologies to become more cyber resilient, the key question is are we doing enough to protect our identity,” adds Ghancha.