New Zealand-first Research From Glasstrail Identifies Attack Surface Risks For Kiwi Insurers

A recent study by Kiwi cyber security brand Glasstrail identified the large challenge smaller New Zealand insurance businesses face identifying and protecting their internet-facing assets.

The research scanned the external attack surface of more than fifteen small to mid-size NZ insurers. It showed that each company has a large volume of assets that need to be secured. Together with the increased cyber risk related to protecting personal information, insurers are facing a tough ask to manage all these assets.

The scan revealed that of the organisations studied, on average, each business has more than 120 internet-facing assets to secure. These assets include websites, sub-domains, IP addresses and user credentials. A large estate presents a complex challenge for tracking and remediating risks. The engagement required to keep track of the relatively large number of assets and protect them against constantly evolving threats, can be potentially quite onerous.

The Glasstrail industry scan identified good opportunities for improvement across the sector, including some vulnerabilities considered to be moderate-high risk. Generally, risks found in Glasstrail scans include breached emails, misconfigured email settings, and missing web security policies. To assist Kiwi insurers, Glasstrail has made the full report available to all insurers in the scan for free.

Glasstrail Product Owner, Andrew Taylor comments:

“Our experience indicates that insurance businesses now rely on many internet-facing assets to run essential day-to-day activities. The flipside to this is that any one of these assets provides a potential entry point for a cyber-attack. We know that bad actors are actively looking for any entry point and are using all the publicly available information they can find to do this.

The role of cyber security professionals is to know the assets they’re protecting and to keep their business and customers’ data safe. This effort has rightly been focussed on internal security and firewalls. Now the horizon is shifting to outside the organisation’s walls. Using continuous external scanning and automation is really the only scalable way to stay on top of that.”

About Glasstrail
Glasstrail automates risk and inventory discovery in external attack surfaces. It intelligently scans publicly available sources to identify vulnerabilities that bad actors could use to launch future attacks. With this information, users can remediate the risks and keep on top of their ever-changing attack surface without needing to hire specialists. www.glasstrail.com

Glasstrail is developed and maintained by Kiwi consultancy Theta. For more than 25 years, Theta has worked behind the scenes empowering industries to operate seamlessly and function better. Since 1995, Theta has held onto its vision to evolve and modernise businesses into practising their operations with a far higher level of efficiency. With Theta, businesses are equipped with bespoke, customisable solutions and products, backed and created by a leading team of analytics, digital, cloud and product development specialists. The company has offices across the country and counts Mainfreight, Southern Cross, Genesis, and Craigs Investment Partners among its customers.

© Scoop Media