4iQ powers cyber risk intelligence centres for defence departments, law enforcement agencies, physical security service providers, managed security service providers and critical infrastructure companies. Richard Kirk has been with 4iQ for only two weeks, but has a longstanding association with Instech London. “Has anyone here had their credentials stolen?” Richard asked the audience. Only five people raised their hand.
Statistically, from this audience of 200 people, another 95 have probably had some of their personal details stolen. In the last year 1bn personal records have been stolen through a series of breaches. 4iQ has found a way to collect the data that we are losing - legally Richard assured us - our user ids, passwords, copies of documents, confidential letters from banks. Understanding who is losing key information is potentially very valuable to the insurance industry but such information is not yet commonly used today. Most insurers are focusing on building stronger security, but once a thief has got hold of someone’s id and password the security becomes irrelevant. The theft of personal ids - or “credential stuffing” as it’s known - is growing. For the industry to protect itself it muststart to think like a criminal.