November 9, 2023

Staying Ahead of the Threat Landscape: In Conversation with James Ingram

Insights London Market

In conversation with James Ingram, Cyber Security Risk Engineer, we speak about his role, his move to insurance from the UK Ministry of Defence, emerging cyber threats and how insurers can help clients enhance their cybersecurity.

What attracted you to the insurance industry and Arch, in particular?

I was looking for a new challenge in the cyber world and I was attracted to the breadth of what the insurance industry has to offer. I realised that in insurance you’re working across the full range of cyber risks, and meeting experts from all industries. When I met with Duncan Smith, Head of Professional Lines and Marcus Breese, Head of Cyber and Technology E&O, I was excited by the vision and growth plans they shared for cyber at Arch and was keen to be part of the journey.

What does your role entail?

Fundamentally, my role is to monitor and stay ahead of the threat landscape and to ensure our underwriting teams in London, Madrid, Paris, and Sydney are cognisant of current and developing threats. I also work closely with the underwriting teams to help assess individual risks and meet with clients. I’m pleased to say that we’ve had positive feedback from our broking partners about the level of engagement with clients – they appreciate our insight on trends and the technical discussion around mitigating risks to their organisation.

What are some significant cyber trends you are monitoring?

Threat actors are starting to become more sophisticated at bypassing multi-factor authentication (MFA). MFA is an integral part of security architecture and subverting it has the potential to undermine other security controls, putting attackers in a strong position. We are likely to see more attacks using these techniques whilst the cyber security industry tries to respond by improving MFA standards. We are also seeing a common trend of companies being unable to respond to an incident as effectively as they thought they could, especially around the restoration of systems using backups. It’s important that companies regularly and intensively test their incident response plans from the perspective of a worst-case scenario.

An interesting trend for the cyber insurance market to be aware of and monitoring is threat actors using cyber insurance policy documents as the basis for their ransom demands. They are actively seeking these documents stored on compromised networks and then feeding them back to ransom negotiators as leverage. Maintaining policy documents solely offline or encrypted may need to become standard practice for clients to manage this risk.

“As-a-Service” is a popular term these days and I think that’s a way insurance can go. We should be thinking about the services we can offer clients, rather than only a product.”

What are some of the risks related to artificial intelligence (AI)?

AI is a particularly emotive subject at the moment, but I don’t think we need to be worrying about Skynet just yet (for the Terminator fans out there). AI offers great opportunity for companies to automate processes however it also brings with it a lot of data collection, use and privacy implications. As the sophistication of AI grows, companies should think carefully about how and where they implement it. The training data used needs to be carefully evaluated as it’s key to how AI behaves- AI that’s been exposed to biased training data will make biased decisions. From a threat actor perspective, they get all the benefits from AI that we see. They can use AI to generate content, build or adapt their tools and automate some of their processes. We are already seeing AI being used in some complex phishing/vishing campaigns.

In your view, which parts of companies’ architecture are most exposed to attack?

An organisation needs to have a strong grasp of its attack surface in order to determine its weakest areas. Employees contribute to such a high proportion of incidents that they are often considered the highest risk, however generally speaking, externally exposed systems at the perimeter and internet facing devices would be most vulnerable to initial attack. There has been a trend recently with attackers going after externally exposed data stores, such as file transfer systems, because they get instant access to sensitive data without having to traverse the network. Finally, third parties are often the forgotten limb of a company’s architecture, yet they can process enormous amounts of data so it’s important that organisations understand how third parties’ infrastructure works with its own and how their data is protected.

How can the insurance industry play a more prominent role in cybersecurity and risk awareness?

“As-a-Service” is a popular term these days and I think that’s a way insurance can go. We should be thinking about the services we can offer clients, rather than only a product. The access to claims and forensics reports, for example, means the insurance industry has a unique picture of trends and issues. I think it’s our responsibility to engage with the infosec community to do our part where possible.

Finally, what keeps you occupied outside work?

Over the past few years, I’ve been slowly renovating my house. It’s been great, as I’ve learned some new skills but it’s meant other things have fallen by the wayside. When I find the time, I enjoy struggling through some golf.