Using Data to Quantify Future Cyber Risk- With Eduard Alpin

In this episode of CHATTINN CYBER, Marc Schein interviews Eduard Alpin, the Lead Cyber Actuary for the Specialty Actuarial Products division of Verisk ISO. He leads the development of loss costs and risk segmentation models for ISO’s new and existing cyber insurance programs. He also oversees the Cyber Data Exchange, which aggregates industrywide cyber insurance data and provides summarized results back to participating companies. Born in the Ukraine, he has had an interesting journey, coming to US at an early age,  today he is one of the leading names in Cyber Insurance.

Eduard defines an actuary as someone that quantifies risk. Applying the knowledge of Math and Statistics, He builds the pricing models that help companies determine how much to charge for different policies. He explains how they look at the historical events and trends’ frequency and severity to determine future pricing.

Eduard discusses his thoughts on the next 10 years in cyber risks.  It is a unique process and collecting data is associated with it. It has a broad scope and we need to collect data from hundreds of companies across the world to analyze and figure out the policies. It is sophisticate and complex to manage data and risk but he’s confident that it’ll evolve rapidly in next 10 years.

There were forecasts made In 2019, but no one could have accurately predicted where we would be in 2020. So it is important to update the data frequently. With all the is happening, many people working from home, ransomware is on the rise, cybersecurity risks like security breaches are still happening and data is exposed.​ We need to have better data to quantify risk and minimize the breaches. Next year is looking interesting and we’re excited about the cyber insurance market.

What You Will Learn:

●  What is Actuarial Science & How it works?

●  What is the future of cyber security risks & how we can plan better?

●  How companies quantify the risks & figure our pricing policies?

●  How to deal with cyber security breaches & cyber insurance market?

LinkedIn: https://www.linkedin.com/in/eduard-alpin/

 

How Auto Threats Target Small Car Suppliers to Get to Big Suppliers- with Faye Francy

In this episode of CHATTINN CYBER, Marc Schein interviews Faye Francy, Executive Director of Automotive Information Sharing and Analysis Center (Auto-ISAC). She serves the global automotive industry through the analysis and sharing of trusted, timely cyber threat information about existing or potential cyber-related threats and vulnerabilities for on-road vehicle electronics and associated networks. Faye is actively engaged with private-sector partners and government agencies to facilitate information sharing and strengthen the industry’s capability to detect, prevent, respond, and mitigate disruptions related to the connected vehicle and supporting infrastructure. Their responsibilities include developing and executing a 2020 Vision that outlines strategic and operational priorities for the automotive industry. Auto-ISAC works closely with Chief Information Officers (CIOs), Chief Information Systems Officers (CISOs), Product Development leadership, and other executives across the automotive industry responsible for securing vehicles and connected infrastructure.

Faye started her career as a forensic chemist with the Maryland police where she became very interested in arson and aeronautics, specializing in the aviation industry. Her experience their propelled her into the automotive industry interested in her after she retired in 2016.

The ISAC model was developed in 1998 through a presidential directive for industries managing or operating critical infrastructure. Faye explains that it became a concern for the public sector after it was discovered that over 80% of the private sector operated critical infrastructure. This prompted both sectors to come together and create a sector-specific organization to share information about physical and cyber threats, vulnerabilities, and incidences.  There are 24 ISACs today that serve in that role. Faye explains the purpose of the auto ICAS in sharing tactical threat information, building resilience across the whole industry, and asking everyone including the consumer to take responsibility. One of their first steps was to proactively shape industry-wide best practices into a working level document to help domestically.

Faye explains that when it comes to car supply chain, the threat actors look for small suppliers that don’t have the capabilities of larger supplies and use that to get to the ‘big fish’. “The soft underbellies are important, and so is the supply chain in ensuring all of them have tools, techniques, and understanding of how to address issues.”

She talks about the efficiency and effectiveness of the automobile industry due to technological connectivity, which also brings cyber risks and requires vigilance about cyber hygiene and cybersecurity. She explains that the typical trends in auto cybercrimes have been focusing on the integration of highly automated systems even during COVID. She covers the topic of the top cyber threats during the COVID-19 pandemic.