Legacy systems in the insurance sector affect the insider threat, writes Lindsay Lucas, pictured, CEO, at the UK software developer Software Solved.
Over the past ten years we have seen plenty of examples of the type of impact that a security breach or flaw can have on organisations, both big and small. As insurance companies have beefed up the security around their networks and data to keep out the increasingly sophisticated external threat, so the warnings of the ‘insider threat’ have also increased.
Incidents involving Insider Threats have increased by 47% between 2018 and 2020. A 2021 report from Cybersecurity Insiders also suggests that 57% of organisations feel insider incidents have become more frequent over the past 12 months.
Often employees inside of the firewall are the cause of data breaches and security lapses. Whether this is accidental or intentional, companies are now having to quickly come up-to-speed and deal with it. Ensuring employees have a good understanding of systems and processes to manage their devices, USB’s, passwords and applications, helps cut down the threat of accidental lapses at least.
Aside from the user, another key vulnerability that is often ignored by organisations when they look at the ‘insider threat’ is legacy technology.
The insurance sector depends on technology-based relationships and alliances for growth, but more often than not, their legacy systems aren’t designed to integrate with or support a collaboration. In order for insurance companies to keep up with technological progressions as well as the insider threat they should first look to re-architect themselves, with strong security as its backbone.
The insurance sector has always looked to take risks off other companies’ books or to support individuals who suffer losses that would be catastrophic without coverage. As the internal and external threat becomes ever more prevalent following digitalisation, the sector needs to become adept at recognising the risks that stem from legacy systems and react to them accordingly.
High cost of legacy in the insurance sector
The investment made in technology often runs into millions of pounds, making the task of updating or replacing it a difficult or even prohibitive one for most companies. However, the older the technology the less likely it is up to dealing with the sophisticated threats, externally and internally. Much of it will have been more than up to the task at the point of implementation, but as the years have rolled on, so the threats now facing organisations and their networks are unrecognisable. Systems which companies rely on would not have been built for the integrations that are now necessary. Equally, mobile strategies can be a gateway for hackers looking to access data, especially those strategies that cannot integrate with legacy systems.
Another issue associated with legacy systems is the frustration that some departments feel when dealing with legacy systems. This often leads individual departments to download cloud apps, outside of the control of the IT department. This creates huge risks as the app is not integrated, inside the firewall or even on the radar of the IT team.
So, the cost of replacing systems is prohibitive, and yet legacy systems are causing a real headache to IT departments in insurance companies up and down the country. The key is understanding the complexities behind the legacy system. This can help ensure that systems continue to be a useful and secure element of your business. How do you know if your legacy systems are an insider threat?
Legacy systems and the skills gap
As those who implemented what is now considered to be legacy technology, or at least were around when the technology was installed, come to the end of their careers, the skills gap they leave behind is vast. Those left in the IT departments across the public and private sectors, have no knowledge, nor any interest in learning about out-of-date code or technology. This causes real issues from an internal perspective.
You can build the protective walls surrounding your networks as high as you like, but if the supporting technology is seriously out-of-date and not effectively managed, there are going to be easy access points throughout. Organisations across sectors are facing this issue. With rip and replace an expensive and often cost prohibitive method, there is plenty of head scratching going on within IT departments.
Protecting your legacy
There are, however, a number of simple steps that organisations can undertake to help mitigate the risk, stabilise systems, improve performance of existing systems and protect their business from an increasing form of insider threat.
Consider a Data Security Audit to identify where data is located, how it is managed and processed. Understanding legacy systems is crucial, especially with GDPR; getting older systems in-line with regulation is more important than ever.
A System Health Check is another cost-effective way of measuring the level of vulnerability within legacy systems. This type of software consultancy also helps organisations take the appropriate remedial actions to get legacy systems ready for future growth.
Manual processes continue to put businesses at risks. By taking the step to automate them, companies can help to mitigate this. Data visualisation tools like Power BI can consolidate data from all sources to produce dashboards quickly and easily. It is crucial though is that systems need to output that data securely and be ready to connect.
Business Process Mapping (BPM) can also help work out where there are potential problems and inefficiencies within legacy technology. This allows organisations to put into place fixes before there is an impact on the wider business.
The insider threat has been talked about a great deal over the past couple of years, but so often it is focused on the faults or criminal intent of employees. However, whilst legacy technology remains in place, unmanaged, it remains as much of a threat as those who are using it, and a combination of both user error and legacy often leads to insurmountable problems for organisations from both a technological and reputational standpoint.
Inarguably, technology has brought disruption to the insurance industry in several ways and the reforming insurance leaders are beginning to make investments in the latest technologies that will enable them to become more customer-centric and cost-efficient, helping them to thrive.
Third-party providers are crucial for Business Transformation
The first and most obvious effect of business transformation on insurance is the efficiencies it enables. Third-party data and software specialists can work with insurers to optimise operations for speed, ensuring that claims can be processed instantly, and policy writing can be done in less time. Business transformation is also speeding up customer service, where live chat and digital assistants are helping customers in their most important times of need.
Customers today expect service and attention where and when they want it. They also expect it to be suited to their needs, and personalisation is now the status quo across all industries. Business transformation is empowering insurers with the tools they need to give customers excellent service without overextending their resources. Third-party providers and? Can? help the insurance sector to digitally transform by utilising robust data analytics to tailor its efforts to reach target audiences.
Business transformation of the insurance industry is also helping it to become more nimble and scalable at both the front end and back end of operations. While insurance historically could be a bit “clunky,” technology today has made it flexible to current demands. On the customer-facing front, insurers today offer service everywhere and anywhere via self-service dashboards and apps and can collect valuable data from customers via IoT-enabled devices and even wearables. On the back end, this technology is collected and helps brokers and insurers make more accurate decisions on underwriting, policies, new product offerings, and more.
Business transformation is also helping insurers “future-proof,” as these technologies will undoubtedly continue to evolve and create more advanced opportunities for years to come. The foundation that is being laid by AI, machine learning, blockchain data, data analytics, and predictive analytics will help insurers grow and adjust with new insurance technologies and capabilities.
