This article was produced in partnership with STORM Guidance.
Mia Wallace of Insurance Business sat down with Jonny Baker, technical lead of STORM Guidance, to discuss the firm’s newly released CyberProfiler service.
In much the same way as a bird’s eye view offers the observer an enriched vantage point, STORM Guidance’s newly launched CyberProfiler tool offers reinsurers, insurers, brokers, and clients an ‘Attackers Eye View™’ of their online exposures. STORM’s technical lead Jonny Baker (pictured) emphasised how this solution provides an outside-in view of a business’s points of risk, allowing the user to see their online presence through the eyes of a cyber criminal before receiving an accessible remediation plan aimed at making them a harder target.
“CyberProfiler was born out of the set of tools that our incident responders found themselves frequently using when an investigation comes in,” he said. “The first port of call is figuring out how the attacker got into the system, and rather than diving into internal logs, etc., one of the best places to start is by looking at the incident from the outside and exploring the best path in. That’s made incredibly easy these days because there’s so much publicly available data that can be used to quickly determine a company’s cyber risk, to establish what parts of their system are the most vulnerable and to figure out which places have been misconfigured.”
This is in line with what hackers tend to do when planning an attack, Baker noted, whether they have a target in mind or are looking for businesses with vulnerabilities they know they can exploit - i.e.. ‘low hanging fruit’. So, it made sense to the STORM team to develop a solution that could be used against attacks – and the phrase Attackers Eye View™ summed that approach and ethos up neatly.
The way that CyberProfiler works is that data is combined from multiple different sources and analysed using a set of AI tools developed by STORM, before it is organised into a series of clearly defined action points conveying meaningful technical information. This is then collated to form a report which is given to the client, and the client is given access to a portal that provides support for them in remediating the issues highlighted by the report.
“That’s what I think is the difference between us and other offerings on the market,” he said. “Threat reports are nothing new but historically they’ve been focused on high-level scorings or gradings to allow companies to benchmark themselves against others. But in a lot of ways that can be quite misleading. I liken it to being proud that your house only has two broken windows when everybody else’s has four – the fact is you still have two broken windows and if somebody wants to get in, they’ll be able to.”
Proactive solutions aimed at presenting the exposures faced by a business clearly and transparently and offering advice based on these is the way forward, he said. This is why STORM is dedicated to helping craft an engaging cyber security ecosystem where technical and non-technical people alike can get involved and tackle pressing issues at their inception – which has the added advantage of reducing this risk on insurers’ books as well.
Read more: How to speak to cyber criminals
It’s a tempting proposition for insurers and CyberProfiler yesterday revealed the details of its collaboration with QBE European Operations, which will see cyber insureds across QBE’s books receive a CyberProfiler assessment. When it comes to launching new and innovative solutions into the marketplace, Baker highlighted that there will always be some companies more willing to seize the first-mover advantage than others. QBE is one such business, he said, as evidenced by the fact that STORM’s relationship with the insurer goes back several years.
With the hardening market around cyber insurance at the moment, and the high cost of claims relating to ransomware and other cyber incidents, insurers need to do all they can to reduce the risk on their books - and QBE has recognised that CyberProfiler is a strong means of doing just that. In addition, he said, this is a tool that also works well with other risk management strategies that firms may already have in place.
“I believe we’re coming to the point very rapidly where people are going to have no choice but to [embrace new ideas],” Baker said. “These big attacks are not black swan events anymore. They’re increasing more even in the last couple of years and we know, from our data, that the figures involved with ransomware payments are going up and up. It’s a $100 billion industry and it’s actually making global news now because [these incidents] can bring normal life to a standstill. It shows that what people are doing at the moment isn’t good enough and you’ve got to turn towards innovation to find something that is.”
Looking at the next steps for CyberProfiler, he noted that STORM is already in conversation with a number of insurance companies and the brokers that they work with, and he is optimistic that the insurance industry will respond well to the service’s focus on remediation and getting insureds to reduce their risks. The tool can support companies of any size, he said, and so STORM has already onboarded a real range of businesses – from SMEs through to larger clients, and including both technical and non-technical people.
The plan now is onboarding even more customers, making constant improvements and evolutions to the portal, and increasing user engagement and STORM’s ability to offer guidance where it really counts. The technical engine of the solution itself is constantly evolving, he said, given that cyber risk is an ever-changing landscape. Criminals are constantly finding new ways to disrupt businesses, which requires the continual development of cutting-edge solutions able to offset that.
“STORM is at the forefront of seeing these incidents happening and the new vulnerabilities that businesses face, which means we can find out exactly how criminals are carrying out attacks,” he said. “We’re able to very quickly turn that around, preventing it happening in the future…
“And I’m very excited for what the future holds for us. [Attackers Eye View™] has been in the works for almost a year now so bringing it all together is incredibly exciting and I think QBE is sharing in that excitement as well. It’s great to be launching this to the market together and I’m just really looking forward to seeing people actively using this solution and reaping its benefits as well.”
Discover STORM Guidance’s full range of cyber security services here
As technical lead for STORM Guidance, Jonny Baker guides technical operations on incident response areas including digital forensics, data retrieval, open source intelligence gathering and big data analysis.