Insurance group turns to intelligent technology

Artificial intelligence technology, described as mimicking the human immune system, is planned as the next line of cyber defense for Cayman Islands health insurance provider BritCay.

Technology Security Officer Ben Mobley said Cayman is one of many locations parent company Colonial Group has in mind for Darktrace’s “Enterprise Immune System,” which has already been implemented at the company’s Bermuda office.

The group is also evaluating options for its branches in the British Virgin Islands, the Bahamas and Turks as Caicos.

Darktrace is a cybersecurity company with dual headquarters in Cambridge, England, and San Francisco, California. Its smart technology learns by monitoring network activity and identifies deviations from typical user activity.

Early indicator

Alarms might go off, for example, following a late evening log-in attempt from a user who typically works during standard business hours. The anomaly tips off the system to a possible insider threat, not easily prevented by firewall software.

As a healthy human immune system adapts to disease evolution, EIS technology seeks to create automatic lines of defense against evolving cyberattacks, explained Darktrace Director Emily Orton.

For a company that protects large amounts of personal client data, the technology provides a higher-level safeguard against sophisticated threats.

While firewall and anti-virus technology can prevent outside actors from infiltrating a network, Orton said insider threats, often provoked by unknowing employees, can pose the most difficult challenges.

“Insider threats are one of the biggest areas that the immune system can help you with. It’s one of the hardest types of threats to find,” Orton said.

“We figure a small number is a malicious insider … who has a specific objective. They are difficult because it’s easy for them to get around and they know the system and they specifically try to avoid detection. But a lot of what we see are non-malicious insiders.”

Well-meaning employees can invite attacks by falling for clever phishing scams, following bad links or downloading questionable content on company devices.

As cyberattacks become more advanced, Orton said, more companies and their clients are looking to fortify defense tactics. She has received inquiries from medium-sized enterprises to multinational banks seeking to protect priceless data.

“There is no silver bullet for security. You can’t secure everything but you can deploy very clever systems,” she said.

“(One) fix is taking a different approach and knowing you aren’t going to catch every threat at the door.”

Cayman Islands-based IT adviser Micho Schumann of KPMG added that AI technology is an advanced line of defense, rather than a first step. Companies must also ensure they have covered their basic needs, such as training employees on best practices.

“For a company that’s starting, especially the company sizes that we have in Cayman, you probably want to start with something along the lines of say a gap assessment or a risk analysis,” he said.

“You may have all the anti-viruses and the firewalls and all that good stuff, but if your employee clicks on that link, they might have all been defeated. So that’s why employees are very critical in this whole thing. It’s not all technical. It comes down to human (error).”

He suggested companies take a step back before investing in potentially expensive technologies and first determine their core needs, as well as the data they need to protect.

Schumann also pointed to offline steps that companies should take to ensure their systems are protected. He encourages employees to take care with how they store passwords and to practice caution with who can enter company facilities, where sensitive paper documents may be accessible.

“Nothing is hack proof,” he said. “The perfect golf game doesn’t exist, not does perfect cybersecurity.”

Online standard

In the online world, Orton anticipates AI systems becoming the standard. She describes a possible digital “arms race” in which hackers may one day adopt intelligent methods as well, prompting companies to pursue increasingly advanced technologies.

She encourages businesses to prepare for the rapid evolution of such threats and what she expected will soon be the new norm.

“For us it’s a no brainer. AI is going to be the future of cybersecurity,” she said.