Emerging Technologies from Cyber Security Perspective
We talked about cyber security and emerging technologies with Burak Sadıç who is responsible for cyber risk consulting and business continuity management in Marsh Risk Consulting. Sadıç has over twenty years of consulting and management experience.
Çetin: Let’s begin with a personal question, in the face of the risks of the technological products we use in daily life, what are your solutions as a user?
Sadıç: As a cyber risk professional, I am trying to use technology as less as I can 🙂 Taking the joke aside, below are my personal preferences as a user:
– Use a different and a complex password for every application and system.
– Use a secure password management application, to store all the passwords mentioned above.
– Use two factor authentication, whenever it is applicable.
– Limit sharing my actual geographic location, as much as possible.
– Be paranoid about opening attachments or clicking links that is sent to me via e-mail or messaging or through social media. And if I am really curious about these attachments or links then try to open them in a “safe” environment.
Çetin: Well, nowadays which cyber security threats do companies face? When you compare with the past, what are the changes in the risk management solutions that insurance companies offer, especially with the development of artificial intelligence?
Sadıç: If we think of cyber security as a book, we now are at the end of the first chapter or at the beginning of the final chapter. With Internet becoming ubiquitous and with connected devices all around (i.e. Internet of Everything) the cyber security threats for companies or individuals are only limited with our imagination. But in a nutshell, business interruption and data breach are the top most threats that the companies are facing nowadays. It is too early to comment on the potential effects of the developments of AI on cyber insurance, in my opinion.
Çetin: What are the positive and negative reflections of artificial intelligence usage in the insurance sector?
Sadıç: AI will change all industries, and insurance industry is not an exception. Imagine a scenario like below:
When you are involved in a traffic accident, your connected car is informing the police, hospital and the insurance company at the same time. While the police and the healthcare professionals are helping you and other potential victims’, your insurer is also determining the level of damage to your car. Towing contractor is automatically called, if there is a need and also the level of damage and the potential repair costs are already calculated. So, within minutes everything is sorted out with robotic process automation and AI.
Çetin: Artificial intelligence applications developed to detect cyber attacks began to spread. How do you evaluate the future of these applications?
Sadıç: AI is an imperative part of the future in cyber defense. The complexity of the current infrastructures makes it really hard for the human to grasp the situation, even with the aid of state of the art automation technologies. But, there is also the flip side of the coin. The attackers will also use AI in further sophisticating their offense. Hence, in future it will both be a human and AI warfare on the cyber grounds.
Çetin: Turkey facing cyber security threats, for better utilization of artificial intelligence solutions, what kind of steps should be taken?
Sadıç: Turkey is late in the race, but both the private and the public players are making bold steps to keep up to the speed of the cyber arms race. In my opinion, the first step in the more effective usage of AI is understanding what really is AI and acting accordingly.
Çetin: In the legal sense, within the framework of regulations in Turkey, do you think what has been done is enough in the face of developments in the field of cyber security?
Sadıç: KVKK (Turkish Data Protection Law) and specifically the article 12, and most specifically the data breach notification clause is a late but a very important step for cyber security. The new draft from BRSA and various industry regulations and guidelines are also very promising developments. I am not a legal expert, but the current framework seems promising for dealing with the ever changing realities in cyber security arena, as long as the respective authorities keeps developing and enriching the framework with an ever increasing speed.
Respects to dear Burak Sadıç…