Cyberattacks on financial services institutions, including the insurance industry, are becoming increasingly sophisticated and frequent. To enhance cyber security awareness in the insurance sector, Fortinet recently organized a panel discussion on “Modernizing Your Security: A Growing Priority for Insurance Business”, aimed at organizations in the insurance business.
Joining the panel was Mr. Natthawutht Thipkanok, Director of IT Infrastructure and Cyber Security from the Office of Insurance Commission (OIC). Mr. Thipkanok shared his view that the COVID-19 pandemic is a catalyst demanding Thai insurance to adopt digital technology to enable the work-from-anywhere model. All remote workers and insurance branches would require cyber security protection technology as well as visibility throughout the network. Companies need to see the data movement, track unusual behavior, identify incoming threats and be able to respond to threats instantly. So far, OIC’s CIT (Center of InsurTech, Thailand) has helped to share threat information with insurance companies immediately so that they can take action to protect themselves in time. The fact remains that, organizations need smarter, faster security operations to combat sophisticated, organized cybercrime. The challenge is that insurance companies are of different scales and therefore are not always equipped with sufficient cyber defense management; especially the insurance brokers who obtain customers’ sensitive data. Shared data is not however used immediately due to lack of some mechanism, including monitoring system. The OIC therefore advised guidelines known as the “Cyber Resilience Assessment Framework (CRAF)” to secure the insurance business sector. Addition, the OIC encourages the deployment of new technology innovations such as AI, sandbox, Secure SD-WAN technology to protect branch and remote workers.
Mr. Amarin Burinkul, eCloudvalley Digital Technology’s Thailand Country Manager, one of the panelists, opined that cloud-based insurance services help improving business processes, efficiency, user experience and increase business value. Cloud deployment renders three strategic benefits: (1) Improve process: Such as software installation and configuration. (2) Pay per use: Organizations can expand the services in a timely manner at actual use rate. (3) Reduce costs: Currently, organizations can opt to use cybersecurity services immediately on the cloud i.e. AWS platform. Mr. Burinkul also recommends that cloud-based service organization leverage the customer confidence in its cloud services by promoting their standard resilience; for example the certification of Information Security Management System ISO 27001, the International Payment Card Data Security Standard (PCI DSS) standards and new regulation compliance such as PDPA, etc.
Mr. Suwat Duangmee, Head of Enterprise Solution Consult Unit, Advanced Info Service Company Limited, another participant in the panel discussed how to apply the SD-WAN innovation concept to secure inter-branch work. He expressed that the connections between branches are more open today and organizations are looking for software-defined technology to enhance business performance. Typically each branch uses two communication circuits for backup purpose and prevent communication failures. However SD-WAN technology allows the use of two communication circuits simultaneously. SD-WAN devices are more intelligent than ever before. It helps organizations to see more at the application level, better manage traffic and make the use of WAN links more cost-effective. Moreover, secure SD-WAN technology can be deployed to protect the branches with direct internet access.
Mr. Chaisiri Sengtrakul, Information Security Director at MFEC Public Company Limited or MFEC shared that organizations of all sizes should have a security surveillance action plan. This should cover three aspects of planning: management, investment and technology optimization plan. MFEC is confident in the Fortinet FortiSIEM solution; and even utilizes the multi-tenant feature in FortiSIEM to develop Security-as-a-service offering at MFEC’s Cyber Security Operation Center (CSOC). MFEC CSOC offers 24-hour surveillance, automate security operations process handled by experienced security analysts to mitigate threats faster. The customer can use this service separately from others, monitor its own threat analysis dashboard, and receive dedicated reports and recommendations to deal with specific threats. This model helps small organizations overcome the problem of not being ready to invest in equipment but wanting efficiency at the same threat management level as large organizations. CSOC allows the financial application system to run smoothly and meets CRAF, Cybersecurity Act and PDPA requirements.
Ms. Pakthapa Chatkomes, Fortinet’s Country Manager for Thailand, gave the opening remarks and welcomed the panelists. Ms Chatkomes reiterated that Fortinet is Number One in cybersecurity, and has developed a security fabric platform with AI technology and obtains the most innovative patents in the cybersecurity market at 1,279 awards internationally. In the U.S., Fortinet has three times more patents than comparable competitors. She emphasized that Fortinet products and SOC solution deliver the right-to-fit solution to organizations of any size to help teams reduce the risk potential of security incidents by blocking more, detect sooner, and responding faster.
Source: Communication Arts