Insurance | Financial Planning | Retirement | Investments | Wealth

INFORMATION SECURITY

Mike O’Donovan

Chief Executive: SEB Platform Solutions

SANLAM AS A CASE STUDY

Digitisation of engagement models

Automation of processes

Data & analytics

Artificial Intelligence

Evolving to a FinTech organisation:EVOLUTION TOWARDS A DIGITAL WORLD

Evolving to a FinTech organisation:A DATA DRIVEN ENVIRONMENT

Clients demand more information (data):To better service and advise clients, Reports & informationTools & models to test scenario outcomes, Statistics & analytics

Needs to be: accessible, anywhere, anytime, anyhow – typically web-based

Regulators require providers to hold more data:FSCA driving more direct communication with members for retirement funds & TCFPPR requirements – long-term insurance compels member level communicationProviders required to hold more member level details

Regulatory environmentRESPONSIBILITY FOR DATA

Principle 12 of the King IV Report on Corporate Governance: Covers the responsible governance of information and technology within an organisation.

Cybercrime Bill (pending), that builds on Chapter XIII of the Electronic Communications and Transactions Act, 2002: Includes the codification and imposition of penalties on cybercrimes, and demands more vigilance on the part of organisationsin how they protect those whose data they hold from cybercrimes.

Protection of Personal Information Act, 2013 (or POPI): Looks at the safeguarding of personal information held by public and private bodies.

Financial Sector Regulation Act 9 of 2017 (twin peaks): Prudential authority = enforcement of regulations, compliance, risk management (business & information technology),

FSCA = to deter misconduct, protect consumers.

FINANCIAL SECTOR A TARGET

To hold organisations to ransom

Commit fraudulent transactions

Identity theft

On-sell personal data

On-sell of system access

Protest or propagating a cause or idealism

Cyber criminals looking to monetise dataMOTIVES

Cyber criminals looking to monetise dataHOW

Hacking of websites & web-based systemsViruses, ransomware, malwareEmail spamming, web phishing, malvertisingVishing & spear phishingWhatsApp

Cyber criminals looking to monetise dataHOW

Theft of hardware, laptops, flash drives, external hard drivesInterception of data transfersCyber forgeryCryptojacking

ATTACKERS AREWELL ORGANISED

SO…WHAT DO WE DO?

SANLAM’S FOCUS

Governance Frameworks &

Policies

Internal Physical

Environment

Data Management External

Environment

Testing

Sanlam’s focusGOVERNANCE STRUCTURES

Formal Policies & FrameworksInformation governance, information security, end-user computing

Governance Oversight & ReportingRisk forums, internal business reports, external assurance reports, incident reporting,

Risk Assessments:Crown jewels & controls aligned to the centre for internet security’s (CIS) top 20 list of prioritised information security controls

Cyber Security Response CapabilitiesCyber security incident response team (CSIRT)Forensic capabilityData recovery competency

Formalise, test and improve preventative controls in line with Cyber Intelligence (CI) security

Sanlam’s focusINTERNAL ENVIRONMENT

Company Asset ManagementHardware and software assets and ownership

Private DevicesInventory of authorised and un-authorised devices (mobile devices & Wi-Fi)

Device ManagementLocal administration & data protectionEncryption and ports blocking (PC, laptops, external hard drives, flash-drives)

Access ManagementLogical & physical accessControlled use of administrator privilegesPrivileged accounts managementPhysical data center security

Sanlam’s focusDATA PROTECTION

Encryption of Data TransfersEmails FTP Password protected files (spreadsheets !)

Data Discovery and Data Leakage PreventionMonitoring irregular behavior, listening technology, auditsCode changes

Structured Data ManagementAccess to data & databases (processing portfolios, reports etc.)

Unstructured DataOwnership and access management (housekeeping)

Sanlam’s focusEXTERNAL ENVIRONMENT

Boundary Defense:

Identity access management (IAM), firewalls

Limitation and control of network ports

Software Applications:

Application software security (penetration testing at a database level, patches & updates)

Malware defences

Vendor Solutions:

Outsourced hosting arrangements

Third party developed deployments

Sanlam’s focusTESTING OF CYBER CAPABILITIES

Desktop exercises user training & awareness

SimulationsDR & BCP exercisesIncident simulations

Technical testsactual attacks to test detection and response capabilities

What does Sanlam doCYBER TEAMS

Red Team:Hackers that continuously try and break into systemsAssist the blue team in addressing vulnerabilities

Blue Team:Focus on defensePreventative controlsCyber intelligence capabilitiesDetection & listening – early warning system (like a neighborhood watch)Monitor internal security events (preserve the events in a forensically sound way and correlate events to identify threats)Incident responseMonitor internal security events (preserve the events in a forensically sound way and correlate events to identify threats)

Sanlam’s responseSANLAM GROUP CYBER RESILIENCE FRAMEWORK

Cyber Strategy & Budget

Cyber Strategy & Budget Regulatory WatchRegulatory Watch StaffingStaffing Resilience

AssessmentResilience

AssessmentCyber & Security skills assessment & TrainingCyber & Security skills assessment & Training

Assurance ReportingAssurance Reporting

Security Awareness

Security Awareness

Risk Management

Risk Management

Performance ManagementPerformance Management SourcingSourcing

Governance

Early Warning Monitoring

Cyber Intelligence Management

Cyber Intelligence Management

Maintenance, Monitoring & Analysis of Audit Logs

Maintenance, Monitoring & Analysis of Audit Logs

Response

Cyber ForensicsCyber ForensicsCyber Crisis ManagementCyber Crisis Management

Incident Response &Management

Incident Response &Management

Data Recovery Capability

Data Recovery Capability

DestroyDestroyDeceiveDeceiveDegradeDegradeDisruptDisruptDenyDenyDetectDetect

Device InventoryDevice Inventory Vulnerability Assessment & Remediation

Vulnerability Assessment & Remediation

Email & Web Browser Protection

Email & Web Browser Protection

Secure Configuration of Firewalls, Routers & Switches

Secure Configuration of Firewalls, Routers & Switches

Application Software Security

Application Software Security

Software InventorySoftware Inventory Administration Privileges

Administration Privileges

Network Ports, Protocols & Services

Network Ports, Protocols & Services Data ProtectionData Protection

Prevent

Account Monitoring & Control

Account Monitoring & Control Penetration TestingPenetration Testing

Secure Configuration of Mobiles, Desktops & Servers

Secure Configuration of Mobiles, Desktops & Servers

Malware DefenceMalware Defence

Boundary DefenceBoundary Defence

Controlled Access

Controlled Access

Wireless Access Control

Wireless Access Control

Advanced Threat Detection

Advanced Threat Detection

Basis of Information Security Capabilities & Control

Your responsibilitySO, WHAT SHOULD YOU DO ?

Do you know how the data that you are the custodians of is stored, managed and governed?

Is your own environment safe?

How to you handle data between your clients, administrators, funds and service providers?

Have you completed the cyber security checklist as part of you service provider assessment?